Federal Testing Reveals CONNECT 3.3 Dramatically Improves Code Quality

CONNECT 3.3 was the first major release of the CONNECT software in more than 18 months.  In creating the release, the CONNECT product team worked diligently to deliver a highly-scalable, quality product that could also serve as a viable option for large and small organizations wanting to set up standards-based health information exchange.

To accomplish this goal, the team implemented quality controls at every step during the development process, and used independent verification and validation once the code was complete to identify and fix potential issues before code release.

One of the federal partners that has been engaged in the CONNECT project since its inception in 2007 recently performed a quality scan of CONNECT 3.3 to determine its interest in deploying the software. Using the FindBugs tool to scan the software, the partner noted a continual decrease in bugs between previous versions and 3.3 - noticing a rather dramatic drop with CONNECT 3.3.

FindBugs* found the following bugs in each version:

• CONNECT 2.4.7: 727 critical violations
• (code vulnerability and security violation information not available)
• CONNECT 3.1: 624 critical violations
• (code vulnerability and security violation information not available)
• CONNECT 3.2.1: 562 critical violations, including 45 malicious code vulnerabilities
• and 88 security violations
• CONNECT 3.3: 13 critical violations with NO malicious code vulnerabilities
• or security violations!

On July 31, CONNECT 3.3.1 was released as an enhancement to CONNECT 3.3! More information about this release can be found on the CONNECT website.

The CONNECT product team is always looking for input from the community for bug reports and fixes, general improvements and feature requests as they continue to strive for the highest quality releases and enhancements to the CONNECT code.  If you have any suggestions or feedback, please contact the CONNECT team at: [email protected]. 

*NOTE: Each version of CONNECT undergoes release, performance and security testing prior to release. The violations identified through the FindBugs tool do not imply inadequacy in CONNECT security or functionality or the presence of bugs – instead they imply that the code can be improved in order to prevent bugs.