Many businesses place all the burdens of code quality, efficient ALM practices and other very important tasks in the hands of the outsourcer/vendor. This is clearly a trend that we are seeing across many customers and should be approached with caution as it exposes risk that might not be apparent.
Companies that are proactively taking steps to be integration into the ALM (Application Life Cycle Management) process are seeing reduce costs and maximizing the business value of their application portfolios and ROI. A common trend for these customers is the use of a shared TFS environment for offshore outsourcing or distributed development. This model allows all teams to be closely integrated and provides management on both sides with the benefits of TFS. One of the key features of TFS is the ability to customize the process template and reports. The ability to run a “Code Churn or Quality Indicators” reports alone is justification to use such an approach. When you see high “Code Churn”, these components expose more risk for failure! The bottom-line is that by having a tightly integrated TFS environment, you can quickly identify problem areas and who’s taking on more work than they can produce; the list goes on and on.
Studies by the Standish Group found that over 70% of development projects were troubled or failed outright, an alarming statistic. A majority of companies these days outsource some if not 100% of their application development. Its common practice to put SLA’s in-place to reduce risks associated with code quality, security, ALM practices and other tasks. The 70% failure statistic can be greatly reduced by having companies be more proactive and integrated into the ALM process and influence with training and other items.
This of course requires additional investment and for Enterprise applications often leads to the best ROI.
What are you doing to ensure your vendors are following the 16 security practices as outlined by the Microsoft Security Development Lifecycle (SDL)?
What does this have to do with 16 security practices to improve the security of your applications? In the Global Enterprise space, 1 in 3 of the Fortune 100 use RSA Archer eGRC Solutions. The Microsoft Security Development Lifecycle (SDL) is an industry-leading software assurance process and is now integrated into the RSA Archer eGRC Platform as an Authoritative Source. If you take a look at the 16 security practices of the SDL you will quickly see from a security prospective alone why it’s very important to invest in the training practices that your vendors are following and to be tightly integrated with a TFS environment. Don’t expect that your vendors will follow these practices; investing in proactive measures to reduce costs and maximize ROI is a necessity and this means you need to be consider with things like training, ALM practices and code quality practices.