Critical applications developed by organizations to service their clients frequently face app killers like major outages, malfunctions, and security breaches that disrupt business and damage reputations. As organizations increasingly face the devastating impact of Architecturally Complex Violations, read this ebook to learn how CAST AIP can help to eliminate these issues before they kill your app.
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
From Killer Apps to App Killers CAST
1. The Devastating Impact of Architecturally Complex Defects
KILLER APPS
TO APP
KILLERS
FROM
Art inspired by original artwork “Anatomy of a Murder” by Saul Bass
2. 2
Architecturally
Complex
Violations
constitute 8% of
violations, but
they are:
52%of the repair
effort
8Xmore likely to
escape into
testing
6Xmore likely
to escape
operations
caution caution
Year after year, killer apps developed by organizations that rely upon technology to service
their clients, face app killers like major outages, malfunctions, and security breaches
that disrupt business and damage reputations. Sadly, nearly all of these failures had an
architectural flaw that had gone undetected.
The technical diversity that gives modern business applications their unique power and
flexibility comes at a cost of staggering complexity. Quite simply, the complexity of modern
business applications exceeds the capability of any single individual or team to understand all
of the potential interactions among the component languages and technologies. Organizations
are now faced with the devastating impact of Architecturally Complex Violations.
3. 3
Architecturally
Complex Violation
A structural flaw involving
interactions among multiple
components that may reside in
different application layers
User Interface
Logic
Data
TERMINOLOGYArchitecture of Decay
A map of the defect fix relationships
among Architectural Hotspots
Architectural Hotspot
A component that contributes
to many Architecturally
Complex Violations
4. 4
EFFORT DRIVERS
Why do Architecturally Complex Violations take more effort to fix?
They are multi-component and therefore require a lot more files to fix than a Code-Level
Violation. Reported data indicates that frequently as many as 20 different modifications to files
are required to remediate a single architecturally complex defect.
LinkedIn
experienced
a security
breach
exposing
6.4M
passwords
92%
8%
Architecturally
Complex
Violations
Component-Level
Violations
% of Total Violations
% of Effort to Correct
48%52%
Architecturally
Complex
Violations
Component-Level
Violations
5. 5
COST DRIVERS
Sony suffered a
dozen attacks
at the hands
of the LulzSec
Group, which
exposed
customer
accounts
resulting in
55class action
lawsuits and
cost
$178M
Most Component-
Level Violations
are fixed with a
single change
Why are Architecturally Complex Violations more costly to fix?
These defects are more expensive to fix because they involve interactions between multiple
tiers of the application often written in different languages and hosted on different platforms.
These violations require much more involvement and coordination across teams to ensure that
the fix is resolved system-wide.
Relative number of changes
to correct an Architecturally
Complex Violation
6. 6
PROBLEM DRIVERS
% of violations crossing a phase boundary
Why are Architecturally Complex Violations worse as they cross phases?
Since Complex Violations are more likely to persist into operations, they are more likely to
cause operational problems than the single component violations that tend to get caught
earlier.
Knight
Capital trading
system had
an algorithmic
error which
caused erratic
trading activity
and left the firm
with billions
of dollars in
unwanted
securities and
$400M
loss.
Architecturally
Complex Violations
8X worse
6X worse
Architecturally
Complex Violations
Test Operations
2%13%
83%
10%
7. 7
DECAY DRIVERS
80%
of
Architecturally
Complex
Violations
involve an
Architectural
Hotspot.
Architectural
Hotspots reveal
concentrations
of architectural
decay
Architecture of Decay
A map of the most frequent fix relationships among Architectural Hotspots reveals the
Architecture of Decay but it also presents a roadmap to guide high-value remediation and the
greatest opportunities to restore the structural health of an application.
Big problems are often the result of several interacting weaknesses in the code, none of which
caused the problem by itself. Preventing application-level defects requires analysis of all the
interactions between components of heterogeneous technologies. Reliably detecting software
quality problems requires an analysis of each application component in the context of the
entire application as a whole – an evaluation of application quality rather than code quality.
8. 8
BUSINESS DRIVERS
You will rarely detect Architecturally Complex Violations with unit tests or code analyzers. To
detect these App Killers you need…
CAST Application Intelligence Platform. A dynamic business environment, new technology,
and multiple sourcing options amplify the complexity of business application software. Since
even the most talented developers can no longer know all of the nuances of the different
languages, technologies, and tiers in an application, their capability needs to be augmented
by automated tools to evaluate the entire application. Without such assistance, defects
hidden in the interactions between application tiers will place the business at risk for outages,
degraded service, security breaches, and corrupted data.
CAST AIP is unique in its ability to find structural defects early at build time when the code can
first be analyzed at the level of the entire application. Detection and repair at this point can be
an order of magnitude cheaper than if these structural flaws slip into the final stages of testing
where they are deeply embedded in the application and a larger portion of the code will have
to be torn down and rebuilt.
To find out more about CAST AIP visit www.castsoftware.com/AIP
Application
Quality
analyzes
the software
across all of the
application’s
languages, tiers,
and technologies
to measure how
well all of the
application’s
components
come together to
create operational
performance
and overall
maintainability.
9. 9
SUMMARY
CAST Application Intelligence Platform
CAST Application Intelligence Platform (AIP) is the only enterprise-grade software quality assessment and performance
measurement solution available. CAST AIP inspects source code, identifies and tracks quality issues, and provides
the data to monitor development performance. CAST can read, analyze, and semantically understand most kinds of
source code, including scripting and interface languages, 3GLs, 4GLs, and web and mainframe technologies, across all
layers of an application (UI, logic, and data). By analyzing all tiers of a complex application, CAST measures quality and
adherence to architectural and coding standards, while providing visual specification models.
Sources:
Z. Li, et al. (2011). Characteristics of multiple component defects and architectural hotspots: A large system case study. Empirical Software Engineering, 16 (5), 667-702.
M. Leszak, et al. (2000). A case study of root cause defect analysis. Proceedings of the 22nd
International Conference on Software Engineering. Los Alamitos, CA: IEEE Computer Society, 428-437.
A. Von Mayerhauser, et al. (2000). Deriving fault architectures from defect history. Journal of Software Maintenance: Research and Practice, 12 (5), 287-304.
Enterprise-grade analysis
requires a 3-tiered approach
10. 10
ABOUT CAST
CAST is a pioneer and world leader in Software Analysis and Measurement, with unique technology resulting from
more than $100 million in R&D investment. CAST introduces fact-based transparency into application development
and sourcing to transform it into a management discipline. More than 250 companies across all industry sectors and
geographies rely on CAST to prevent business disruption while reducing hard IT costs. CAST is an integral part of
software delivery and maintenance at the world’s leading IT service providers such as IBM and Capgemini.
Founded in 1990, CAST is listed on NYSE-Euronext (Euronext: CAS) and serves IT intensive enterprises worldwide with a
network of offices in North America, Europe and India. For more information, visit www.castsoftware.com
Call: 877-852-2278
Email: info@castsoftware.com
Visit our Web site: www.castsoftware.com
Follow Us