Next event:

The QA Financial Forum, Frankfurt 2018

13 June, 2018
News and research on financial software quality assurance and risk management

Vendor risk management provider of the year — CAST

14 July 2017
A database of code quality

New York-based, but founded by Frenchman Vincent Delaroche and quoted on the Euronext Exchange in Paris, CAST has established itself as the leader in the field of benchmarking the quality of software code.

Around 10% of financial firms are using some sort of standard for benchmarking the quality of their code, reckons Lev Lesokhin, marketing director at CAST. That proportion is only going to rise, as software customers reach for objective tools that help them benchmark the quality of work provided by outsourced vendors.

To benchmark code, CAST uses a database that is based on system-level analysis of apps conducted by its clients in different industry verticals and different geographies, using CAST software. The software breaks down source code into a blueprint that enables customers to analyse flaws and benchmark the quality of the software development work that they they -- or their outsourced supplier -- have produced

CAST’s benchmarks for measuring the structural quality of the software are based on the extent to which it violates good architectural and coding practices in five areas: robustness, security, performance efficiency, changeability (the difficulty of modifying applications) and transferability (the difficulty of understanding the app, and transferring work).

“What’s our edge?” says CAST’s Lesokhin. “In any space, including the financial space, if there is a database for the code involved we can analyse the structure of that database and how transactions flow to and from the interfaces of the database”.

The key metric is a “health-check” score out of 4.0 points, with scores of less than 3.0 considered bad. Typically, that 3.0 base score is what CAST’s client use to reference the quality of work conducted by external software vendors.

CAST has a large client base among the IT system integrators: the largest, diversified, vendor firms. Cognizant, Infosys, Accenture, Capgemini, Atos, Sopra Steria and Wipro all have enterprise licences and use CAST to organise their own development schedules; for example to rotate staff and other resources according to where flaws are being identified.

Increasingly, those system integrators are embedding CAST in their test automation processes. A key trend -- perhaps the key trend -- in the global market for outsourced software quality assurance services is the demand from customers that automation should lower development costs as well improve the speed of delivery and the quality of delivered software.

And increasingly large financial firms are insisting that quality benchmarks are embedded in their vendor SLAs. Equally, the software and system integrators can demonstrate the improvement in app quality that they can deliver, and to be able to price more aggressively in the knowledge that they can benchmark the improvement in app quality that they believe they can deliver.

Cardif, the insurance branch of the BNP Paribas group, manages the risk of around half of its 300 apps using CAST Application Intelligence Platform. Source code for the apps is analysed with CAST AIP to check the associated risks before user testing. Quite simply, if the app becomes more risky and does not score highly enough on the software risk scale for CAST’s five health factors, the code is returned to the supplier for improvement. That in turn enables Cardif to negotiate fixed price contracts based without any doubt on the quality of the outcomes. While Cardif has been used to road test CAST for the BNP Paribas group, other divisions, including BNP Paribas Personal Finance business and BNP Paribas Fortis, have taken up CAST more recently.

Aside from straightforwardly benchmarking the quality of code in development, there are other benefits to using CAST, customers told QA Financial. The coding of an app can be checked for its complexity -- is the supplier using overly complex code? CAST benchmarks can also be used to check security levels, and also to quantify technical debt in the development process, by setting values against the violations of code quality found.

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form