Software

Buggy code, fragile legacy systems, ill-conceived projects cost US businesses $2 trillion in 2020

Software quality crisis made worse by developer shortage, report claims


Shoddy software cost the US an estimated $2.08tr in 2020, according to the Consortium for Information & Software Quality (CISQ). That's down slightly from a revised 2018 total of $2.1tr but still isn't anything to brag about.

In its 2020 report, The Cost of Poor Software Quality in the US, the Massachusetts-based standards group co-founded by the non-profit Object Management Group and Carnegie Mellon University's Software Engineering Institute (SEI), identifies three major cost sinkholes.

Unsuccessful IT initiatives and software projects are estimated to have cost $260bn in 2020, up from $177.5bn in 2018. Poor quality in legacy systems is said to have eaten up $520bn, down from $635bn in 2018. And operational software failures – bugs – took a toll of $1.56tr last year, significantly more than the $1.275tr flushed away in 2018.

"The losses due to operational failure in the US alone are staggering," said Dr. Bill Curtis, executive director of CISQ, in a statement. "It just takes one major outage or security breach to eliminate the value gained by speed to market. Disciplined software engineering matters when the potential losses are at this scale."

The consequences of poor quality software are evident in various examples cited in the report, such as the two serious software bugs that prevented Boeing's Starliner from docking with the International Space Station in December, 2019, and put the spacecraft at risk.

Boffins debunk study claiming certain languages (cough, C, PHP, JS...) lead to more buggy code than others

READ MORE

The incident resulted in Boeing taking a $410m charge in Q4 2019, which looks rather insignificant compared to the $2.5bn the company will pay to avoid fraud prosecution related to the deadly crashes of two Boeing 737 Max aircraft, also linked to bad software.

Why is the situation so grim? The report argues there's an IT talent shortage, a claim others have made as well.

"There are simply not enough good software developers around to create all the new and modified software that users need," the CISQ report says.

"Given the indirect as well as the direct contribution of software to the economic base of most industrialized countries, and considering the ways in which software can amplify the powers of the individual/teams/organizations, we cannot allow this situation to continue."

The report claims that just two percent of the worldwide population can code and that the need for developers is expected to grow by 24 per cent over the next seven years. And it notes that the US Bureau of Labor Statistics says US software developer jobs will increase at a rate of 22 per cent over the next decade.

To reduce the number of operational failures – the largest problem segment by far – the report calls for better software defect detection and remediation of identified vulnerabilities. It asks individual developers to take responsibility for prioritizing software quality and it urges organizations to promote a culture that supports software excellence.

"Producing quality products and systems makes good business sense, but what that means must be well-known in your organization," the report concludes. ®

Send us news
118 Comments

Microsoft Copilot for Security prepares for April liftoff

Automated AI helper intended to make security more manageable

The DMA hasn't changed Big Tech's anticompetitive DNA, says Free Software Foundation Europe

Advocacy group wants more changes, starting with Device Neutrality

In the rush to build AI apps, please, please don't leave security behind

Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

AI models show racial bias based on written dialect, researchers find

Those using African American vernacular more likely to be sentenced to death, if LLMs were asked to decide

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up

March Patch Tuesday sees Hyper-V join the guest-host escape club

Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet

White House and lawmakers increase pressure on UnitedHealth to ease providers' pain

US senator calls cyber attack 'inexcusable,' calls for mandatory security rules

The S in IoT stands for security. You'll never secure all the Things

All too many 'smart' devices are security stupid

Forget TikTok – Chinese spies want to steal IP by backdooring digital locks

Uncle Sam can use this snooping tool, too, but that's beside the point

Infosec teams must be allowed to fail, argues Gartner

But failing to recover from incidents is unforgivable because 'adrenalin does not scale'

Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon

Unless you want to be the next Change Healthcare, that is

GitHub struggles to keep up with automated malicious forks

Cloned then compromised, bad repos are forked faster than they can be removed
BREAKING NEWS: FTX crypto-crook Sam Bankman-Fried gets 25 years in prison