Firms struggle to manage third-party software integration, says Forrester

Report shows third-party software posing problems, leading to delays, recalls, security flaws or increased code development

More than 40 per cent of firms using software from third parties said that poor integrity of the code had contributed to delays or recalls, security flaws or increased code development time, leading to an impact on their revenues.

This is according to a study carried out by analyst firm Forrester on behalf of software integrity specialists Coverity. The study also advises best practice when managing software quality and security.

The 18-page report into software integrity risk surveyed 336 software development firms in North America and Europe, checking current best practice and trends used in managing the quality and security of software code.

The study, which surveyed 336 software development firms, found that 94 per cent used third-party software vendors, 92 per cent used an outsourced development team, and 92 per cent used open source providers.

Analysts concur that such widespread use of third-party software is a new thing. Coverity EMEA director John Arnold said: "There are major changes afoot in the software development market, owing to software becoming more of a competitive advantage in products."

However, he points out that problems arise from software being developed in a more decentralised way, using third-party and outsourced teams, as well as open source software providers.

In addition, the report argues that internal software development teams treat third-party code differently from that developed internally, and that problems might occur where the teams are responsible for such software, even though they're not developing it.

The study also showed that only 44 per cent of firms conduct automated code testing on third-party code, compared with 69 per cent using automation for internally developed software.

Being able to set specific policies on how firms manage not just their own internally developed software but also third-party software gives senior executives a much better view into the risks involved with software project completion.

"Developers are 100 per cent accountable for their software, yet cannot control the software supplied by third parties. We're seeing strong demand from customers seeking control and governance over the entire software supply chain," said Arnold.

Asked whether managing code changes further down in the software development cycle costs significantly more, Arnold agreed. "The closer you get to field release, the more costly any software changes become."