Poorly written code could be the Achilles’ heel for utilities. The second annual report produced by CAST on global trends in the structural quality of business applications software highlights trends in five structural quality characteristics–robustness, security, performance, transferability and changeability–across technology domains and industry segments.
Structural quality refers to the engineering soundness of the architecture and coding of an application rather than to the correctness with which it implements the customer’s functional requirements.
Evaluating an application for structural quality defects is critical because they are difficult to detect through standard testing and are the defects most likely to cause operational problems such as outages, performance degradation, breaches by unauthorized users or data corruption.
This summary report provides an objective, empirical foundation for discussing the structural quality of software applications throughout industry and government. It highlights some key findings from a complete report that will provide deeper analysis of the structural quality characteristics and their trends across industry segments and technologies. The full report also will present the most frequent violations of good architectural and coding practice in each technology domain.
The data in this report are drawn from the Appmarq benchmarking repository maintained by CAST, composed of 745 applications submitted by 160 organizations for the analysis and measurement of their structural quality characteristics, representing 365 million lines of code (MLOC) or 11.3 million Backfired Function Points. These organizations primarily are in the United States, Europe and India. This data set almost triples the size of last year’s sample of 288 applications from 75 organizations comprising 108 MLOC.
The sample is distributed widely across size categories and appears representative of the types of applications in business use.
Almost half of the sample (46 percent) consists of Java-EE applications, while .NET, ABAP, Cobol, and Oracle Forms each constituted between 7 and 11 percent of the sample. Applications with a significant mix of two or more technologies constituted 16 percent of the sample.
There are 10 industry segments represented in the 160 organizations that submitted applications to the Appmarq repository. Some trends that can be observed in these data include the heaviest concentration of ABAP applications in manufacturing and IT consulting, while Cobol applications were concentrated most heavily in financial services and insurance.
Java-EE applications accounted for one-third to one-half of the applications in each industry segment. This sample differs in important characteristics from last year’s sample, including a higher proportion of large applications and a higher proportion of Java-EE. Consequently, it will not be possible to establish year-on-year trends by comparing this year’s findings with those reported last year. As the number and diversity of applications in the Appmarq repository grows and their relative proportions stabilize, CAST anticipates reporting year-on-year trends in future reports.
Among the report’s findings:
1. Cobol applications show higher security scores,
2. Performance scores are lower in Java-EE,
3. Modularity tempers the effect of size on quality,
4. Maintainability is lowest in government applications,
5. There is no structural quality difference as a result of sourcing or shoring,
6. Development methods affect structural quality,
7. Scores decline with more frequent releases,
8. Security scores are lowest in IT consulting,
9. Maintainability declines with the number of users,
10. Average $3.61 of technical debt per LOC,
11. Majority of technical debt impacts cost and adaptability, and
12. Technical debt is highest in Java-EE.