The U.S. Software Industry and Software Quality: Another Detroit in the Making?
Today's commercial software packages have much in common with shoddy U.S. automobiles of the 1950s and 1960s, according to the software industry's critics. It's basically the same formula: put out shoddy products, and use high-pressure marketing to keep consumers focused on new software versions that offer glitzy new features. In reality, you're hoodwinking people into buying the same defective product over and over again, but hey - you make tons of money. And who cares about quality, anyway? Sure, industry executives concede, we could reduce the number of bugs in our products, they say, but only by raising the price of our products by 50 percent or more - and consumers won't stand for it. Quality? We'll give you "good enough" quality, and that's all you're going to get.
It's incredibly cavalier of these companies to say that quality isn't needed in products such as word processors, spreadsheet programs and the rest. People have lost jobs, flunked classes, and contemplated jumping off bridges after software glitches destroyed work that was critical to them. And these very same products are finding their way into virtually every aspect of life, including situations in which human life and limb could very well be at stake if the e-mail doesn't get through. Shoddy, bug-ridden software isn't safe to use under any condition, and these companies know it. My evidence? Instead of improving their products, commercial software vendors are busily trying to rewrite U.S. and international law to shield themselves from the consequences of their corporate negligence. In the U.S., Microsoft has taken the lead in pushing for the passage of UCITA, a state-level legislative act that has been opposed by every consumer rights organization that has ever examined the issue, as well as by 23 U.S. Attorneys General and computing professional organizations, who correctly describe the legislation as a major setback not only for consumers, but also for public safety.
Sounds like the Detroit game all over again, doesn't it? But wait: there's more. Inspired by Demming's writings, software development expert Watts Humphrey - an ex-IBM executive who is now affiliated with Carnegie-Mellon University's Software Engineering Institute (SEI) - developed a version of Demming's work for the software industry. And guess what? U.S. software vendors aren't listening to Humphrey. One reason they're not listening is that they're too busy jeering Humphrey and ridiculing his work, which is exactly what U.S. auto-industry executives did to Demming in the 1950s. (Demming eventually gave up and moved to Japan.)
What's Humphrey saying? It's simple: software companies can make high-quality products, and what's more, doing so isn't expensive. Humphrey's work has evolved into the Capability Maturity Model (CMM), which shows software developers how to build quality in from the get-go. It also provides a way of ranking a company's commitment to quality. At Level 1, companies aren't doing much of anything about quality. At Level 5, they're up to the Toyota level: they're building quality consciousness into everything they do, and they're constantly refining and improving their processes.
What's more, CMM works. Using CMM-like methods, telecommunications giant US West Technologies was able to reduce service outages by 79 percent, slice billing costs by $30 million, and reduce service order errors by 50 percent. There's an upfront investment required, to be sure, but it pays off in the long run. In 1990, the cost of ensuring quality at Raytheon Electronics Systems ate up nearly two-thirds of all software development costs. Thanks to CMM, Raytheon is putting out even better software, but the cost of assuring this quality has fallen below 10 percent of software development budgets. And what about bugs? Based in Chennai, India, a contract software developer called Advanced Information Services (IAS) - one of the few CMM Level 5 companies in existence - is cranking out code with only 0.05 defects per thousand lines of code. That's better than the space shuttle's software. This level of achievement isn't putting IAS out of business - far from it: their profits have doubled. On average, companies that adopt CMM realize a fivefold return on their investment.
Who's listening to Humphrey? CMM critics affiliated with Microsoft charge that CMM creates an unwieldy bureaucracy that forestalls the kind of brilliant innovation that's leading the software industry. Give me a break! If Microsoft supposedly exemplifies the type of organization that would be "paralyzed" by CMM to the point that it couldn't innovate, we might all be much better off. As near as I can tell, the lion's share of Microsoft products that could be termed "innovative" in some sense - MS-DOS, Windows, FrontPage and others - either originated outside the company, were based on ideas that were developed outside the company, or were acquired by purchasing an outside company. Microsoft's innovations seem limited to figuring out new ways of introducing dysfunctional extensions to prevailing standards for no other reason than the firm's desire to put its competitors out of business.
So who is listening? As of this writing, only 19 software companies are certified at Level 5, and 13 of them are in India. That's right: India. If you think India is a backward country that couldn't possibly compete in the high-tech sweepstakes, you'd better think again, because Indian software companies are putting out some of the best software in the world. Near Bangalore, India, a CMM-driven, Level 5 shop is turning out software with 0.03 defects per thousand lines of code. Right now in India, there's a replay of exactly the same process that energized the Japanese automobile industry thirty years ago. They see the opportunity. They have the talent. They know they can create world-class software. They're doing it right now.
When asked whether Indian software firms pose a threat to their near stranglehold on the consumer software market, U.S. software executives laugh. They point out that these silly foreign companies don't know anything about style or marketing; there's no way they could make it in the U.S. market. Now where have we heard that before?
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide