Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

New Study Reveals Too Many Global Organisations Are Gambling Their Business Future on Poor Code

Published by Gbaf News

Posted on March 13, 2017

7 min read

Last updated: January 21, 2026

Add as preferred source on Google

A serene view of Belize's lush landscapes symbolizing international banking security - Global Banking & Finance Review — An inviting image showcasing Belize's stunning scenery, representing the country's appeal as a secure haven for global investors in international banking. This visual emphasizes the stability and privacy offered by Belize's banking sector.

Global CRASH Report from CAST uncovers applications in Financial Services can be exploited to steal confidential information

CAST, a leader in software analysis and measurement, announced findings from its latest CRASH Report, the largest objective study of software ‘health factors’ such as Reliability and Security. Health factors indicate the volume and severity of structural software flaws in business applications.

The report, which analysed 1.03 billion lines of code across 1,850 applications submitted by over 329 organisations in 8 different countries, exposes the overall quality of too many mission critical functions across the globe is POOR. Security scores varied widely with some of the highest and worst scores observed for any Health Factor. The lowest security scores of some applications indicate there is a significant amount of unsecured code out there.

This represents a big gamble for organisations whose business operations rest on poor code. Financial Services were specifically found to be particularly susceptible to security risk. Retail and Telco scored marginally better than Financial Services. For an industry carrying large amounts of sensitive data, Financial Services organisations are at risk of severe regulatory fines.

“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers. This is especially concerning in Financial Services applications,” said Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs. “Despite the push to ‘go digital’ our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”

Key findings of the study include:

Security is lagging behind

Security scores varied widely with some of the worst falling into this category. Geographically, the UK scores the lowest out of all regions. France scores best.
The Financial Services industry scored worst with, compared to the highest, Government.

Smaller is better

The findings reveal a team size ‘sweet spot’. Teams of under 10 people perform best across most areas of structural quality.
Teams of over 20 consistently perform the worst across all Health factors.

Maturity must be improved to avoid gambling

Organisations at the least mature development processes (Level 1) as measurement by the Capability Maturity Model Integration (CMMI) have the worst scores in all areas of structural quality. Such organisations too often have overworked developers on unrealistic schedules. They make myriad mistakes without having adequate time to detect and correct them. Organisations at Level 2 that have implemented basic project controls or at Level 3 that have standardised their processes produce far better software.

A hybrid method is the way to go

Findings revealed the highest scores developed software using a Hybrid method that combines practices from both Agile and Waterfall methods. The lowest scores were obtained by those reporting use of ‘no method’. Both Agile and Waterfall were consistently achieved lower scores than Hybrid methods. This confirms the same finding in the last CRASH Report two years ago.
By combining up front analysis and design of application architectures with rapid feedback on defects during short, iterative coding sprints, hybrid methods produce higher structural quality than Agile or Waterfall methods alone.

A copy of the CRASH Executive summary and the full report can be downloaded here.

Methodology

CAST Research on Application Software Health (CRASH) is a biennial report on global trends in the structural quality of business applications. It reports scores on Health factors which represent attributes of the engineering soundness of the architecture and code of software systems. The technology that generated the data in CRASH Reports measures the number and severity of violations of good architectural and coding practice. These are the defects most likely to cause operational problems such as outages, performance degradation, unauthorised access, or data corruption. The health factors measured in the report look at five traits: Robustness, Security, Performance Efficiency, Changeability and Transferability. Scores are computed on a scale of 1 (high risk) to 4 (low risk).

Global CRASH Report from CAST uncovers applications in Financial Services can be exploited to steal confidential information

CAST, a leader in software analysis and measurement, announced findings from its latest CRASH Report, the largest objective study of software ‘health factors’ such as Reliability and Security. Health factors indicate the volume and severity of structural software flaws in business applications.

The report, which analysed 1.03 billion lines of code across 1,850 applications submitted by over 329 organisations in 8 different countries, exposes the overall quality of too many mission critical functions across the globe is POOR. Security scores varied widely with some of the highest and worst scores observed for any Health Factor. The lowest security scores of some applications indicate there is a significant amount of unsecured code out there.

This represents a big gamble for organisations whose business operations rest on poor code. Financial Services were specifically found to be particularly susceptible to security risk. Retail and Telco scored marginally better than Financial Services. For an industry carrying large amounts of sensitive data, Financial Services organisations are at risk of severe regulatory fines.

“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers. This is especially concerning in Financial Services applications,” said Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs. “Despite the push to ‘go digital’ our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”

Key findings of the study include:

Security is lagging behind

Security scores varied widely with some of the worst falling into this category. Geographically, the UK scores the lowest out of all regions. France scores best.
The Financial Services industry scored worst with, compared to the highest, Government.

Smaller is better

The findings reveal a team size ‘sweet spot’. Teams of under 10 people perform best across most areas of structural quality.
Teams of over 20 consistently perform the worst across all Health factors.

Maturity must be improved to avoid gambling

Organisations at the least mature development processes (Level 1) as measurement by the Capability Maturity Model Integration (CMMI) have the worst scores in all areas of structural quality. Such organisations too often have overworked developers on unrealistic schedules. They make myriad mistakes without having adequate time to detect and correct them. Organisations at Level 2 that have implemented basic project controls or at Level 3 that have standardised their processes produce far better software.

A hybrid method is the way to go

Findings revealed the highest scores developed software using a Hybrid method that combines practices from both Agile and Waterfall methods. The lowest scores were obtained by those reporting use of ‘no method’. Both Agile and Waterfall were consistently achieved lower scores than Hybrid methods. This confirms the same finding in the last CRASH Report two years ago.
By combining up front analysis and design of application architectures with rapid feedback on defects during short, iterative coding sprints, hybrid methods produce higher structural quality than Agile or Waterfall methods alone.

A copy of the CRASH Executive summary and the full report can be downloaded here.

Methodology

CAST Research on Application Software Health (CRASH) is a biennial report on global trends in the structural quality of business applications. It reports scores on Health factors which represent attributes of the engineering soundness of the architecture and code of software systems. The technology that generated the data in CRASH Reports measures the number and severity of violations of good architectural and coding practice. These are the defects most likely to cause operational problems such as outages, performance degradation, unauthorised access, or data corruption. The health factors measured in the report look at five traits: Robustness, Security, Performance Efficiency, Changeability and Transferability. Scores are computed on a scale of 1 (high risk) to 4 (low risk).