Jump to content
  • Revista PROGRAMAR: Já está disponível a edição #60 da revista programar. Faz já o download aqui!

Sign in to follow this  

Bad code plagues business applications, especially Java ones

Recommended Posts


A new study examining 365 million lines of code in 745 applications identifies bad coding practices that affect security, performance and uptime, with Java Enterprise Edition applications having the greatest number of problems. Cast Software, which makes tools that automate the analysis of business applications, examined programs written in Java-EE, .NET, ABAP, C, C++, Cobol, Oracle Forms, and Visual Basic, used across a wide range of industries from energy and financial services to IT consulting, insurance, government, retail, telecom, and more.

Java-EE applications were the most prevalent in the Cast Report on Application Software Health, taking up 46 percent of all applications, and also had the most problems on average, while Cobol and SAP's ABAP had the fewest. Cast analyzed factors such as the stability of an application and likelihood of introducing defects when modifying it; efficiency of software performance; ability to prevent security breaches; transferability, the ease with which a new team can understand an application and become productive working on it; and the ability to quickly and easily modify an application.

These factors were rolled up into a score called "technical debt," the theoretical cost of repairing each line of code (at a rate of $75 per hour) that doesn't follow good practices, as Computerworld notes. Java EE's technical debt was pegged at $5.42 per line of code while Cobol impressed with a score of $1.26. Oracle Forms and .NET were second- and third-worst behind Java, with the industry average settling at $3.61. ABAP did the best with a score near zero.

Java was not the worst in terms of security, as .NET posted the worst security score and Cobol the best. But Java was the worst in performance, contributing to its overall poor score. "Modern development languages such as Java-EE are generally more flexible and allow developers to create dynamic constructs that can be riskier in operation," Cast wrote in its report. "This flexibility is an advantage that has encouraged their adoption, but can also be a drawback that results in less predictable system behavior."

Cast was not surprised by Cobol's strong results, particularly in security. "Applications with higher security scores continue to be predominantly large Cobol applications in the financial services and insurance sectors where high security for confidential financial information is mandated," the company stated. "These scores should not be surprising since Cobol applications run in mainframe environments where they are not as exposed to the security challenges of the Internet. In addition, these are typically the oldest applications in our sample and have likely undergone more extensive remediation for security vulnerabilities over time." C++ and Visual Basic were the second- and third-best in security behind Cobol.

Across most types of applications, scores declined the more often software was released. "Scores for robustness, security, and changeability declined as the number of releases grew, with the trend most pronounced for security," Cast said.

Cast's data contradicted the common belief that software quality degrades as applications grow larger. With the exception of Cobol, which was designed before the current focus on modularity in software design, applications in the study generally did not get worse as they got bigger, Cast said. You can read a long executive summary on Cast's website, but any way it's sliced the vendor says bad code is a big problem, with one-third of software violations affecting security, performance or uptime.

"While two-thirds of the violations found were destined to have a dramatic effect on IT costs and a company's bottom line, the other one-third is even more critical as it has a direct negative impact on business performance," Cast chief scientist Bill Curtis said in a statement accompanying the report.

Fonte: http://arstechnica.com/business/news/2011/12/bad-code-plagues-it-applications-especially-java-ones.ars

Share this post

Link to post
Share on other sites

O artigo é bastante interessante, mas o resultado não me parece muito surpreendente. As linguagens que estão no topo da lista são linguagens que facilitam muito a utilização de más praticas. Pelo facto de serem tão mais fáceis de programar e aprender facilitam a que sejam "formados" programadores com muito poucas bases, que depois acabam por cometer graves erros.

“There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”

-- Tony Hoare

Share this post

Link to post
Share on other sites

Estatísticas são sempre relativas, e normalmente a qualquer coisa que não é mencionada no estudo.

Estas então, têm de ser colocadas a par com a pergunta "Quais são a linguagens mais usadas na industria?" para serem relevantes.

Aqui há coisa de 2 anos fazia umas malhas de croché, depois fartei-me e fui para informática!

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.