Code Modernization: Focus on ADA
Ada was designed and released from 1977 to 1983 as a high-level object-oriented language for use in real time and embedded systems. It is used extensively in systems such as air traffic management systems, banking and financial systems, communication and navigational satellites, medical equipment, and in military applications. Currently, although the Ada language has been updated, it is not as common as it once was. The ratio of Java programmers to Ada programmers is now about 20 to 1.
When that stalwart of facile enterprise development, Visual Basic 6, was retired by Microsoft, it left companies with a variety of problems. While many were able to immediately upgrade to Visual Basic .NET, Java, C++ and other platforms, cases remain in which VB6 was so embedded in the software infrastructure that it could not be easily changed or extricated. TSRI has been working on code transformation of numerous languages for many years, and now includes VB6 transformation.
During the past two months Federal government modernization has gained steam--first with the Administration’s modernization plan, released for comment at the end of August, followed by final movement on the critical Modernizing Government Technology (MGT) Act which gained Senate approval on September 18.
Cybersecurity in the government has certainly come into focus recently as we have witnessed sensitive document troves exposed on WikiLeaks along access to government information from transaction systems. Perhaps the most serious of the latter was the 2015 incident in which the Federal Human Resources database was hacked for more than 22 million records containing sensitive personal information such as Social Security numbers. In this incident the source of the problem was 30-year-old mainframe software written in COBOL that was too technically obsolete to encrypt personal information. This raised the discussion of legacy system security to a new level.
Code modernization has become increasingly important as we move toward integrated cloud-based and virtualized software environments. Modernization of code permits legacy applications to continue functioning efficiently and securely without a complete rewrite. This makes it possible to meet the demands of today's infrastructure requirements without high cost or compromises in security or functionality. Companies need to expand services, access improved processes and use resources more efficiently. This demands architectural changes. Bringing these trends together, containerization under Docker has created a new model for application deployment that provides numerous advantages to program operation and interoperability, but requires special accommodation.
When it becomes apparent that legacy code must be replaced, modernization is often the best possible strategy. With code modernization it is possible to refine the original code and bring it up to modern practices, as well as integrating it with existing software. One of the problems with modernization, however, is that critical applications tend to have thousands of lines of code and a manual rewrite is often impossible. To re-create the software requires a project of similar magnitude to the original development; to leave most of the code intact as a “black box” and build around it results in numerous security issues and inefficiencies, as well as inability to leverage emerging technologies.
If you've ever seen the MUMPS language (used by many healthcare applications in the federal government), it's not the easiest language to understand. One of my colleagues describes it as looking like "a cat walked across the keyboard". Modules are represented by numbers, so "laboratory" might be 332 and "x-ray" might be 497. That's only the beginning.
Modernization of code demands a high degree of precision. It is absolutely critical that the reengineered software performs in the same manner as the original. This requires two things: a rigorous approach to code refactoring based upon tried principles which retain the underlying logic; and a well-planned and consistent program of testing to ensure that logic is preserved and improvements do not in any way alter the function of the code. Testing is vital. Companies need to be certain that their modernized critical software will perform according to exact the same rules as the original.
Enormous amounts of COBOL code have been created and relied upon for decades. It really is the bedrock of early computing. But now, ancient COBOL systems are challenged because the original assumptions under which the code was written are no longer valid. COBOL was designed as a robust business language to handle batch oriented database operations in an ACID environment. Today, these vital systems, including financial, security, transportation, and healthcare solutions continue to run. But access is changed, processing requirements have changed, and the availability of coders to understand, maintain, and augment the systems diminishes year-by-year.
The recent successful and attempted attacks on critical government legacy information systems at the Office of Personal Management and the IRS have provided a stark reminder of just how vulnerable these older systems are. Commercial systems are not immune to criminal and foreign agencies either, and in fact, may have more to lose in the near term in lost revenue, IP theft, negative branding, and the scandals lingering often for years. Sony, Anthem, Banner Health, Home Depot and many others can testify to this fact.