Finance firm applications built on C and C++ more at risk

Study of business applications reveals choice of programming language in the financial services sector is leading to security and continuity risks

A major global study of business applications has revealed that the choice of programming language in the financial services sector is leading to security and continuity risks in applications.

The report from software measurement firm, CAST – known as the CAST Research on Application Software Health (CRASH) – looked at 496 applications and 152 million lines of code at 88 companies.

It claimed that C and C++, which are used widely in the finance sector, are “harder to program, have more scope for mistakes and are of lower quality.”

The research, which covered six industries, said Java frameworks benefit from the security and reliability of applications. The Hibernate Java framework received particular praise.

CRASH is an annual report that uses automated analysis tools to look at millions of lines of code within large software applications belonging to large corporates. 

CAST’s Appmarq database, which is used to complete the study, includes over 544 million lines of source code culled from over 1,134 applications. These are provided by global companies in financial services, insurance, telecom, technology, government, manufacturing, energy, utilities, retail, and wholesale.

In 2011, CRASH revealed that the average big application costs an extra £2.23m as a result of problems with the code that need to be fixed after software goes live.

Jay Sapiddi, vice-president at CAST Research Labs, said CIOs must understand the programming language and tools being used in the IT department because those decisions have a material impact on the business. 

“IT leaders should double check their choice of framework, how they mix languages, and how they enforce architectural integrity," Jay Sapiddi said. "Frameworks boost developer productivity, but they can also heighten risk and reduce quality.”

In terms of frameworks, Java-based Hibernate received the highest quality score, while applications built with the Apache Struts framework had the lowest quality scores.

Those that did not use any framework had a huge variance in quality.

“One common challenge for developers with framework usage is configuring them correctly,” said CAST. 

“Our data shows that a large majority of applications analysed had some level of misconfiguration, indicating the need for better training or to simplify the use of frameworks. The research also found that application quality is affected when organisations mix multiple programming languages in a single system.”

Read more on Business applications