Original URL: http://www.theregister.co.uk/2013/01/31/opensource_frameworks_bugs/
Java open-source frameworks 'pose risk' to biz - report
Hibernate and don't mingle your Java and C/C++, warns software analyst
Posted in Management, 31st January 2013 10:19 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Open-source programming frameworks revolutionised Java development during the last decade, but not enough people know how to use them properly.
That’s according to the CRASH Special Report by CAST [1] that sampled 496 applications with 152 million lines of code and found most apps had been misconfigured. This increased the degree of risk from a security perspective and lowered the quality threshold, by letting more bugs sneak in.
CAST, who makes software analysis tools, said the most popular open-source frameworks in use with Java are Struts, Java Enterprise Edition, Hibernate and Spring. CAST reckoned Hibernate has the highest quality scores and Struts the lowest scores.
Applications built without a framework of any kind had a “huge variance in quality,” CAST said in its report.
However, CAST noted apps built using just Java EE, without a framework and without any mingling of difference languages, also scored highly on quality.
Mixing Java with C or C++ lowered the score but mixing Java with COBOL, Java-DB and Microsoft’s .NET delivered “higher quality scores.”
The common link is the framework, and knowing how to use it properly.
CAST reckoned its report showed that a large majority of applications analysed had some level of misconfiguration, indicating the need for better training or to simplify the use of frameworks.
“IT leaders should double-check their choice of framework, how they mix languages, and how they enforce architectural integrity. Frameworks boost developer productivity, but they can also heighten risk and reduce quality,” CAST said. ®