Net url: http://eklavyasai.blogspot.in/2013/03/the-without-warranty-wild-west-software.html
Last updated on 28th March 2013
The world today is pervaded by a huge variety of software from Operating System software to embedded devices software to mobile phone apps. Serious bugs including very scary security flaws in these software are commonplace and accepted as an inescapable reality and risk of using software. Is that a proper stand for the software industry and software customers & users to take?
IMHO, the software industry culture is to blame for the current rather unsure and unprofessional state of the software world. In the nearly three decades that I have seen it, been part of it and experienced it as a user of software, the software industry worldwide seems to operate as a Without Warranty Wild West industry, with current generation of released software seeming to have far more bugs/problems than software on Mainframes/Mini-computers two to three decades ago. Forget application software bugs, the very operating system on which the whole software stack runs is without warranty and has a host of bugs including some terrifying security weaknesses. If you get hit by a malicious virus then it is your bad luck, that's it. You cannot hold the software company accountable. It is this lack of accountability of the software industry that, IMHO, is at the root of the excessive software failures that users have to suffer from.
Once the software industry becomes like other mature engineering industries who are accountable for their products (e.g. a Television set manufacturer is accountable for its product), then, IMHO, the entire software ecosystem including the teaching/academics part of it will be forced to become more "professional" about software development/engineering. But will most software companies, or perhaps any software company, offer warranty for their software easily and of their own accord? I strongly doubt that will happen without outside or public pressure/intervention.
Meanwhile we have to continue to live with the Without Warranty Wild West software world and produce software applications, within time & money constraints, of reasonable quality with some bugs here and there being tolerated like some security weaknesses here and there in the OS itself are tolerated. Is this the ideal software world? Certainly not! But can we freeze application software development till the software world becomes ideal? I don't think so! As far as I know, very, very few people like Prof. David Parnas, and Prof. Bjarne Stroustrup are thinking and writing and talking about these fundamental issues with software development today. And, IMHO, most people in the software industry or software academy don't seem to bother about or, in perhaps the vast majority of cases, even know about, what they are saying!
The result is that, in this far-from-perfect software world, at least for a wide range of application software, as a software developer one also has to join the crowd and try to deliver software quickly, using approaches like component based development, even if the produced software has a few hidden bugs here and there. One may take a lot of care to ensure that one's code is well designed and reasonably tested given the time constraints one is operating under, but one simply cannot control the bugs in the components that one uses for the solution. As an individual, you can't stop or change this "some tolerance for bugs in return for quick and cheap software solution" culture. You, normally, have to go with it. Or else you, as an exception, can simply stay away from providing such solutions. Others then will satisfy the market demand for such solutions by providing them in your place. I could be wrong but that's the way I think it is.
I have also added below snippets of my part of a conversation that I had with a software development practitioner on this topic.
I continue to hold the view that, at least for paid/significant cost software, providing a warranty like other fields of manufacturing, will bring order to the chaos that pervades the software industry today. Whether it can be pushed through, is practical enough, is a different matter. But if you ask the hapless user s/he does not care about whether it is practical enough or not, s/he is fed up of paying significant amount of money for software and having to live with painful bugs in what s/he has paid for!
About poor workmen (i.e. poor quality software developers/software engineers) being a problem, I agree. But till the poor quality of output produced by poor workmen is penalised the market/industry will employ such workmen and make money at the expense of hapless software customers & users. Prof. Parnas and others seem to hold the view that introducing licensure for software engineers will control the poor workmen problem like in other engineering sectors in the Western world. Maybe it will. But despite tremendous efforts of Prof. Parnas and others they, it seems, have not succeeded so far in the Western world adopting licensure for software engineering/development in a big way.
I don't want to get into a detailed discussion on the practicality of warranty for software as I have not examined the matter in depth (and neither have the time to do so now). But then let us at least acknowledge that the software industry folks (including me in the past and perhaps in the future as an Open Source developer) are amateurs as compared to professionals from fields like civil engineering or mechanical engineering. Yes, most of us are/were highly paid for our software development work but we are/were only highly paid amateurs. We don't have the right to call ourselves "professionals" as we cannot give any warranty/guarantee about the software solution we provide, in most, if not all, cases.
Please note that warranty does not mean error-free. A Television set may develop faults within its warranty period. Warranty, in my understanding, implies accountability to the extent of replacing a faulty product with a working product at no extra charge to the customer and also compensating a customer for significant damages incurred due to a faulty product.
A distinguished US academic had a small mail exchange with me on this topic. I would like to share my part of that conversation below as I feel it adds some value to the topic.
The point raised was that we all know today's software is poorly engineered. How do I propose to solve the problem?
My response was:
I think software companies need to become accountable by, for example, accepting financial penalties for significant failure of software during a warranty period. Catastrophic failure of software repeatedly should involve a govt. approved industry body examining the software very much like medical bodies examine repeated catastrophic failures of medical doctors. If the industry body deems that the software deployed did not follow minimum practices for design, code, test, etc. then a financial penalty should be levied on the company, and the record of the company and concerned software developers should reflect this failure. This will create a fear of appropriate professional repercussions for poorly engineered software.
