Professional Documents
Culture Documents
Sriram Srinivasan
VP & Global Client Partner
Application Health
• What is the overall health of my portfolio? How is it trending – over time and by release?
• What is its structural integrity? Is it compliant with enterprise architecture and quality standards?
• How stable will my next release likely be?
• How secure is my application portfolio? Is it vulnerable to hacking?
“Through 2016, despite being a top priority of CIOs, less than 15% of
vendor management programs will leverage data analytics and business
intelligence to identify and manage vendor risk”
- Software Analytics & ADM Vendor Risk Management
90%
SYSTEM LEVEL FLAWS
Shift Left
3x
2x
1x
Source: Economics of Software Quality – Jones & Bonsignour; Software
Defect Analysis: An Empirical Study of Causes and Costs in the IT Industry –
Kristiansen, NTNU; CAST Report on Application Software Health (CRASH
2012) – Curtis, Sappidi & Szynkarski
Robustness, Efficiency, Security, Changeability, Functional and Engineering patterns that Map and visualize
Transferability, Complexity risks and Cloud technical sizing to assess create potential outages, security breaches, and software structure
Readiness quantity of work data corruption and architecture
Software Benchmarks
Accurate, consistent analytics by industry and geo, normalized by functional size, based on
structural data from thousands of software systems
CAST Highlight Health Dashboard Engineering Dashboard CAST Imaging CAST Appmarq
• Portfolio health measures • Software health measures • Software flaw identification • Architecture analysis • Industry, technology & geography
benchmarks
• Potential risk • Trend analysis • Security and risk identification • Blueprinting
• +2500 apps, +3B LOC
• Savings opportunities • Flaws and technical debt • Architecture governance • Impact analysis
• Annual industry reports
• Cloud-ready assessment • Software sizing • Engineering best practices • Application discovery
• Custom benchmarking
• Industry benchmarks • Application security • Remediation planning
• Fast
– A scan for a normal sized application1 takes 5 min
– Up to 50 apps portfolio1 can be analyzed in a week
– Does not require deep technical knowledge
Objective metrics deliver visibility
into portfolio health • Secure
– All source-code is retained in house
– Analysis output is encrypted
• Non-disruptive
– Simply requires 10 – 15 minutes per application
• Flexible
– Common programming languages2 are covered
– CloudReady to assess PaaS posture
1. Normal sized application is an application with around 350k lines of code, a portfolio consists of 100 applications
2. Languages covered are: ABAP, C, C++,C#, Cobol, Java, JavaScript, Ksh, Nsdk Objective C, PHP, PL/SQL, PL1, TSQL, VB, VB6
Source: http://casthighlight.com/
Confidential SOFTWARE INTELLIGENCE FOR DIGITAL LEADERS
Leveraging CAST Highlight improves throughput 100X
Traditional Methods
• Due Diligence or M&A
− Based on SME interviews and
ticket logs: may not provide the
full/ accurate picture • Manual Automated CAST Highlight
− No code reviews − 1 application: 3 – 5 minutes
• Partial Comprehensive
− Typically, 1 application takes ½ − Full set of portfolio metrics
- 1 person-day • Subjective Substantiated
available in 1 – 2 weeks1
• Cloud Readiness Assessment
− Based on SME interviews and
partial, manual code reviews
(usually 20 – 25% of code base)
− Typically, 1 application: 2 – 3
person-days
100 applications
1
5. Specific guidance on what to fix, how to fix and, validation of has it been
fixed
Measurement and discussion Ask vendors to provide specified Treat software enhancements and Measure and demand
in governance committees metrics on their own (e.g., provide maintenance as a service; track minimal set of acceptance
goes a long way to setting CISQ scores/certificate for each levels, penalties, credits but criteria for any new
behavior if given enough release) …… which can be extended through CAST, to cover development or release
attention unreliable and somewhat operational and maintenance metrics
inconsistent
Confidential SOFTWARE INTELLIGENCE FOR DIGITAL LEADERS
15
Supported by standard metrics and reports
1 Scorecards
2. Quantify operations risk, maintainability, performance and trending analyses for proactive
assessment and remediation
3. Quality targets that can be matched up to deliverables, to drive a true lower cost approach
5. Specific guidance on what to fix, how to fix and, validation of has it been fixed
SQL – PSM
DB2 Business
Universal Fortran PL1 Objects
Database
Oracle
Power ABAP
Flex Forms/ RPG Builder Objects
Reports
“To drive behavior and make the right
PeopleSoft Siebel Shell ABAP tradeoffs between speed, business risk and
technical debt.”
