Unwinding Technical Debt

What is technical debt

The implied cost of future rework when a solution prioritizes expedience over long-term design

Manifestations

Resiliency, efficiency, security issues in own code
IP, safety, obsolesce issues in OSS components
Sub-optimal use of cloud
Design architecture deviations
Poor technical documentation
Takes forever to change applications

Good debt vs bad debt

Good

Incurred to foster innovation without significantly affecting the business

Bad

Impedes business performance,
agility, safety, and resiliency

The key is finding the few pieces of code that have the most significant negative impact on the business

Mapping the software landscape

Shortlisting applications

Map applications by tech-debt density against business criticality
Focus on critical applications with high tech-debt density
Consider critical, large applications with low tech-debt density
In this real-life example the scope is reduced from 50 MLOC to 12 MLOC

Bird’s-eye view of a portfolio of 300 custom applications, generated by CAST Highlight

Rapid portfolio analysis

Scans source code repositories
Analyzes all applications for
- - Technical debt density
- - Cloud maturity
- - OSS risks: IP, safety, obsolesce
Uploads encrypted intelligence to cloud. Code stays on premises
Maps empirical findings against subjective data, e.g., criticality
Recommends best path forward

Learn more

CAST Highlight

Picking the targets inside the selected applications

‘8% of total defects, result in 90% of the significant reliability, security, efficiency issues in production.’

Dr. Richard Soley, MIT Fellow

‘Engineering rules for finding the most critical flaws [the 8%] by assessing software structures in context’

ISO 5055 explained

Traditional (syntax) analyzers miss the context

Bad can be good

Performing a table scan instead of using an index affects performance. But it makes little difference for a reference table with a few entries.

Good can be bad

A real-life scenario where the code unit is beyond reproach, yet system performance suffers.

Indirect remote database call inside a loop

Semantic analysis is required

Pinpointing the 8%

Involves 10,000x of code units and their numerous interactions
Requires examining the meaning of every unit in the context of all interactions across all tech layers
Fastest way is to use semantic analysis technologies, such as CAST or Coverity for C++ code

Internal map of a mid-size application with 300,000 LoC and 41,000 code units. CAST Iamging

Internal map of a mid-size application with 300,000 LoC and 41,000 code units. CAST Imaging

Deep application insights

Ingests data scripts, source code, configuration and property files
Analyses code units’ semantics within the whole system context
Generates maps detailing:
- - Internal architecture
- - Major structural flaws +
- - ISO 5055 adherence ++
- - Architectural rule deviations ++
Acts as a living knowledge base of the application inner workings
Provides recommendations and natural language explanations

+ Major Structural Flaws map extension for CAST Imaging

++ Structural Quality Gate extension for CAST Imaging

CAST Imaging