Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Software Technology

Poor Software Costs the US 2.4 Trillion (securitymagazine.com) 78

Posted by msmash from the closer-look dept.
Software quality issues may have cost the U.S. economy $2.41 trillion in 2022. From a report: This statistic is unearthed in Synopsys's 'The Cost of Poor Software Quality in the US: A 2022 Report.' The report's findings reflect that as of 2022, the cost of poor software quality in the U.S. -- which includes cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt -- have led to a build-up of historic software deficiencies. Co-sponsored by Synopsys, the report was produced by the Consortium for Information & Software Quality (CISQ), an organization developing international standards to automate software quality measurement and promoting the development and maintenance of secure, reliable, and trustworthy software.

The report highlights several key areas of CPSQ growth, including:
Cybercrime losses due to a rising number of software vulnerabilities. Losses rose 64% from 2020 to 2021 and are on track for a further 42% increase from 2021 to 2022. The quantity and cost of cybercrime incidents have been on the rise for over a decade, and now account for a sum equivalent to the world's third-largest economy after the U.S. and China.
Software supply chain problems with underlying third-party components are up significantly. This year's report shows that the number of failures due to weaknesses in open-source software components accelerated by an alarming 650% from 2020 to 2021.
Technical debt has become the largest obstacle to making changes in existing code bases. Technical debt refers to software development rework costs from the accumulation of deficiencies leaving data and systems potentially vulnerable. This year's report illustrates that deficiencies aren't being resolved, leading technical debt to increase to approximately $1.52 trillion.
This discussion has been archived. No new comments can be posted.

Poor Software Costs the US 2.4 Trillion More

Poor Software Costs the US 2.4 Trillion

Comments Filter:

  • Software inspection company says software is crap. (Yes, it is crap, but everyone knows that already.)

    • Interesting, the previous article was also about what a POS software is.

    • Re: (Score:2)

      by Arethan ( 223197 )

      (Yes, it is crap, but everyone knows that already.)

      This ^

      Oblig: http://www.stilldrinking.org/p... [stilldrinking.org]

    • Re: (Score:2)

      by znrt ( 2424692 )

      the whole thing resides on some report buried behind a site that asks me to renounce to any rights the gdpr might hypothetically grant me before even allowing me to the forwarded link. that's some ballsy ways to get their fanfare spread, they need to learn some respect so i'll leave it at just laughing out lout at the absurd claims laid out in the abstract. ha-ha. next.

  • One of the problems we have, heck one of the problems capitalism has, is externalized costs. My department gets a budget to write software so you get what's called the minimum viable product. When it comes time to deal with the security problems and the general problems involved with crap software that doesn't come out of my budget that comes out of operation's budget.

    In theory of the CEO is supposed to stop this kind of petty in fighting but in practice they often encourage it. Lot of them read too muc

    • Re:Who cares I'm not paying for it (Score:5, Interesting)

      by Brain-Fu ( 1274756 ) on Monday December 12, 2022 @05:43PM (#63125490) Homepage Journal

      If the buyers were ready to insist on higher quality software, and *pay* for that higher quality, then the budgets for making the software would be higher. As it stands, buyers across the industry are ready to tolerate software quality issues if it means they get the software sooner, and its cheaper.

      So, for the most part, buyers are getting what they pay for. They are also bearing the long term costs of the short-term purchase price they chose to pay.

      Lastly, there isn't much that software makers can do about this. If one decides to take a hard line on software quality, refusing the release the software until it hits a higher bar of quality, they will find that their competitors have eaten their lunch. All their potential clients got tired of waiting for this higher quality software, and balked at the price the would have to pay for it anyway.

      I don't think this is a problem "with capitalism." The economic model isn't at fault. This is just a matter of human behavior. The criteria we are using to decide what quality level we want (including how much we are willing to pay and how long we are willing to wait) is what results in the high level of usage and maintenance issues that we are seeing.

      • I don't think we're talking consumer software here for the most part we're talking software written for business to business we're at the very least businesses. And businesses are notoriously cheap.

        I suppose it doesn't help that they've gotten used to cheap workers and rapidly increasing productivity so that it's tempting to just throw an extra employee or two at a problem instead of actually solving it.

        • Have you just described really bad management?

