Original Post Date: Thursday, December 15, 2011

This week CAST released their second annual CRASH (CAST Report on Application Software Health) Report.   The summary findings can be found here . You will also find a link to the Executive Summary.   The report highlights trends based on a static analysis of the code from 745 applications from 160 organizations.  The analysis is based on five structural Quality characteristics: security, performance, robustness, transferability and changeability.  Some of the more interesting findings include:

* COBOL applications have higher security scores that other languages studied (meaning they have better security)  I personally found this finding surprising though it seems that the types of applications in their data set that use COBOL are mostly associated with banking and financial services so I suppose it has been fine tuned specifically for security concerns throughout its life

* Modularity minimized the effect of size on quality.  So while it has historically been true that larger software programs were likely to have higher defect densities – increases over time in the practice of high modularization have served to mute or mitigate this trend.

* The use of the waterfall development methodology produces code with better scores than agile for transferability and changeability – meaning these apps are likely to be easier to read, understand, maintain and address technical debt.

* Business applications have an average of $3.61 worth of technical debt for per line of code. – and this is, admittedly a very conservative estimate if you review the methodology used to calculate it

And these are only a few of the findings.  The report provides findings around technology, development process, modularity, software size, type of industry, release frequency and number of users.  You should check the link above to read the entire eye opening report or check out this webinar that summarizes it.