In one of the largest data breaches ever, Heartland Payment Systems fell victim to a malware infection that cost an estimated 100 million dollars. Investigators identified that problems with software allowed the malware to remain unnoticed long enough to do damage. In addition to the loss of money, Heartland’s brand was damaged, and led to Visa removing Heartland from its list of PCI-compliant service providers.
Events like this outline the importance of ensuring high quality software in financial industry – as viruses, malicious code, password cracking, and other threats become more common, organizations must be equipped to find and fix code vulnerabilities as fast as possible. The longer a bug persists undetected, the more damaging it is, and the costlier it is to fix. This issue is compounded because not all bugs can be detected during the testing phase in the software development process. Test cases are limited to their specific environments and vulnerabilities which were not covered in the testing phase may be exploited. Many organizations engage in an ad-hoc development process and simply inspect at the end through tests to remove all defects.
As viruses, malicious code, password cracking, and other threats become more common, organizations must focus on software quality
However, to ensure fully functioning, high-quality code, developers should implement a strong debug process (even before code is tested and reviewed) along with a strong code review process, even before the testing process. As Capers Jones points out, "A synergistic combination of formal inspections, static analysis and formal testing can achieve combined defect removal efficiency levels of 99%." Debugging is typically long and arduous as bugs are highly variable, rise from different use cases and may be difficult to pinpoint in large scale applications with millions of lines of code. Code defects can come in various forms: memory leaks, code coverage gaps, and performance bottlenecks all of which can surreptitiously degrade functionality, and crash applications. Although most of these issues cause software reliability problems an attacker, for example, can intentionally trigger a memory leak and launch a denial of service attack. An attacker may also take advantage of unexpected program behavior resulting from these code bugs for malicious intents.
‘Code profilers’ allow developers to pin point defects quickly, and overcome the traditionally long and arduous debug process
The best approach to make debugging seamless is to have an iterative process using a code profiler, a tool that collects crucial performance and memory/resource allocation information at runtime, synthesize it and displays the results to developers. These outputs can be statistical summaries of the events observed (a profile), a stream of recorded events (a trace), or graphical representation of information. Code profilers allow developers to find bugs without sacrificing speed or time to market. For robust, large-scale projects where code quality is paramount, AQtime Pro is the profiling tool to use. AQtime Pro is a powerful memory, code coverage and performance profiler that can perform static tests, traces, failure emulations, and more, allowing developers to drill down to code defects that may not be exposed during the testing stage. Through intuitive visualizations, it allows developers to pin-point bugs faster, and has strong language support (C/C++, Delphi, .NET, Java, etc.). It also integrates with Visual Studio, and RAD Studio IDEs to integrate seamlessly into a developer’s workflow. AQtime Pro is trusted by over 1000 developers across the world in organizations where code quality is mission critical.
In the financial industry, poor code quality can be the difference between being profitable and going out of business-- don’t ever compromise when it comes to the security, safety and maintainability of your code. AQtime Pro helps developers find tough bugs, and also helps accelerate code delivery. Learn more about how AQtime Pro can help your organization achieve unparalleled levels of code quality. We can cure your mission critical “code aches”.