[slideshow] When it comes to managing software many IT organizations are between the proverbial rock and a hard place. The business is more dependent on software than ever before and yet most of that software has never been more fragile.
The reason for that fragility is most applications these days are made of independent modules that not only can be running in completely different data centers, but were also developed by some third party with little to no involvement with the IT organization tasked with running them.
As a result, there are frequently large numbers of defects in software that have to be fixed at great cost before they have an adverse impact on the business. In fact, a survey of 336 influencers of software development projects conducted by Forrester Consulting on behalf of Coverity, a provider of application testing tools, finds that 40 percent of them have had issues with third-party code and, most surprisingly, only 35 percent manually review that code. And yet, the survey also finds that 74 percent said developers are being held more responsible for the quality of their applications.
The trouble is that in this age of borderless applications there is an assumption that someone else checked the quality of third-party software that developers have routinely begun to embed in their applications.
Dave Peterson, chief marketing officer for Coverity, says this lack of governance over software development is a crisis waiting to happen. Right now, companies chalk these defects up to so-called 'technical debt' that result in expensive updates to applications that are already in production. But given the pervasiveness of software in business, it's only a matter of time before something truly catastrophic occurs.
Unfortunately, if history is any guide, it's not until that crisis occurs that companies get serious about mitigating the risks that led to the crisis occurring. And even then, it's not until some government or standards organization creates a specific regulation to address that issue that anything gets done proactively about it.
There are, of course, project deadlines to be met. But right now a fair amount of the software that companies rely on is simply unsafe at any speed.