As of now, I don't think there is this kind of professional penalty/blot-on-record fear either at the company level or at the individual software developer level. The focus is on getting the minimum stuff done for the customer to sign on the dotted line and make the payment for the customized software developed/product sold. In case of products the fear is of bad publicity if the product is bad, and so losing out to the competition - that may be a motivator for trying to ensure good quality. In case of customized software solutions the fear really is of repeat business not coming. IMHO, such fear is nowhere close to the fear that a medical professional has if s/he is involved in negligence or malpractice. We need to bring in this fear of repercussions like in medical practice for badly done software. That may really bring some professional like discipline in software engineering/development.
I hope I am not sounding like some fear-mongering dictator :). IMHO, very unfortunately, without fear of significant repercussions, people, in general, tend to cut corners in almost all walks and activities of life. In Asian countries like India, it is very much the case but I think it applies to quite some extent even in the materially advanced Western countries.
Here's a mail exchange (slightly edited) with another correspondent/friend who kindly permitted me to share it on this blog post.
Friend wrote in response to this blog post: I have one quick observation : When comparing a TV set with a S/w, the manufacturer of a TV will replace the set within warranty period if the operating conditions have not changed.
My response: Well, I guess the warranty will be valid even if operating conditions change but are within the operating conditions for which the warranty is valid.
Let us say that a TV worked for 3 months and suddenly kicked its bucket. Then he will replace it - however, it should not be because of usage during high / low voltage, pouring water into it, etc.
Yes, IMHO, as then the conditions for the warranty would be violated.
In the case of S/w, is not the scenario different?
There certainly will be certain differences between software and an electronics gadget like a TV. But I was going mainly by the principle which I feel can be applied to software too.
If you have been using the same functionality/features and if the S/w had worked earlier can it really stop working?
Yes. The s/w may encounter new data which breaks it (e.g. boundary conditions). Further, nowadays for some software like operating system and anti-virus software you have the automatic updates feature, say over Internet, which may introduce new buggy code into the software, even a few days or weeks after it is installed.
One scenario is as follows:
For instance, you might use a new choice in a menu and find that it is not doing what it is supposed to do, but perhaps it was not working right from the beginning - just that we did not find out about it.
Yes, this is clearly a possibility with today's software which are sometimes overloaded with features/functionality that one does not regularly use.
For instance, in a TV which claims to have 1000 channels, perhaps we tuned only the first 50 ones and after 6 months when we try to tune the 51st channel we find it is not possible. The above case is similar to this. So if we find it out within the warranty period TV manufacturer replaces it and so should the S/w provider / vendor.
Another scenario is what I wrote first. In a s/w can it happen? If it does, is it problem with H/w or S/w or some other "element" of the system? Whose responsibility should this be?
(I may not have) explained myself clearly, but I hope you see there is a difference here? Or is there??!!
I am sure there will be differences. S/w warranty will be more complex than a TV warranty.
In this connection, ideally a vendor should publish its QA reports for the software it sells to users. The QA report must detail all the tests that the software was put to. Such clear documentation of the QA process will allow customers to get a feel of the rigor of the software vendor's QA process. If the customer discovers a bug later on s/he can check against the QA report and see how this bug slipped through. The customer will then know whether the QA report missed it or whether it stated that it passed that test. In the latter case a question would pop up about the truthfulness of the QA report of the vendor.
Such transparent QA reporting will give the customer a feel of how robust the software is, thereby allowing him/her to decide how much to depend on it.
I don't know whether such QA reports are publicly made available for software products now. Maybe open source guys do that. Not sure if a company like --- would do that though :). They will consider it perhaps only if government (i.e. legislators) or courts force them to do it.
... Another mail exchange with same friend ...
Actually, what I find very very interesting is that so far (a software industry body) or any such body has not thought of this.
Perhaps they know about it. (They may not want to consider) any demands for warranty as they may feel that it would negatively impact software companies, which they represent.
Further, the non-IT MNCs which pay such huge sums also do not seem to be reporting the failure of s/w as a problem - surely it drains them of millions.
If one particular part is faulty, a car manufacturer takes the other party to task, but somehow when we come to s/w everybody seems to have infinite tolerance!!
I think the world at large has been dazzled by the achievements of software. That and the huge money power that software companies have, makes these companies very formidable entities to aggressively question. I don't think governments will have the (will) to push software companies hard anywhere in the world today as the world is becoming more and more dependent on software, and (software companies would be having, I guess, significant political lobbying power). It is the Western world justice system that has the (will) to question and even fine software companies - e.g. ---,--- being fined for their practices like restrictive trade practices (---) and for using/capturing data of people from their wireless (home) networks without their permission (---).
I think it is just a matter of time before some software glitch results in a catastrophe, provoking somebody/some entity to take the matter up to a Western world court (I don't know whether it has happened before; maybe it has but as I was not following this space before the past year or two, I do not know of it) - the top Western world judges will not easily buy arguments of software companies that the software is without warranty/"At your own risk" and so they are not legally liable for anything related to their software. They may (apply) some other law.
Thanks for this really thought-provoking perspective.
You are welcome, brother --.
Here is a follow up to this post titled, A Debate on Warranty for Software.
Ravi S. Iyer, March 22, 2013 at 1:25 PM
Even NASA is not able to avoid software glitches. Here's info. about glitch(es) that has/have stalled its latest $2.5 billion (reportedly) Mars Rover Curiosity probe/robot/mission:Time article andInformation Week article.