Betfair Fortifies Its Source Code
Published: Tuesday, September 04, 2007 Online-Casinos.com
BETFAIR FORTIFIES ITS SOURCE CODE
Betting group to use key tool in software development
Online betting group Betfair.com has inked an agreement with Palo Alto, California-based Fortify Software for the use of its Source Code Analysis (SCA) product.
The product is described as a key tool in the software development process, and will enable Betfair to develop applications more quickly by automating the time-consuming manual processes that are associated with finding and fixing software bugs.
Betfair's online betting sites operate 24 hours a day, 365 days a year, processing up to a thousand bets per second. The company focuses on the lengths it goes to keep its software code operating flawlessly, and has deployed Fortify SCA to help locate and fix certain types of software bugs before formal testing starts, making the whole development lifecycle more efficient.
"Because we operate around the clock and our transactions are time-sensitive, software reliability is crucial to the success of our business. Finding an automated tool to help us maintain our high standards of source code quality was very valuable," said Matt Young, Engineering Partner Development Director at Betfair.
"In particular, we wanted to minimise the additional work for our developers of reviewing an ever-growing code base. We spent three months evaluating a range of products and suppliers, from open source to commercial, and found significant variations in approach and capabilities.
"Fortify impressed us both as a company and with its SCA product," continued Young. "From the outset, they listened carefully to our requirements and shifted focus to address our specific needs - resulting in a partnership approach that has continued through into after-sales service."
The move to adopt Fortify SCA came when Betfair recognised that detecting and fixing certain kinds of bugs was overly reliant on manual processes. It had started to become a significant overhead cost as a result of Betfair's growing code base and its increasing number of developers working on the code.
By comparing source code against a frequently updated database of known bug types, Fortify SCA enables many potential problems to be ironed out early in the development cycle. Possible coding errors highlighted by the tool are presented to developers with detailed information about why they have been flagged. This enables project teams to confirm, classify and prioritise issues at an early stage, before getting to the application testing phase of development.
Using the product, Betfair can also identify some classes of regression bug with much less effort than was previously possible. When a bug is found, it is sometimes possible to create a customised rule that will quickly scan the entire code base for similar errors. This acts as a filter to prevent the same error being reintroduced at a later stage - avoiding making the same mistake twice.
"In particular we wanted a tool that could be targeted on a wide range of application reliability bugs, not just those traditionally classed as 'security-related,'" continued Young. "The ability to create custom 'rules' was also crucial - with Fortify we can create 'source code regression tests' based on real bugs we have encountered in our code in the past. It's something that both junior and senior developers can quickly get to grips with. And, although cost is always an issue, when we looked at the alternative of hiring additional developers to do painstaking first-pass code reviews by hand-buying, Fortify was better value. It will enable us to improve accuracy through automation and, as a result, free up staff to focus more on their core job functions."
"Software flaws that compromise enterprise application availability are a growing problem for companies worldwide, especially when customers expect and require 24/7 access to accounts and services. Fortify includes these in its broad view of 'software security' and provides tools that help automate the elimination of both application reliability weaknesses and security vulnerabilities," said Barmak Meftah, Fortify's Vice President of Products and Services.
Following the success of the Fortify SCA deployment, Betfair is now considering other ways in which automated tools can improve the effectiveness and accuracy of its software testing process. Specifically, the company is currently looking at other Fortify products that could enable its security team to increase the efficiency of penetration testing.
