December 08, 2011, 8:19 AM — There is a lot of badly engineered software in the world that's creating a lot of risk to businesses and organizations, according to an analysis of 745 applications.
Poor quality code, whether the result of business decisions to cut corners or weak programming skills, may be responsible for a computer system crash, a security breach, poor performance or data corruption, among other things.
Repairing each line of code has a cost, or technical debt, that accumulates.
An example of technical debt is illustrated by the Year 2000 problem, when many applications were poised to represent the millennial as 00 and interpreting it as 1900. Organizations worldwide spent untold amounts of money remediating two digit dates. Some of the applications were built by developers who knew the problem would arise eventually.
Cast Software, a maker of software quality tools that evaluate the engineering soundness of the architecture and coding of an application, analyzed the 745 applications which combined for some 365 million lines of code. The company Thursday released a report detailing the conclusions of that analysis.
Cast analyzed applications from 160 companies in nearly a dozen industries.
The analysis included searches for as many as 1,800 types of development violations in applications written in Java EE, Cobol, .Net, C, C++ and other programming languages.
Cast counted up the number of violations and then calculated the the average technical debt to repair each line of code at $3.61. That figure is based on what it would it would cost to repair each violation at $75 per hour.
In looking at specific languages, Java EE fared worst at $5.42 per line of code, while Cobol did best at $1.26.
Bill Curtis, chief scientist at Cast, said he believes Cobol did best because the code is older. Programmers "have been beating on it for 30 years" and in that time have fixed some of the most critical violations, he said.
As for Java, Curtis said he can only speculate on the problems, but said that "there are many people going into Java now that really don't have strong computer science backgrounds. We may just be seeing the fact that there is an awful lot of people writing code who aren't gurus in software engineering."