          • management looks out foe themselves and their direct reports. Again, this is the result of a perverse incentive structure. It's what happens when it's "everyman for himself".

          • Sounds like it describes average management. It's not just about assigning extra people, it means assigning someone who's not an expert at the problem to the task because the expert is stuck on a different project that's higher priority. And in my experience, when all else fails, hire an outside contractor to screw up the fun and interesting project because all the full time employees are working on legacy bug fixes.

        • Re: (Score:2)

          by PCM2 ( 4486 )

          I don't think we're talking consumer software here for the most part we're talking software written for business to business we're at the very least businesses. And businesses are notoriously cheap.

          Well sure, businesses aren't in business to spend all their money. But you don't need to be "cheap" to use practices that are going to lead to defective software.

          I used to work for a company called Pivotal, and we were big proponents of a set of practices called eXtreme Programming (XP). It's a stupid name, but it describes a really clear methodology: If a software development practice is good to do, then it should be done all the time. Is committing changes good? Fine, then commit all the time. Is building

      • The economic model isn't at fault. This is just a matter of human behavior.

        Since human behaviour isn't likely to change any millennium soon - especially at the low end - wouldn't it be sensible to work on some economic models that work with it, not against it?

        • Re: (Score:2, Insightful)

          by Brain-Fu ( 1274756 )

          Are you suggesting that capitalism somehow works against human behavior?

          And if so, do you think something like communism is better aligned?

          Because history, including recent history, would certainly suggest otherwise.

          • the Nordic models seem to work quiet well. Strong regulation coupled with social guarantees so that people aren't trying to squeeze every penny out of every inch of every process.

            • I don't know much about the Nordic Model, but I found this quote on the wikipedia article [wikipedia.org] about it (that I only skimmed):

              "The Nordic model is described as a system of competitive capitalism combined with a large percentage of the population employed by the public sector, which amounts to roughly 30% of the work force, in areas such as healthcare and higher education."

              If I am reading this right, it's still "capitalism." They just have a bigger public sector and a few more taxpayer funded services than in th

          • Are you suggesting that capitalism works? Much of the fault of capitalism is that people want to make it unregulated with the belief that it will just work itself out. It's human nature that screws up the free market and capitalism. It's also human nature that screws up socialism, and the guild system, and medieval agrarian economics, etc. What fixes it is the part of human nature that recognizes its own faults and attempts to work against human nature, which means not letting things run unfettered.

            • Agreed, markets must be regulated in order to be kept free. This is completely compatible with "capitalism," just not "Laissez-faire."

      • Fortunately, we have customers who want security. However it's not a product requirement to get rid of technical debt, so that product remains. Technical debt might actually be one of the fundamental laws of physics.

        So when we run out of memory (we're embedded system, unlike a PC where "out of memory" is an unknown concept), I am finally allowed to remove some of the bandaids. However there's a time problem so that I can only remove 3 bandaids to place with a single bandaid. The fundamental problem of re

      • Maybe but is it possible to get better software by paying more, or do you just get more expensive software? Are there any companies that will provide compensation for damage caused by flaws in their software?

      • I don't think this is a problem "with capitalism." The economic model isn't at fault. This is just a matter of human behavior.

        "Buy low, sell high." The one thing everyone remembers from Economics 101. Capitalism is entirely based on that one principal. Sure there are others, but in practice, it's only the one. (Example: Equal Information of both parties to a transaction: Negated by the party with greater influence forbidding access to said information to increase their leverage over payment negotiations.) Which means Capitalism is entirely based on, encourages, and mandates human greed. Capitalism punishes anyone under it's influ

    • It's not just that either. Like how do you define imperfect or "bad" software? Compared to some theoretical perfect application, I probably waste 90% of my time.

      If we had a general AI that could do most humans' works but we don't because our software is "bad" that's like hundreds of trillions of dollars lost in potential productivity.

    • The problem with your company is that there isn't a pricing mechanism between the departments to keep the internal incentives inline, so value isn't delivered. That, and the definition of value is flexible; time to market and features are often rated more highly than robustness by the PHBs.

  • Poor software deployment? Using the wrong software for your needs I'm sure is the bulk of that cost.

