Cost of Poor Software Quality in US Exceeds $2 Trillion
February 09, 2021
Share this

The cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08 trillion, according to The Cost of Poor Software Quality In the US: A 2020 Report from the Consortium for Information & Software Quality (CISQ), co-sponsored by Synopsys.

This includes poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.

"As organizations undertake major digital transformations, software-based innovation and development rapidly expands," said report author, Herb Krasner. "The result is a balancing act, trying to deliver value at high speed without sacrificing quality. However, software quality typically lags behind other objectives in most organizations. That lack of primary attention to quality comes at a steep cost."

Key findings from the report include:

Operational software failure

Operational software failure is the leading driver of the total cost of poor software quality (CPSQ), estimated at $1.56 trillion — about 10X costlier than finding and fixing the defects before releasing software into operation.

This figure represents a 22% increase since 2018. That number could be low given the meteoric rise in cybersecurity failures, and also with the understanding that many failures go unreported.

Cybercrimes enabled by exploitable weaknesses and vulnerabilities in software are the largest growth area by far in the last 2 years. The underlying cause is primarily unmitigated software flaws.

The report recommends preventing defects from occurring as early as possible when they are relatively cheap to fix. The second recommendation is isolating, mitigating, and correcting those failures as quickly as possible to limit damage.

Unsuccessful development projects

Unsuccessful development projects, the next largest growth area of the CPSQ, is estimated at $260 billion.

This figure has risen by 46% since 2018. There has been a steady project failure rate of ~19% for over a decade.

The underlying causes are varied, but one consistent theme has been the lack of attention to quality.

The report states: "It is amazing how many IT projects just assume that “quality happens.” The best way to focus a project on quality is to properly define what quality means for that specific project and then focus on achieving measurable results against stated quality objectives."

Research suggests that success rates go up dramatically when using Agile and DevOps methodologies, leading to decision latency being minimized.

Legacy software

The operation and maintenance of legacy software contributed $520 billion to the CPSQ.

While this is down from $635 billion in 2018, it still represents nearly a third of the US's total IT expenditure in 2020.

The report explains: "CPSQ in legacy systems is harder to address because such systems automate core business functions and modernization is not always straightforward. After decades of operation, they may have become less efficient, less secure, unstable, incompatible with newer technologies and systems, and more difficult to support due to loss of knowledge and/or increased complexity or loss of vendor support. In many cases, they represent a single point of failure risk to the business."

The report recommends strategies to improve quality are about overcoming the lack of understanding and knowledge of how the system works internally. Any tool that helps identify weaknesses, vulnerabilities, failure symptoms, defects and improvement targets is going to be useful.

Conslusion

"As poor software quality persists on an upward trajectory, the solution remains the same: prevention is still the best medicine. It's important to build secure, high-quality software that addresses weaknesses and vulnerabilities as close to the source as possible," said Joe Jarzombek, Director for Government and Critical Infrastructure Programs at Synopsys. "This limits the potential damage and cost to resolve issues. It reduces the cost of ownership and makes software-controlled capabilities more resilient to attempts of cyber exploitation."

Methodologies such as Agile and DevOps have supported the evolution of software development whereby software developers apply enhancements as small, incremental changes that are tested and committed daily, hourly, or even moment by moment into production. This results in higher velocity and more responsive development cycles, but not necessarily better quality.

As DevSecOps aims to improve the security mechanisms around high-velocity software development, the emergence of DevQualOps encompasses activities that assure an appropriate level of quality across the Agile, DevOps, and DevSecOps lifecycle.

Share this

The Latest

March 02, 2021

The Model T automobile was introduced in 1908 ... Within a few years, competitors arrived on the scene including relic names such as Overland, Maxwell, and names that survived like Buick and Dodge. So, what does this have to do with the hybrid cloud market? From a business perspective — a lot ...

March 01, 2021

DevOps Institute announced the launch of the 2021 SRE Survey in collaboration with Catchpoint and VMware Tanzu. The survey will result in a more in-depth understanding of how SRE teams are organized, how they are measured, and a deep dive into specific automation needs within SRE teams ...

February 25, 2021

Organizations use data to fuel their operations, make smart business decisions, improve customer relationships, and much more. Because so much value can be extracted from data its influence is generally positive, but it can also be detrimental to a business experiencing a serious disruption such as a cyberattack, insider threat, or storage platform-specific hack or bug ...

February 24, 2021

Previously siloed IT teams and technologies are converging as enterprises accelerate their modernization efforts in reaction to COVID-19, according to a study by LogicMonitor ...

February 23, 2021

You surf the internet, don't you? While all of us are at home due to Covid lock-down and accepting a new reality, the majority of the work is happening online. IT managers are looking for tools that can track the user digital experience. Executives are reading a report from Gartner or Forrester about some of the best networking monitoring solutions available on the market. Project managers are using Microsoft Teams online to communicate and ensure team members are meeting deliverables on time. Remote employees everywhere use OWA to check their office mails. No matter what, you can be quite sure that everyone is using their favorite browser and search engine for connecting online and accomplish tasks ...

February 22, 2021

With the right solutions, teams can move themselves out of the shadows of error resolution and into the light of innovation. Observability data, drawn from their systems and imbued with context from AI, lets teams automate the issues holding them back. Contextualized data and insights also give them the language to speak to the incremental, product-led approach and the direction to drive key innovations in customer experience improvement. Communicating value becomes a much easier proposition for DevOps practitioners — and they can take their seat at the company table as contributors to value ...

February 18, 2021

Prediction: Successful organizations will blur (or erase) the line between ITOps and DevOps. DevOps has to coexist with traditional IT operations ... So bring a little DevOps to every aspect of IT operations. You don't even have to call it DevOps ...

February 17, 2021

The use of unified communications and collaboration (UC&C) solutions has increased since the start of the pandemic, and this increased use has created challenges for IT teams, according to a survey commissioned by NETSCOUT SYSTEMS ...

February 16, 2021
The AI+ITOPS Podcast just hit the 10K + download mark early this month. Most people listen to entire episodes, and many engage with us by sending a note on LinkedIn, Twitter, a direct email asking questions, clarifications, strategy advice, product selection advice ...
February 11, 2021

Cloud-based innovations like microservices, containers and orchestration let developers code better, faster, but the underlying infrastructure becomes dynamic and ephemeral, and service-level interactions are hard to see. It’s a critical evolution, but the rapid change reduces visibility, predictability and control. Hence, observability ...