2011 App Failures - Year in Review CAST
4 likes1,630 views
The document discusses the numerous IT failures and breaches experienced by various organizations in 2011, highlighting the common theme of undetected structural flaws in applications. It emphasizes the need for improved structural quality analysis in software development to prevent such outages and vulnerabilities. The document also outlines the insights and solutions provided by CAST to enhance application quality and mitigate risks in future projects.
2011 App Failures - Year in Review CAST
- 2. Application Failures In a year when we saw one major outage, malfunction and security breach after another befall organizations that rely upon technology, we should heed a lesson. The sad part is nearly all, if not all of these outages, malfunctions and breaches had in common a structural flaw somewhere down in the bowels of the application that had gone undetected. CAST Confidential 2 Achieve Insight. Deliver Excellence.
- 3. April Patch Tuesday: released a record-tying 17 bulletins patching a record 64 vulnerabilities including kernel patches November Patch Tuesday: avoided patching a zero-day vulnerability used in the Duqu malware attacks that allowed hackers to run arbitrary code in kernel mode http://blog.castsoftware.com/it%E2%80%99s-tuesday-do-you-know-where-your-patches-are/ http://blog.castsoftware.com/microsoft-ducks-duqu/
- 4. Apple has a bug in its new iOS 5 operating system that causes serious battery drain issues with the new iPhone 4S handset http://blog.castsoftware.com/marketing-over-matter/
- 5. Dropbox encounters a bug during a code update that disables customer passwords for several hours http://blog.castsoftware.com/dropbox-drops-the-ball/
- 6. JP Morgan, Chase & Capital One reveal that email management vendor Epsilon detected an "unauthorized entry" into its system, exposing customer names and e-mail addresses
- 7. Hackers backed by a foreign government steal 24K sensitive files by exploiting software vulnerabilities at a Dept of Defense contractor Defense Secretary Leon Panetta http://blog.castsoftware.com/the-enemy-within/
- 8. Sony suffers more than a dozen attacks at the hands of the LulzSec Group, which exposes customer accounts via SQL Injection attacks Sony president Howard Stringer Attacks result in 55 class action law suits and cost Sony $178M http://blog.castsoftware.com/sony-oops-i-did-it-again/
- 9. London Stock Exchange halts trading on its main market due to a technical fault in its barely 2-week- old MilleniumIT trading system http://blog.castsoftware.com/london-bourse-is-falling-down-%E2%80%93-time-to-analyze-its-structure/
- 10. A malware attack exposes names, account numbers and email addresses of around 200,000 Citigroup customers http://blog.castsoftware.com/hackers-are-getting-smarter/
- 11. A spate of computer outages in the airline industry was blamed on bad hardware, corrupted software & failure of backup systems to kick in http://blog.castsoftware.com/stranded-by-software/
- 12. A technical fault causes levels to be incorrectly displayed for nearly an hour following the start of trading on Euronext Borsa Italiana suspends trading for almost six hours blaming technical issues Australian Stock Exchange has trading halted due to an ICT systems error traced back to a software problem http://blog.castsoftware.com/stock-exchange-failures-what-next/
- 13. A computer service vendor of Boston’s Beth Israel Hospital failed to restore proper security settings on a computer following maintenance, leading it to be infected with a virus that transmitted data files to an unknown location http://blog.castsoftware.com/hacking-up-a-hospital/
- 14. discovers data leak vulnerability resulting from pre-existing security hole from old Froyo operating system More than 50 malicious applications infect Android Google pulls Gmail app devices through from iPhone App stores DroidDream malware due to a bug that causes a “notification error” http://blog.castsoftware.com/serving-up-some-humble-pie-with-google%E2%80%99s-%E2%80%98ice- cream%E2%80%99/
- 15. RSA allowed their own information to be stolen when a phishing email with a zero-day exploit installed a backdoor through an Adobe Flash vulnerability http://blog.castsoftware.com/to-be-forewarned-is-to-be-forearmed/
- 16. RIM experiences worldwide outage of the BlackBerry system when a software upgrade on its database resulted in corruption problems and attempts to switch back to older version led to collapse of system http://blog.castsoftware.com/falling-off-the-rim/
