Governing Third-party Application Development

It’s not uncommon for IT organizations to deal with two trends that wind up pulling the company in opposite directions. On the one hand, we have a general shift towards application development and testing in the cloud as IT organizations look to reduce the amount of IT infrastructure they need to support on premise. But at the same time, there is more pressure than ever from a compliance perspective to govern how these applications are developed, which in turn leads many IT organizations to conclude they are better off continuing to develop applications internally.

To help IT organizations navigate this issue, Coverity this week released Coverity Integrity Control, which is a virtual appliance that can be deployed in an external data center to make sure that software being developed by a third party meets the quality and compliance policies established by the customer.

According to Ezi Boteach, Coverity vice president of products, the issue that IT organizations are struggling with is that they are more dependent on outside development organizations and resources than ever. But the more they rely on those organizations, the less control they have. That only leads to shipping a lot of code back and forth between organizations to fix quality control issues. And with each successive code review, the development project falls even further behind schedule.

Boteach says that he fully expects that in the not-too-distant future there will be more regulations that will require code governance in order to document that some level of control was in place in case a particular piece of faulty software should harm someone or disrupt a particular business process.

The good news, says Boteach, is that it’s now going to be a whole lot easier to attach a set of polices to any given project that will follow that project no matter where the code actually winds up being developed. And that ultimately should lead to better quality code that benefits developer and customer alike.