- Thaddeus Arroyo, CIO
HTML5 JQuery Angular JS Node.js JavaScript
UI Layer
Logic
Data Layer
Riskiest transaction streams with high number of Robustness, Performance or Security violations
UI Layer
Logic
Data Layer
Violations with the largest impact on the rest of the portfolio, on Maintainability, Robustness, Performance or Security
How can I demonstrate innovation? 14% - 32% Reduced system technical debt
CAST
CASTQuality
Quality Defect
DefectDensity
Density Mean
MeanTime
Timeto
to Repair
Repair
Technical
TechnicalCode
CodeQuality
Quality Quality
Quality Quality
Quality
Average
AverageTQI
TQI
Pre
PreProduction
ProductionDefect
February
DefectDensity
February2010
Density
2010––June
June2012
2012
Pre
PreProduction
ProductionMean
MeanTime
February
Timeto
February2010
toRepair
Repair
2010––June
June2012
2012
• Benchmark development team
February
February2010
2010––June
June2012
2012
Best
Bestin
Class
in
2011.02
2011.02 2011.06
2011.06 2011.02
2011.02 2011.06
2011.06 productivity, quality and hit rates
3.31
3.31 Class 0.86
0.86 30.18
30.18
3.01
3.01 3.02
3.02 2.96
2.77 2.96 Good 0.70
Good
• Measure against other towers, and trending
2.77 2.66 0.70
2.66
Average
Average
16.75
16.75 14.32 14.30
over time
12.09 14.32
11.80 14.30
0.23 12.09 11.80
0.23 0.18 0.17
0.17
0.18
0.06 0.07 4.29
0.06 0.07 ---- 2.85 4.29
2.85
Grp
Grp11 Grp
Grp22 Grp
Grp33 Grp
Grp44 Grp
Grp55 Grp
Grp66
Release
ReleaseHit
HitRate
Rate Productivity
Productivity Productivity
Productivity
TThroughput
hroughput Cost
CostEffectiveness
Effectiveness Cost
CostEffectiveness
Effectiveness
February
Release
ReleaseData
February2010
Data
2010––June
June2012
2012
Cost
Costper
perFunction
FunctionPoint
Point||Enhancement
February
Enhancement
February2010
2010––June
June2012
2012
Cost
Costper
perFunction
FunctionPoint
Point||Maintained
February
February2010
Maintained
2010––June
June2012
2012
• Maintenance cost down by 5 –12%
Feb
Feb11 June
June11 Q1
11 11 2011.02 2011.06 Q12011
2011 Q2
Q22011
2011
87%
87% 2011.02 2011.06
76% $2,603
$2,603 $58
$58 $55
75% 76% $1,989 $1,901 $2,193 $55
74% 75% $1,989 $1,901 $2,193
74%
$957 $1238
$957 $1238
$9
$9 $8
$8 $6 $6
• MTTR down by >25%
$6 $6
Grp
Grp11 Grp
Grp22 Grp
Grp33
Grp
Grp11 Grp
Grp22 Grp
Grp33 Grp
Grp44 Grp
Grp11 Grp
Grp22 Grp
Grp33 Grp
Grp44
High degree of correlation between CAST TQI (Total Quality Index) and fix/ maintenance effort
Increase of CAST Maintainability Index (*) by 0.24 = decrease in maintenance activity by 50% thus
improving margin ratio for relevant Maintenance contracts.
(*) Aggregate of Transferability Index and Changeability Index
Context/ Objective
• Sony Pictures Entertainment, Inc. (SPE) is the television and film production/distribution unit of
Japanese multinational technology and media conglomerate Sony.
• Performance and Stability Issues observed on business critical app used across 23 territories. The
app was constantly being enhanced since going live in 2003 and had become very complex with
1.5+ million lines of code.
Solution 2 to 2.99
3 to 3.99
Orange
Yellow
High risk
Moderate risk
The Analysis was guided by frequent slow response issues on online booking screen in the J2EE 4 Green Low risk
WebLogic solution
• Code-violations along entire Transaction flow (JSP-Controller-Business Object-Hibernate Call-
Stored Proc) were detected using CAST.
• 972 violations across 15+ modules were identified to be fixed in a phased manner.
Benefits
• CAST Analysis saved tens of hours of manual investigation effort.
• Systematic Code Remediation resulted in appreciable reduction in slow response issues.
Cost reduction program focused on Run costs, including break fix, tickets, patches and
runtime operation
The teams using CAST for a year improved their cost profile by an additional 10%
Source: Capers Jones. Data collected from 1984 through 2014 Source: Major Telecommunication Operator, from 2009 to 2014. 900 developers working on 4 mission critical
About 675 companies and 13,500 total projects; from 24 countries. systems under active development & maintenance
150X
Relative Cost of Fixing
Defects
50X
20X
5X 10X
1X
Req. Design Code Dev. Accept. Prod.
Testing Testing
13%
• CAST AIP implemented
as part of the SDLC Reduced Maintenance Budget by
54%
• Application audits performed Total Incidents Down by
at each major release 70%
• 10 million customers and processes • Provide reports to help development teams remediate problems
faster
• 8 million claims a year
• Four strategic ADM partners • Reduce system outages, break / fix cost and production incidents due
to change requests
• Total of 5,000 FTEs in ADM
• CAST AIP implemented as part of an Application Quality Management
• Establish a measurement-driven culture for full collaborative initiative - deployed across 20 teams and over 2,000 applications
transparency
70% drop in
production
defects
11,000
385,000 575 165
Reduced Violations
“The reduction of CAST violations and the drop
Over in production incidents is no coincidence. Our own analysis shows that there is strong correlation
12 Months
that as you reduce violation density you experience less production outages.” - Vice President.
20%
Faster
Support Support
Tickets Tickets
30%
Management Dashboard √ √ √
Ticket Reduction √ √ √
Benchmarking √ √
Speed to Response √ √ √
Fannie Mae How Software Analytics Enhances DevOps Tools and Processes: https://www.youtube.com/
watch?v=bTpUHJ9F2vshttps://www.youtube.com/watch?v=oBHi-Dbry3g
Highlight Overview: https://www.youtube.com/watch?v=h_na7OoMOUc
IT Rationalization: https://www.youtube.com/watch?v=8MU6AnCZx4s&feature=youtu.be
Digital Transformation: https://www.youtube.com/watch?v=4-eGoM91v9o&feature=youtu.be
IT Due Diligence: https://www.youtube.com/watch?v=vvNXdyWuq5U&feature=youtu.be