  • Cheap Software! (Score:5, Insightful)

    by jellomizer ( 103300 ) on Monday December 12, 2022 @05:35PM (#63125450)

    Ok, many of the open source stuff is actually really good... However for an Open Source Project to be successful, it will need to fill a need that has broad appeal, often not in competition with a software companies business plans. But most of the software out there is industry specific, and industry is cheap!

    Cheap software, like an Access Database made by an Employee 25 years ago, will do the job, of a 30k piece of software. Sure you are paying an employee 80k a year where they are keeping that Access Database running for half of his time. Even if the Boss knows it is costing more to keep it running, then to replace it, trying to budget for a big purchase is difficult, and they will just keep on going the more expensive cheap route.

    It is like those who don't bring their lunch to work, but order out every day. Sure you will feel the pain on paying an extra $30 at the grocery store, and having to take some time out of your day to prep it. But compared to paying over $50 a week in over $10 meals, it is a bargain, and you will probably get food that is healthier.

  • More marketing Mumbai jumbo (Score:5, Funny)

    by fermion ( 181285 ) on Monday December 12, 2022 @05:35PM (#63125452) Homepage Journal
    Lazy workers costs a trillion.

    People stealing music costs a trillion.

    Cheap office chairs costs a trillion.

    Long commutes cost a trillion.

    But letting people work from home cost two trillion.

    And for mere $1,000 a day put consultants will help to avoid these wasted costs!

  • The appalling thing: we know how to do better (Score:5, Insightful)

    by david.emery ( 127135 ) on Monday December 12, 2022 @05:36PM (#63125456)

    But it would require a couple of major changes:
    1. Holding companies legally/financially liable for bugs. Until we do this, the commercial software industry has no real incentive to do better.
    2. Investing in better tools, languages, etc. (Memory-safe languages, for example, have demonstrated lower bug rates, as has been discussed in other posts.) Also investing in training on specific high quality techniques.
    3. Moving away from the "throw bodies at the problem" management approach. (And as a corollary, expecting "learn to code in 6 weeks" courses to produce trained/qualified commercial/industrial software engineers.)

    • The space shuttle software had something like 2 release bugs total over its entire lifespan. Of course, it was also extremely expensive. If the software industry worked like this, computing would still be stuck in the 60's.

      Besides, the essence of your ideas have basically been implemented already--liability is handled contractually when it's really needed; more realistically, it's handled by paying an annual license fee in exchange for maintenance releases; in the consumer space you're more SOL, but market

      • Re: (Score:2)

        by DMJC ( 682799 )
        No, software liability works like this: Your organisation pays someone else, they pretend to implement security. Everyone pretends that the systems are secure. The systems get breached. Everyone points to the vendor, and the vendor says we're not liable for bugs. The End.

        • Re: (Score:2)

          by vyvepe ( 809573 )

          Vendors can be liable for bugs. That is not the problem. The problem is that the customers do not want to pay for the insurance or self-insurance of the vendor. The result is that the customers insure or self-insures themselves.

          Anyway, nobody wants to pay the insurance premiums. And this is unlikely going to change.

    • "Thank you for reporting the bug. Please buy our next version with the bug patched."

  • Where does the opportunity cost of taking months or years longer to have got the product to market in the first place get factored in?

    Most software exists because there is some need for it. I think if we are honest 'doing it right the first time' is for a lot of software projects going represent considerably more time in the planning and analysis phases, its going to mean considerable re-work along the way when you realize a components interface wasnt exactly correct. Its equally likely to lead to a lot pre

    • Software might be mostly crap but that does not mean building crappy software was actually the wrong choice.

      And then you have to ask yourself - what about really good software that helps people to do really crappy or wasteful things better or more profitably?

      The more you look at the problem, the more it expands on you.

      All serious software problems are actually people problems.

  • Lowballing it (Score:5, Insightful)

    by Kokuyo ( 549451 ) on Monday December 12, 2022 @05:48PM (#63125510) Journal

    2.4 trillion might be a conservative estimate. Depends on how precisely you approach it. Security issues are the elephant in the room but shitty UI can cost a user a few seconds and some frustration tolerance every second task.

    Now sum that up in human life spans across the globe... And because nobody cares about that, put a price tag on it.

