Published in News

UK finance industry blighted by poor code

by on10 March 2017


Developers just not interested

Code penned for the finance industry, particularly in the UK is pants according to a new study.

The study by software firm CAST said there was a noted difference between the quality of code written for financial institutions and telecoms and retail.

The study looked at more than one billion lines of code across 1,850 applications in eight countries, mainly in financial services, insurance, telecommunications, and manufacturing.

It found that 40 per cent of the applications, were below the standard for security. The threshold rates applications' ability to withstand unauthorised entry, deceptive interactions, theft of data, or breach of confidentiality.

The French wrote the best code and the UK wrote the worst.

CAST executive strategy and analytics VP Lev Lesokhin said: "There is a lot of risk lurking in the code, it is heavily protected by walls around it. But there is still this soft middle that can breached in a lot of cases."

CAST found that applications in the UK financial services sector had huge amounts of legacy code,. It found another major banking outage like the RBS disaster in 2012 is likely to happen again in the UK, given the amount of legacy code in the sector.

Lesokhin said there was a tension between developers who have their hands in the source code, and the operations team that run the systems.

"We saw one example of a telecommunications company in the UK that had to keep rebooting the server for one of its consumer-facing systems daily because there was not enough memory on it.

The CAST Research on Application Software Health (CRASH) study involved the analysis of 1.03 billion lines of code across 1,850 enterprise applications run by 329 organisations such as banks, insurers, government departments in eight different countries. The health factors measured in the report look at five traits: robustness, security, performance efficiency, changeability and transferability.

The best scores came from teams that developed software using a hybrid method that combines practices from both Agile and Waterfall methods. The lowest scores were obtained by those reporting use of "no method".

Cast said that by combining up front analysis and design of application architectures with rapid feedback on defects during short, iterative coding sprints, hybrid methods produce higher structural quality than Agile or Waterfall methods alone.

Last modified on 10 March 2017
Rate this item
(0 votes)

Read more about: