Software failures Cost Billions Part 2

Note part 1 Software failures cost billions contains numerous studies, etc.  I broke it into parts due to limitations of the blogging software.

From a British Computer Society study of 214 projects in the European Union between 1998 and 2005 by Dr John McManus and Dr Trevor Wood-Harper:  Only one in 8 projects was successful, meeting time, cost and quality requirements.

Additionally schedule overruns ranged from 11 weeks to 103 weeks with cost overruns of 20 to 90%

Phase at Cancellation or Overruns

Waterfall method
lifecycle stage
Number of projects canceled
Number of projects completed Number of projects overrun
(schedule and/or cost)
Feasibility None 214 None
Requirements analysis 3 211 None
Design 28 183 32
Code 15 168 57
Testing 4 164 57
Implementation 1 163 69
Handover None 163 69
Percentages 23.8% 76.2%

ISBSG Analysis from the book "Practical Software Project Estimation

449 suitable projects, the analysis in our Practical Software Project Estimation book made the following observations:
25% of projects met both estimates Schedule & Effort  (within 10%)
23% underestimated effort and were delivered late
22% underestimated effort but estimated the delivery date accurately
13% overestimated effort (so it does happen!)
8% estimated the effort accurately but the project was delivered late
1% came in more than 10% below the estimate for both effort and delivery date

If a 20% leeway is allowed - 44% of projects came within that allowance for both estimates.


Here is a blog covering IT failures by ZDNet


From Wired Magazine: Histories Worst Software Bugs 2012

July 28, 1962 -- Mariner I space probe. A bug in the flight software for the Mariner 1 causes the rocket to divert from its intended path on launch. Mission control destroys the rocket over the Atlantic Ocean. defect in equation code caused miscalculation of trajectory.


1982 -- Soviet gas pipeline. Defect in a Canadian computer system purchased to control the trans-Siberian gas pipeline. The Soviets had obtained the system as part of a wide-ranging effort to covertly purchase or steal sensitive U.S. technology. The resulting event is reportedly the largest non-nuclear explosion in the planet's history.


1985-1987 -- Therac-25 medical accelerator. A radiation therapy device malfunctions and delivers lethal radiation doses at several medical facilities. Based upon a previous design, the Therac-25 was an "improved" therapy system that could deliver two different kinds of radiation: either a low-power electron beam (beta particles) or X-rays. The Therac-25's X-rays were generated by smashing high-power electrons into a metal target positioned between the electron gun and the patient. A second "improvement" was the replacement of the older Therac-20's electromechanical safety interlocks with software control, a decision made because software was perceived to be more reliable.  Defect caused a "race condition," causing misconfiguration. At least five patients died; others are seriously injured.


1988 -- Buffer overflow in Berkeley Unix finger daemon. The Morris Worm infected between 2,000 and 6,000 computers in less than a day by taking advantage of a buffer overflow. The specific code is a function in the standard input/output library routine called gets() designed to get a line of text over the network.


1988-1996 -- Kerberos Random Number Generator. Improper seeding yielded a non-ramdom seed.For eight years this made the algorthm insecure. allowing trivial break into any computer that relies on Kerberos for authentication.


January 15, 1990 -- AT&T Network Outage. A bug in a new release of the software that controls AT&T's #4ESS long distance switches causes these mammoth computers to crash when they receive a specific message from one of their neighboring machines -- a message that the neighbors send out when they recover from a crash.


One switch crashed and rebooted, causing neighboring switches to crash, then their neighbors' neighbors, and so on. Soon, 114 switches are crashing and rebooting every six seconds, leaving an estimated 60 thousand people without long distance service for nine hours.


1993 -- Intel Pentium floating point divide. A silicon error causes Intel's highly promoted Pentium chip to make mistakes when dividing floating-point numbers that occur within a specific range. 3 to 5 million defective chips in circulation: cost Intel $475 million.


1995/1996 -- The Ping of Death. A lack of sanity checks and error handling in the IP fragmentation reassembly code makes it possible to crash a wide variety of operating systems by sending a malformed "ping" packet from anywhere on the internet. Windows "blue screen of death" when they receive these packets. But the attack also affects many Macintosh and Unix systems as well.


June 4, 1996 -- Ariane 5 Flight 501. Working code for the Ariane 4 rocket is reused in the Ariane 5, but the Ariane 5's faster engines trigger a bug in an arithmetic routine inside the rocket's flight computer. The error is in the code that converts a 64-bit floating-point number to a 16-bit signed integer. The faster engines cause the 64-bit numbers to be larger in the Ariane 5 than in the Ariane 4, triggering an overflow condition that results in the flight computer crashing.



November 2000 -- National Cancer Institute, Panama City. In a series of accidents, therapy planning software created by Multidata Systems International, a U.S. firm, miscalculates the proper dosage of radiation for patients undergoing radiation therapy. At least eight patients die, while another 20 receive overdoses likely to cause significant health problems. The physicians, who were legally required to double-check the computer's calculations by hand, are indicted for murder.



See Software Project Failures Cost Billions Part 1