A new study by software analysis and measurement vendor CAST shows that developers making customisations are making a significant number of coding errors that put both the structural quality of SAP applications at risk.
The latest CRASH report (CAST Research on Application Software Health) examined the structure quality of almost 50 million lines of customised applications written in ABAP. It covered 78 SAP applications and data from 29 major organisations across eight different industry sectors, including manufacturing, government and retail.
The study measures code on a scale of one to four, based on five areas: security, reliability, efficiency, changeability, and transferability. With the exception of security, at least one-quarter of all measurements fell below 3.0, CAST’s recommended minimal threshold for software safety.
The implications of this significant number of flaws exposing company systems to operational problems such as outages, performance degradation, unauthorised access or data corruption.
The study also found that:
- Basic software engineering errors account for more than half of all violations, suggesting that junior or inexperienced programmers are completing the work;
- SAP customisations have more complexity issues than equivalent applications written in Java or C; and
- Overall, developers complied with ABAP coding rules only one-third of the time.
Dr Bill Curtis, chief scientist, CAST, said the agility of any business is directly tied to the quality of their code.
“Structural quality is often sacrificed for speed to deployment. Yet structural weaknesses are root cases of security breaches, outages, and other business risks. Businesses can improve their competitive agility and reduce costs by managing the quality of their SAP customisations,” Curtis said.
Thomas Justin, chairman of the New Jersey chapter of SAP user group ASUG, said, “CAST’s report correctly emphasises that the value of SAP implementations can easily be limited by customised applications that are poorly written by well-meaning developers. Precise analysis and measurement of these applications is critical to achieving maximum value from customising SAP.”
A copy of the CAST CRASH report for SAP can be downloaded at http://goo.gl/lgamMs.
