The Shameful State of Software

Michael Frendo, February 8, 2019

Software, it is the lifeblood of the tech industry. Venture Capitalists love it because it takes a small investment to determine success or fast fail.  For $100-200K (sometimes even less), a functioning deploy-able prototype can often be built and market tested to see if there is any interest.  It can be done in the space of a few months or even a few weeks.

Higher level languages have also been developed that have accelerated the development rate and the readily available open source world has eliminated the need to rewrite the same functions over and over again. This has freed developers to focus on what is new.

Delivery of SW has been simplified and accelerated as well.  Gone are the days when SW was distributed by physical media like CDs or going back a bit further (not that much!) floppy disc. I realize in writing this we now have SW coders out there who have never seen a floppy disc. Today, small, medium and even large SW products can be delivered through the internet directly from enterprise development companies and/or through the many stores like the Apple App Store or the Google Play store.

All of this has served to democratize the market place, open it up to hundreds of thousands (even millions) of developers and create an opportunity for innovation never before seen globally.

The numbers bear this out. It is estimated that there are 111 billion lines of new software code generated by developers every year (according to the 2017 Application Security Report). There are currently more than 2 million apps available in both the App store and the Play store It is also estimated that 6000 or more new apps are released every day for Android and/or iOS. Add to this all the enterprise Apps, Windows, Linux and MAC apps, embedded apps, communications apps security apps and well…you get the point.

All this sounds pretty wonderful. Software is changing our lives in many positive ways…but is it all a good thing? There are underlying elements that are not so wonderful; the quality of SW, its stability, resiliency, and security are not nearly considered to the extent they should be. In our drive to “get stuff out there” and our new abilities to do so thanks to the universality of high speed connectivity, we have made huge sacrifices and take big risks in important aspects of SW.

Consider how often SW is updated these days. This used to take place once or twice a year, even once every several years in some cases. Most of these updates provide no new functionality. They are performance enhancements (because the performance sucks) or bug fixes.  They do not happen once or twice a year but often once or twice a month! If you set aside the bandwidth cost alone (which may seem minimal but is likely hundreds of millions of dollars when you add it all up), the cost to consumers in time, the possible negative interactions with other SW, the slight (sometimes not so slight) and sometimes annoying changes in behavior are all the price of the “ship now, fix it later mentality” that the SW world seems to have adopted. How often does an app “stop working” these days? How often does one upgrade lead to other necessary upgrades? How often do we now need to reboot to fix a problem?

All of this may be fine for games, or other non-mission critical apps, but not all apps fit this category and if the app affects other functions of the device and for example, causes a smart phone to require a reboot when an emergency occurs, what then?

It is all well and good to call a car an iPhone on wheels, but when we sometimes  see 2 SW updates a month, should that make us feel good about it, or safe?

When we have to turn off automatic security updates because a mission critical app may be running and may be affected, is that OK?

The fact is that SW quality in general is terrible. We all experience that every day and the situation does not appear to be getting any better. SW pressure to release seems to supersede a desire for quality. The ability to deliver updates daily has made the industry lazy.

In a meeting with an extreme agile shop I was told that they had no architecture for their product, the architecture would reveal itself over time. Would we build a house without a plan? Apparently that’s ok with SW. Many customers have stated that they feel like they are the test shop for new SW products, because they are! Others will not take a new version of code with needed new features in a mission critical environment until at least the third bug fix release. These are anecdotal but not unusual.

And the answer is not more testing (although better and more automated testing is always helpful). The answer is better up front design. The world seems to think that adding more coders to a product is always the answer to getting deliverables faster. My suggestion is read “The Mythical Man Month”. It was true 30 years ago and it is still true today.

This brings me to the topic of “coders”. There seems to be a misconception out there that if we teach someone a programming language, they are immediately qualified to design new systems. They may be able write code, but that does not make them SW engineers. The equivalent statement would be to claim that anyone who can speak and write in English should be Shakespeare! Coding is a skill, creating good SW systems is as much an art as a skill.

Will things get better? I hope for the sake of our critical infrastructure, our personal security and our safety that it does…..