Security vulnerabilities and the boom in Agile development adoption topped the SearchSoftwareQuality.com news charts in 2008. Here’s a rundown of the five most-read news articles and their significance.
Three of the top five articles focus on Agile development. In the #1 story, Predicting software quality trends for 2008, software quality experts predicted that Agile adoption will increase. Two other articles in the top five were about Agile. In fact about one-third of the top 20 news stories were about Agile.
Agile development: Not just for ‘agilists’ anymore (#4) discussed Agile’s move outside of its early adopter niche and the impact of its wider usage. Next came Software development groups take many routes to Agile (#5) which revealed results of SearchSoftwareQuality.com’s 2008 Agile Trends Survey. Most Agile technique users, according to that survey, use Scrum (41%). Next in popularity was Extreme Programming (XP) at 15%. Others use hybrid Agile methodologies, while about three percent use Crystal and Dynamic Systems Development Method (DSMD) each.
The SSQ 2008 Agile Trends Survey showed that 45% of software pros follow Agile methodologies, while 44% use waterfall. Other development methodologies cited were test-driven development (19%) and RUP (15%).
Security flaws in leading open source software platforms drew a lot of attention, and articles on security issues in the Spring Framework and open source Java projects ranked in second and third place, respectively.
While open source development projects typically fix flaws quickly, as happened in these cases, the emergence of serious vulnerabilities may have taken some IT pros by surprise. People expect problems with Microsoft products, but not with open source products, said Kevin Beaver, CISSP and Principle Logic LLC consultant, commenting on the fact that these two stories got so many clicks.
“We’re seeing more and more that open source has its own security woes,” Beaver said.
Don’t blame the open source community and its developers, Beaver advised.
“The fact is that as long as human beings are developing applications on the complex and extensible OS (operating system) architectures we have, there will be security problems.”
Most importantly, he said, the emergence of vulnerabilities should not scare anyone away from using open source software like open source Java or the Spring Application Framework.
It is important to point out that just because a static analysis tool vendor finds flaws in open source code, that doesn’t mean the vulnerabilities can/will ever be exploited.
Keep using open source software, Beaver concluded, and “take this marketing tactic with a grain of salt.”
Now that you’ve checked out these stories, please let me know your choices for the top software quality news stories of 2008. You can write to me at firstname.lastname@example.org.