How much did your company lose?
When the software fails, the finger-pointing starts.
The fallout from a breach or software failure can be massive. More often than not it leads to more than just red faces at the company concerned, especially if that failure affects the balance sheet, company reputation or even both.
The problem that most companies face is that every piece of software available today is likely to be released with at least one bug. And while not every bug has the capacity to cripple an enterprise, companies know that finding the bug before customers do is crucial.
A recent study of software failures by Austrian software company Tricentis revealed just how costly glitches or bugs can be. According to Tricentis’ in-house Software Fail Watch report for 2016, around 4.4 billion people and almost $1.1 trillion in assets were impacted by software failures in the last year.
To put the asset-related figure in figure into perspective, that amount of money equates to 17,701 Gulf Stream G-550 jets valued at $60 million apiece. The total amount of accumulated time lost to identified software failure was equally as staggering—315 years, six months, two weeks, six days, 16 hour and 26 minutes—in just one year.
The numbers might be mind-boggling, but the study said that the cumulative totals were, “on the conservative side.” A software failure is not an isolated incident, rather it produces ripples across the entire ecosystem and can impact other people in a variety of ways.
“At one time (long, long ago), software was just a way of getting things done. It was nothing more than the convenience of using a calculator instead of doing your sums by hand,” the report said. “Those days are gone, however. The average enterprise software landscape contains 52 interconnected systems. The average person’s software landscape is far vaster—as the saying goes, ‘no man is an island’—and the bridges between ourselves and the world are increasingly built with software.”
Software Can Fail At Any Time And In Any Place
To find the total number of people and assets affected by software failures in 2016, an in-house team set up a Google account that highlighted news articles that contained words such as “software glitch” or “software bug.” In total, the team found 1,159 stories that detailed 548 separate software fails, with 363 companies impacted.
For example, a car recall or a system going offline were deemed to be related to software failure, with the study noting the numbers involved or whether that failure occurred in the public or private sector. This data was then categorized into six industry sectors: entertainment, finance, retail, services, transportation and government.
Three different types of software were put under the microscope—embedded, on-premise and mobile/cloud. Embedded included all software that is pre-installed in a device or hardware. On-premise related to software that required installation in a specific location. Mobile/cloud was directed towards Web or app-based software.
The in-house team defined identified software fails as follows:
- Software bug; when a software application does not work as it should.
- Usability glitch; a design flaw that decreased the usability of product or app.
- Security vulnerability; a flaw that can be exploited by hackers.
The most common type of software fails were software bugs—the team discovered 432 of those. Security vulnerabilities were less common—78—with usability glitches totaling 38 instances.
Source: Tricentis, Types of Fail by Month
Software Testing Reduces Collateral Damage
Around 40% of the companies effected by software failures in the last year are publicly traded. Some of these failures were covered in depth by the media, while others were embarrassing for everyone that was involved.
Source: Tricentis, Software Fails by Industry 2016
Government was the buggiest industry of them all, the report said.
On average, government software fails around 15 times per month. The majority of these failures are in administration software, followed by justice systems. The reason for this is that the public sector relies on contracted developers as opposed to in-house resources, which reduces the level of testing significantly. The average cost of a government-based software failure is just over $5.7 million—a significant chunk of change when you consider that the software is paid for by taxes.
Retail and transportation are not much better—both of these industry categories log an average of nine software fails per month. Software failures in retail were linked to security vulnerabilities, especially in the Internet of Things. For example, the “botnet” distributed denial of service attack (DDoS) on the Dyn network in October was traced back to exploitable connected devices such as CCTV cameras and DVR’s.
On the transportation side, software failures were linked to the assets. The study said that 2016 saw over 21 million cars recalled and around 8,800 planes grounded. A full 22.7 million people were impacted by software failures in the transportation industry.
Software fails in the finance sector are relatively rare … or perhaps they just reported on less by the media. The biggest single loss in finance due to a software failure was $521 million, the report said.
Year-on-year growth in software failures was also of interest. In 2015, 4.2 billion assets were affected by a failure of one sort or another, compared to the 1.1 trillion recorded in 2016. For some bizarre reason, July, August and September are popular months for software to fail, which could be related to annual leave being taken in the summer months.
The Early Bird Gets The Bug
As software runs the world, the likelihood is that these levels of failure will increase in the coming years.
A demand for the latest and greatest forms of technology will ensure that more products are released into the wild with unidentified bugs as part of the package. The plain truth is that no software is bug-free, but companies can limit the potential damage or fallout from a software failure by making sure that they put public-facing software through as many tests as is humanly possible.
And then cross their fingers that the testers have identified any bug that is going to generate news headlines … or worse.