I'm the kind of guy that software vendors either love or hate: I dive into software to figure out how best to use it for me or my organization. But that also means that I turn up bugs and usability problems that remain in production code and frustrate my colleagues. Once the developers get over my deluge of comments, most are happy to talk and listen to my input. Wouldn't it be great if I didn't have to deal with these things to begin with?
Everyone has heard the software joke about "if cars were this bug-prone, the automobile industry would be in a tailspin." The cover story of the May 15, 2003 CIO Magazine confirms that perception with the results of the 2002 NIST study, The Economic Impacts of Inadequate Infrastructure for Software Testing, that calculates the cost of bad code at $60 billion, $22 billion of which could be saved by better testing.
Abstract: Don't blame Microsoft. Don't blame the hackers. Blame yourself for insecure software. Better yet, stop blaming and start moving toward operational excellence.
[snip]: On average, software contains 10 to 20 bugs per 1,000 lines of code. That means a 1 million-line program might contain 20,000 bugs - some of which are critical and some which might never get noticed.
The article provides familiar guidelines on how to reduce the amount of bugs that get out into production, from improving relations with the IT QA organization to writing software security into design and contracts. Now if we can get development houses to follow the suggestions!