RE: Software Liability

["Robert C. Leif" <rleif@rleif.com>]

From: Bob Leif
To: W D Tate et al.
I e-mailed Mr. Brown that, in light of Ada and associated software
engineering technology, his argument was fallacious. 

-----Original Message-----
From: comp.lang.ada-admin@ada.eu.org
[mailto:comp.lang.ada-admin@ada.eu.org] On Behalf Of W D Tate
Sent: Tuesday, July 02, 2002 5:54 AM
To: comp.lang.ada@ada.eu.org
Subject: Re: Software Liability

"Robert C. Leif" <rleif@rleif.com> wrote in message
news:<mailman.1025321584.15163.comp.lang.ada@ada.eu.org>...

[snip]
> 
> NEW YORK (Reuters) - Software bugs are not just annoying or
> inconvenient. They're expensive. 
> According to a study by the U.S. Department of Commerce's National
> Institute of Standards and Technology (NIST), the bugs and glitches
cost
> the U.S. economy about $59.5 billion a year. 
[snip] 
> If software makers were held liable, the cost to consumers would rise
> dramatically, said Marc E. Brown, a partner at the Los Angeles law
firm
> of McDermott, Will & Emery. 
>
This is the same apocalyptic argument that industry made wrt complying
with environmental regulations in the U.S.  History, however,
demonstrated that these regulations compelled corporations to find new
efficiencies, eliminate wastestreams &/or inefficient operations which
ultimately led to lower costs and, in some instances, a competitive
advantage.

What this attorney appears to be suggesting (implicitly) is that
companies enjoy lower costs (i.e., life-cycle) for pushing out poorly
designed & implemented software. IMO many companies don't have a first
clue as to what their "real" costs would be if they were to
design/implement software that held up after n-generations.

Examples...
A well-established commercial numerical analysis package has had
numerous "math" related bugs introduced with each subsequent release -
bugs that did not exist in prior versions that performed the same
mathematical operations.  Its gotten to the point that Jack Crenshaw,
PhD,(www.embedded.com) has strongly recommended using a version of
this software at least 3 to 4 versions earlier. I would be a bit
concerned if my "cadillac" product were exhibiting these kinds of
persistent problems with every new release.

In a company I used to work for the entire codebase was written in
C++.  After many years, it had reached a point where only 1 or 2
individuals were permitted to "touch" the "core" for fear of breaking
something.  Mind you this is a company that is #1 in its market (sales
~ $200-300 million/year), serves an industry where security is a
"really big deal" and "bugs" cost their end-users "real" money.  This
company has always had a structured software development process.  In
2001, this same company was forced to do a complete re-write of the
codebase in order to achieve a "maintainable" state.

In either case, its difficult to imagine how one can separate the
life-cycle issue (and its associated costs) from the potential
"liability" issue.

So if we talk about costs, let's compare apples and apples please.