    I am almost certain that a part of stress related medical issues can be attributed to this, not to mention loss of productivity.

    • "Dont send a rabbit to kill a fox...." commercial and private extranets should be seperate...

    • 2.4 trillion might be a conservative estimate. Depends on how precisely you approach it. Security issues are the elephant in the room but shitty UI can cost a user a few seconds and some frustration tolerance every second task.

      Now sum that up in human life spans across the globe... And because nobody cares about that, put a price tag on it.

      I am almost certain that a part of stress related medical issues can be attributed to this, not to mention loss of productivity.

      Yes, and the problems go so much deeper than having to look up unintuitive CLI arguments, wrestling with poorly structured output, or doing something repetitive in a GUI. My god, if those were the only f'ing problems we face with over complicated software...

    • 2.4 trillion might be a conservative estimate. Depends on how precisely you approach it. Security issues are the elephant in the room but shitty UI can cost a user a few seconds and some frustration tolerance every second task.

      Given that same social media addict employee clocked a solid 2 hours on the corporate shitter this week surfing toilet bowl news and pisser politics, I kinda doubt we need to get that precise here.

      And greedy PHBs who don't bother investing in proper IT maintenance who get hacked because they fail to patch properly, tends to highlight who the actual elephant is in the room.

      • Re: (Score:2)

        by Kokuyo ( 549451 )

        Well, if you subtract those two hours surfing from an 8 hour work day you arrive at the 6 hours the average human has the capability of spending concentrating per day.

        I'm talking about what happens with the rest.

  • Well yeah Poor software (Score:5, Funny)

    by Ol Olsoc ( 1175323 ) on Monday December 12, 2022 @06:02PM (#63125550)
    But I mean, we're pretty much stuck with Microsoft.

    • We're stuck with Microsoft MOSTLY because CIOs buy that shit without any accountability for selecting stuff that has lots of bugs. And that's usually justified as "industry best practice/industry standard." There's at least the kernel of an excuse in "Selecting anything else will cost us a lot more to hire support people." (Of course, that ignores the observation Microsoft products tend to be very much 'labor-intensive', so it becomes self-justifying.)

      For just about every Microsoft product, there are sig

    • But I mean, we're pretty much stuck with Microsoft.

      I think that may be the saddest thing I have ever heard. In six decades.

  • Technical Debt? (Score:3)

    by Murdoch5 ( 1563847 ) on Monday December 12, 2022 @06:04PM (#63125562) Homepage
    It's easy to understand why so much Technical Debt exists! Companies don't hire enough quality developers, and a lot of developers refuse to rewrite old code, on the basis: “It works! So why touch it?”.

    I'm in the process of reviewing code I wrote several years ago, updating the comments, adding more comments, restructure the code to bring it inline with ES2020+, and just doing a general code base refresh, but many developers refuse to ever touch code this way, either through incompetence, laziness, stubbornness, lack of man power.

    In the case you don't have enough man power, well there's not much you can do besides ask / demand for more, because I'm guessing sales, marketing, and business are overflowing with latte sippers, so there's just no money. In any other case, get off your ass and do the work! If code hasn't been inspected, reviewed or examined in more than 1 year, it's time to review it, and probably refresh it.

    I'd rather have 50k lines of clear, reviewed and refreshed code that I can sleep soundly on, over 200k lines of “It works, so what ever” code, which is the vast majority of code in projects from my opinion.

    • It's easy to understand why so much Technical Debt exists! Companies don't hire enough quality developers, and a lot of developers refuse to rewrite old code, on the basis: “It works! So why touch it?”.

      So far so good, as the guy said when he passed the third floor in free fall. And by the time it falls apart, the people responsible will have been promoted far and wide. And it won't be the individuals to blame who splatter on the sidewalk; it'll be the corporation or the division. Hundreds or thousands of good workers will be laid off permanently because some bozo cut corners, looked good for a few weeks, then used the executive ejector seat.

      So maybe one part of the answer would be holding people accountab

  • If only people shared their fixes instead hiding it behind ideological freedom.

  • the article seems to fail to account for the cost and frustration of the end users.

    If the end user were able to back charge for the time they spend dealing with genuine technical fails many tech companies would have gone bankrupt. Microsoft would certainly be among them.

    i.e. killed a whole weekend trying to determine and stop a random BSOD on a Dell computer. following some directions found on a Dell forum that Dell technical was participating in. The directions did not work.

