Skip nav


CAST Software logo

Latest Global CRASH Report from CAST Exposes Risks in Applications:
Many Institutions Operate Business Critical Systems Filled with Dangerous Flaws

March 23, 2016, London – CAST, the global leader in software risk prevention and analysis, today revealed the findings of its latest CRASH* report, the world’s largest real-life study of software quality in enterprise applications. The report exposes that the overall quality of banks’ mission critical functions are POOR, potentially explaining the frequent outages suffered by UK banks.

This financial sector specific CRASH report is comprehensive, analysing 241 MLOC (241 million lines of code), across the 430 enterprise applications in the anonymous CRASH database. The report is based on the code submissions of 53 financial sector organisations, from 13 different countries, spanning Consumer Finance and Investment Banks.

The research uses five structural quality characteristics, or ‘health factors’; Robustness, Security, Efficiency, Transferability, and Changeability, and rates each with a maximum score out of four, benchmarking the structural quality of UK Financial Services applications.

Key findings from the 2016 CRASH report include:

• Brits like to break the rules – Ignoring security best practices endangers IT security. UK falls short compared to Europe and U.S., with one in four (25%) of the worst overall offenders based in Britain.
• ‘Monolingual’ Brits may be using wrong tools for the job – British banking apps are written in three, old school languages, mainly Java-EE and Oracle Server, compared to seventeen in Europe and eight in the U.S., who use a wider range of technologies.
• Verbose Brits do not get to the point – UK coders need more code than their European and US equivalents for financial apps. The average lines of code (LOC) for both US and Europe is under 440 thousand LOC, compared to 1.07 KLOC for the UK.

Lev Lesokhin, Executive Vice President of Strategy and Analytics at CAST commented, “This CRASH report has highlighted the apparent need for the UK Financial Sector to modernise and improve its application software performance. With UK banks falling worryingly short in robustness and security capabilities, a considerable concern for the sector in the modern age, application developers need to up their game to rival European and US organisations. Doing so will ensure high quality of the software produced in the UK, which in turn will reduce the amount of damaging outages the banks suffer and help deliver a greater service to their business critical customers.”

*CAST Research on Application Software Health

Health factors are defined as qualities of engineering soundness of IT software in terms of its architecture and code. The report defines quality as how well code is written and records and measures violations based on standard industry practices. These flaws are the defects most likely to cause operational problems such as outages, performance degradation, unauthorized access, or data corruption.

About CAST
CAST is the world leader in software analysis and measurement, with unique technology resulting from $130 million in R&D investment. CAST introduces fact-based transparency into application development and sourcing to transform it into a management discipline. More than 250 companies across all industry sectors and geographies rely on CAST to prevent business disruption while reducing hard IT costs and software risk. CAST is an integral part of software delivery and maintenance at the world's leading IT service providers. Founded in 1990, CAST is listed on Euronext (CAS) and serves IT intensive enterprises worldwide with offices in North America, Europe and India.

For more information about CAST: