Tracie Berardi, Program Director, CISQ
2020 has been a challenging year. With the Covid-19 pandemic upending businesses and ways of life, society relied on technology to work from home, attend school, shop for groceries, and connect with family and friends we could not see in person. “Zoom” is now a noun and a verb.
A survey from McKinsey and Company found that response to the COVID-19 pandemic sped the adoption of digital technologies by several years. Companies accelerated the digitization of their customer and supply chain interactions and of their internal operations by three to four years. The share of digital or digitally enabled products in their portfolios accelerated by seven years. The pandemic compressed the timetable for digital transformation initiatives.
“We’ve seen two years’ worth of digital transformation in two months,” said Microsoft CEO Satya Nadella during Microsoft’s quarterly earnings report to Wall Street in April.
“I’ve been on more sales calls with more CEOs in the last two months than at any time in my career, and there’s universal agreement among them: Digital transformation, while this isn’t a one app [solution], it’s a must-have. Organizations and governments around the world have a digital transformation imperative like never before, and many of them are accelerating their plans for a digital-first work-from-anywhere environment,” said Marc Benioff, founder, chair and CEO of Salesforce, during the company’s first-quarter fiscal 2021 call with financial analysts in May.
From a technology perspective, we know that software quality drops down the list of priorities during times of pressure. For development teams, this can lead to unreliable software, security vulnerabilities, and technical debt. For businesses investing in digital futures, this can lead to unintended risks.
The SolarWinds hack, the largest breach of U.S. government computers, refocused us on the critical importance of trustworthy software. Malicious code was pushed to upwards of 18,000 customers via a software update to Orion, a popular software platform made by the company SolarWinds, which monitors the computer networks of many U.S. government agencies and Fortune 500 companies. The breach would allow hackers to monitor emails and steal information. The breach was disclosed by SolarWinds on December 13th, just five days after cybersecurity incident response firm FireEye announced it had suffered an intrusion resulting in the theft of 300 proprietary software tools used for cybersecurity.
If we are to learn from the vulnerabilities of 2020 to strengthen technology in 2021, we recommend a greater focus on software quality, security, and technical debt during digital transformation. Software development teams increasingly use automated tools to improve code quality and security. Automation is more inexpensive, timely, and effective than manual inspection, especially for system level flaws. We advise teams to use software measurement standards from CISQ to assess the operational and cost risk of applications before moving them into production or shipping them to customers. The standards can be applied using static analysis tools integrated into a DevOps pipeline. Acquisition managers can use the CISQ measures to establish quality expectations in contracts with software providers.
The need for data to make business decisions has grown, and data privacy and protection are key concerns for consumers and government regulators. It is critical that software is not vulnerable to data breaches, data modification, or data leaks. In 2020, CISQ developed an Automated Source Code Data Protection Measure that will become a new standard in early 2021. This latest standard from CISQ can help organizations assess their compliance with GDPR, HIPAA, and other data protection regulations.
CISQ wishes everyone a Happy New Year. We invite you to join CISQ if you would like to learn more about software quality or measurement standards. Look for our new report coming out on January 6th, The Cost of Poor Software Quality on the US: A 2020 Report.