    Elsewhere I then found a solutio

  • ...ma software be broke? Ya sure 'bout that? Well, mine be workin' just fine an' dandy right here, right now. Ain't no need to fix nothin'.

  • "If buildings were built like software, a poorly fitted lock would cause the whole structure to come down."

  • Compared to? (Score:4, Insightful)

    by fph il quozientatore ( 971015 ) on Monday December 12, 2022 @07:04PM (#63125744)
    Yes, but how much does it cost to fix it? More or less?
  • And they only know how to make soup. From a can.

    Being labeled a programmer or developer used to mean something. Now it is a commodity - and you get commodity quality. Skilled jobs are now the jobs that involve manual labor, anyone can cut and paste.

  • Why are they trying to pin the country's economic woes on me?

  • "It is what it is" is the mantra of all incompetent technical managers faced with technical debt. You can't blame them though, they are usually forced into that situation by groups of directors who are trying to build a product to sell to someone else.

    Consequently scalability and ease of adding features to the software is completely overlooked and any attempt to point these issues out is often met with "it is what it is".

    For the purchasers of the business they end up with a code base that is the equiva

  • We created $2.2T out of nothing, this $2.4T almost compensates for that one.

    So, Biden saw this coming, and poofed a couple trillion dollars into existence that would have been straight inflation, but this way he can blame it on a small subset of the working population...

  • "I won't pay for quality, but it's your fault for not giving it to me."

  • Here's an idea for a simple solution to such poor-quality software:

    Pass a law phasing out the ability for companies to sell software that's explicitly not warranted to be suitable for the purpose for which it's sold.

    I mean - in what other context is such nonsense tolerated? Can you imagine if cars unsuitable for driving down the road were sold without any recourse for buyers? Or if food were sold without any guarantee that it was safe to eat? It'd be a laissez-faire capitalism nightmare.

    And yet we allow

    • Re: (Score:2)

      by vyvepe ( 809573 )

      The problem with software is the specification. There is almost never a precise specification what a software must do and therefore there is almost no software which can be warranted against the specification. And the customer would not read the specification anyway.

      The other issue is the outright security bugs. But nobody wants to pay insurance premiums to cover the relatively unlikely problems. Notice that the report was published by people involved in security. Their goal is to transform (self-)insurance

      • You don't really need specification compliance though - I mean, it's a rare car that people test against the specifications either. Just use the marketing brochure, and maybe a few standardized "basic fitness" rules akin to the rules required to sell a road-legal car.

        For customized software things get murkier, and maybe you want customers to be able to waive (most?) fitness liability by the developers simply because guaranteeing fitness is likely to be far more expensive than developing the software in the

        • Re: (Score:2)

          by vyvepe ( 809573 )

          I agree that for a lot of off-the-shelf software the specification problem is not that significant. It is still there somewhat; e.g. network protocols evolve and a software was built against an older definition etc

          Anyway, I expect that software provided without warranty has lower total cost of ownership despite the occasional cost of security bugs and unfitness for the advertised purpose. If customers really want warranted software then they just need to request it (and pay for it) and vendors will jump in

  • The ghost of john mcafee just got a boner reading all that scare mongering made up bullshit. How much can be attributed to crypto.

  • Developers are worked to death in an effort to release as soon as possible.

    We humans are the only species in this planet intelligent enough to act stupidly on a regular basis.

  • The sh*tshow that is web development (Score:3)

    by RogueWarrior65 ( 678876 ) on Tuesday December 13, 2022 @10:10AM (#63127118)

    I mean, really, websites break for no apparent reason and there is no standard for the UX.

  • The real question is: What would it cost the US enconomy if we didn't have software at all, rather than the somewhat flawed stuff we have today. I suspect that number is alot larger than 2.4 trillion imaginary consulting dollars.

  • Industry advice is to change jobs every two years, otherwise you'll get ripped off and your skills will go stale. Now, for a sufficiently complex application, how far do you think you'll get in understanding it in two years? There's so much movement in the industry it just amazes me that any long projects get finished or even off the ground!

Slashdot Top Deals

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Close