July 2002

Why Software Is So Bad

Continued from page 3

By Charles C. Mann

Higher Standards

In January, Bill Gates issued a call to Microsoft employees to make "reliable and secure" computing their "highest priority." In what the company billed as one of its most important initiatives in years, Gates demanded that Microsoft "dramatically reduce" the number of defects in its products. A month later, the company took the unprecedented step of suspending all new code writing for almost two months. Instead, it gathered together programmers, a thousand at a time, for mass training sessions on reliability and security. Using huge screens in a giant auditorium, company executives displayed embarrassing snippets of flawed code produced by those in the audience.

Gates's initiative was apparently inspired by the blast of criticism that engulfed Microsoft in July 2001 when a buffer overflow-a long-familiar type of error-in its Internet Information Services Web-server software let the Code Red worm victimize thousands of its corporate clients. (In a buffer overflow, a program receives more data than expected-as if one filled in the space for a zip code with a 50-digit number. In a computer, the extra information will spill into adjacent parts of memory, corrupting or overwriting the data there, unless it is carefully blocked.) Two months later, the Nimda worm exploited other flaws in the software to attack thousands more machines.

Battered by such experiences, software developers are becoming more attentive to quality. Even as Gates was rallying his troops, think tanks like the Kestrel Institute, of Palo Alto, CA, were developing "correct-by-construction" programming tool kits that almost force coders to write reliable programs (see "First Aid for Faulty Code" ). At Microsoft itself, according to Amitabh Srivastava, head of the firm's Programmer Productivity Research Center, coders are working with new, "higher-level" languages like C# that don't permit certain errors. And in May, Microsoft cofounded the $30 million Sustainable Computing Consortium-based at Carnegie Mellon-with NASA and 16 other firms to promote standardized ways to measure and improve software dependability. Quality control efforts can pay off handsomely: in helping Lockheed Martin revamp the software in its C130J aircraft, Praxis Critical Systems, of Bath, England, used such methods to cut development costs by 80 percent while producing software that passed stringent Federal Aviation Administration exams with "very few errors."