Continuous software maintenance thanks to traffic light principle Keep applications in the green zone
Aging software can be a problem for businesses, but not for every application. The risks of legacy software can be assessed quite well with a traffic light principle, as the IT service provider Avision shows.
Companies on the topic
With a classification according to the traffic light principle, it is easier to prevent software problems in the long term.
If an outdated software does not noticeably affect business operations,it will quickly be forgotten. Exactly such applications can become a gateway for attackers, because they really need to be updated, adapted or exchanged urgently, warns Avision.
But how do you even keep track of the abundance of software and applications used in companies? Avision recommends a traffic light system that provides clues as to where vulnerabilities or other problems may lurk.
The green category includes all applications that are regularly updated and for the maintenance of which internal know-how is available. According to Avision, the goal should be to maintain this green status permanently: “For this, companies need employees who take responsibility for the code and take care of its continuous improvement.“
The code must take into account current security requirements as well as have as few technical debts as possible, be it insufficient code documentation or not adhered to coding standards. “In addition, it is advisable to archive the build environments in addition to the source code in order to be able to easily adapt older applications if necessary,” advises the IT service provider.
Warning phase Yellow
If a software has not been updated for more than two years, this is a clear warning signal, according to Avision: “After this period, support cycles for external software components often run out and the security risk increases.”Often, such applications no longer met the requirements, so employees used workarounds and completely ignored some functions. Here, companies could fine-tune the code to minimize security risks and simplify the maintenance of the applications.
Another warning signal, according to Avision, is a declining code quality. “This makes it difficult for developers to familiarize themselves and drives up costs with each new release.”If only two or fewer employees are familiar with the application, this is doubly risky:” On the one hand, the resources for regular maintenance are very scarce, and on the other hand, the application can only be maintained with very high effort if these employees leave the company.“
Sometimes individual events required rapid intervention, such as newly discovered security vulnerabilities or short-term requirements such as the temporary VAT cut in 2020. “More often, however, it happens that support for applications or individual software components has expired and there are no updates and security patches for them,” writes Avision. Sometimes, however, company-specific adjustments also prevented the import of available updates.
As soon as such problems become apparent, we must act quickly and apply all available resources to the problem. “Cost considerations must not be in the foreground in this situation,” warns Avision. “Companies need to analyze the problem and clarify whether they can eliminate it internally or with the support of service providers.”The solution should be designed as long-term as possible.
After all, the software traffic light is also on red for applications whose maintenance causes high costs and where the resources do not flow into the professional development, but only serve to keep the application ready for use. After solving the problem, companies should start planning for an improvement to green directly, as this climb is less stressful and less expensive than accomplishing it.
Nadine Riederer, CEO at Avision, emphasizes once again. “The continuous assessment of the phase of life in which applications are located and the classification according to a traffic light principle make it easier for companies to identify concrete needs for action and to use their resources in a targeted manner.“