- 17. Researchers demonstrate hackers have capabilities to send radio signals that exploit vulnerabilities in embedded software and could reprogram or shut down devices such as pacemakers or insulin pumps http://blog.castsoftware.com/hacking-the-heart-of-the-matter/
- 18. Dept of Energy contractor Pacific Northwest National Laboratory shuts down most of its internal network services when a sustained cyber attack exploits undisclosed bug in the server http://blog.castsoftware.com/seeking-independence-from-being-hacked/
- 19. Bank of America customers are unable to log in to their online bank accounts due to problems following routine software upgrades. Later in year their website goes off-line due to a “Denial of Service” attack http://blog.castsoftware.com/stock-exchange-failures-what-next/
- 20. A computer virus infects software that manages Predator and Raptor drones http://blog.castsoftware.com/what-we-dont-know-is-hurting-us/
- 21. UK’s East Coast Main Line left more than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon due to software malfunction that knocked out signaling system and its backup http://blog.castsoftware.com/when-good-software-goes-bad/
- 22. 39 recalls of medical devices resulting from software defects and malfunctions http://blog.castsoftware.com/software-quality-is-a-matter-of-life-death/
- 23. PREVENT #ITFAIL WITH APPLICATION STRUCTURAL QUALITY
- 24. Application Structural Quality Whatever the reason these structural quality errors happened, they shouldn’t have. Hopefully in 2012, companies will look back on all the problems in 2011 and realize that they need to increase the structural analysis of their application software to ensure they won’t be the next victim. CAST Confidential 24 Achieve Insight. Deliver Excellence.
- 25. CAST Structural Quality Metrics Most enterprises measure everything but the product delivered to the business CAST Application Intelligence Platform (AIP) measures the product itself Process Product Robustness Performance Time & Quality Security CAST AIP Planning Duration &Size Changeability Estimation Transferability Scheduling Size Time Tracking Cost Tracking Requirements Function & Effort & Budget Scope Earned Value User Acceptance Usability CAST Confidential 25 Achieve Insight. Deliver Excellence.
- 26. CAST Inserts Actionable Visibility CAST Application Intelligence Center CxO & VP, … Dashboard, reports CAST Application Intelligence PlatformTM AI Management Studio Knowledge Base Approx one thousand rules and best practices PM, QA, Architects… Decade of software engineering Std enforcement expertise Early ID of violations CAST Application Analysis Engine Drill down to root cause CAST Native CAST UA 3rd party Analyzers (28) scripts analyzers Delivered Source Code: Dev Teams, Suppliers CICS, IMS, COBOL, DB2 z/OS, PL/I Arch. visibility / Quick wins J2EE, .NET and all Major RDBMS Software engineering expertise Web Apps, BI, EAI, C/C++, VB, PB Continuous training/coaching Siebel, SAP, PSFT, OBS, Amdocs CAST Confidential 26 Achieve Insight. Deliver Excellence.
- 27. Tangible and Measured Value Mitigate business risks with improved structural quality Better applications for higher business resiliency and continuity Risk-proofed projects more likely to deliver business benefits on time Make IT and suppliers more productive Eliminate waste in ADM Prevent coding errors in development: 10x savings in rework per coding error Keep technical debt from growing: up to 10% saving in maintenance cost Benchmark then optimize resources: maintenance savings potential Better reuse of frameworks and components: up to 10% of dev budget Reduce waste in operations Improve efficiency of large complex transactions & batch processes: up to 5% mips Reduce troubleshooting and rollover costs: lower Ops staff overtime Apply consistent measurement & KPIs for superior visibility Up to 10% of ADM budget, esp. ADM outsourcing “Applying the principles of lean manufacturing to ADM can increase productivity by 20 to 40 percent while improving the quality and speed of execution.” - Ranjit Tinaikar, Principal, Head of NA IT Management Practice CAST Confidential 27 Achieve Insight. Deliver Excellence.
- 28. Market Leader and Pioneer 250 Global Leaders Rely on CAST SIsUse/Resell CAST SIs Resell CAST Industry Groups Engage CAST Key Influencers Endorse CAST CAST Confidential 28 Achieve Insight. Deliver Excellence.
- 29. Learn more about CAST www.castsoftware.com blog.castsoftware.com www.facebook.com/castonquality www.slideshare.net/castsoftware Twitter: @OnQuality