History of Software Failure

History of Software Failure

The history of software development is an incredible success. Just look around us for evidence of that. But that success has a long, dark shadow that we don’t talk about very much: it’s littered with huge failures. What’s particularly disturbing is that the vast failures keep recurring year after year. The names and dollar amounts may vary, but the story is otherwise the similar. Most software projects fail fully or partially because they don’t meet all their requirements. These requirements can be the cost, time, quality, and software functional or non-functional requirements. According to many studies, the failure rate of software projects ranges between 50% - 80%. To cope these problems software development process is used. The software development process easily utilizes the resource and minimizes the risk. 

The latest report, notes that success in 68 percent of technology projects is unbelievable. Low requirements analysis causes many of these failures, meaning projects are damned right from the start. According to IBM study, only 40% of projects meet schedule, budget, and quality goals.  Further, they found that the biggest barriers to success are people factors. Geneca, a software development company, noted from its studies that fuzzy business objectives, out of sync stakeholders and excessive rework mean that 75% of project participants need confidence that their projects will succeed.

On Mars mission in 1998 the Climate Orbiter spacecraft was eventually lost in space. Although the failure confused engineers for some time it was exposed that a sub contractor on the engineering team failed to build a simple conversion from English units to metric. An uncomfortable lapse that sent the $125 million craft deadly close to Mars surface after attempting to stabilize its orbit too low. Flight controllers think the spacecraft ploughed into Mars atmosphere where the connected stresses crippled its interactions, leaving it hurtling on during space in an orbit around the sun.

In 1996, Arian-5 space rocket, developed at the cost of $7000 million over a time of 10 years was destroyed within less than a minute after its launch. The crash occurred because there was a software bug in the rocket guidance system. In 1996, one of the largest banks of US credited accounts of nearly 800 customers with approximately $924 1acs. Later, it was detected that the problem occurred due to a programming bug in the banking software.

Year 2000 (Y2K) problem refers to the extensive snags in processing dates after the year 2000. The roots of Y2K problem can be traced back to 1960-80 when developers shortened the 4-digit date format like 1972 to a 2-digit format like 72 because of limited memory. At that time we did not realize that year 2000 will be shortened to 00 which is less than 72. In the 1990s, experts began to understand this main shortcoming in the computer application and then millions were spent to grip this problem.

The Northeast blackout in 2003 has been one of the main power system failures in the history of North America. This blackout involved failure of 100 power plants due to which almost 50 million customers faced power loss that resulted in financial loss of approximately $6 billion. Afterward, it was determined that the main reason behind the failure was a software bug in the power monitoring and management system.

In 2004, EDS introduce a highly complex IT system to the U.K.’s child support agency (CSA). At the same time, the department for work and pensions (DWP) decided to reorganize the entire agency. The two pieces of software were totally incompatible and permanent errors were introduced as a result. The system someway managed to overpay 1.9 million people, underpay another 700,000, had $7 billion in uncollected child support payments, 36,000 latest cases stuck in the system, a backlog of 239,000 cases, and has cost the UK taxpayers over $1 billion to date.

Bitcoin Hack, Mt. Gox Launched in 2010, Japanese bitcoin exchange, Mt. Gox, was the main in the world. Once being hacked in June, 2011, Mt. Gox stated that they’d lost over 850,000 bitcoins (value around half a billion US dollars at the time of writing). Although around 200,000 of the bitcoins were recovered, Mark Karpeles admits “We had weaknesses in our system and our bitcoins vanished.” Leaving thousands of Mt. Gox clients out of pocket, 32 year old, France born, Mark Karpeles is presently on trial for embezzlement and a number of other charges. Karpeles has pled not guilty but if found guilty, Karpeles could be sent to jail for up to 5 years and fined up to ($4000) .

Millions of TSB customers were locked out of their accounts after an IT upgrading led to an online banking outage.  A planned system upgrade was estimated to shut internet and mobile banking services down for one weekend in April 2018 but ended up causing months of disturbance. The problems arose from TSB’s shift to a novel banking platform following its divide from Lloyds Banking Group. Instantly after the latest system was switched on numerous users experienced problems logging in while others were revealed details from other people’s accounts or erroneous credits and debits on their own. Customers remained locked out of their accounts two weeks once the primary outage. In July 2018, TSB was still working its way through the backlog of complaints when a different outage struck, locking customers away of their online accounts once again. TSB claimed that the crisis was resolved later that day but the debacle will crack the bank’s relationship with parent company Sabadell.

In 2018, hospital staff and doctors of the Wales NHS qualified a widespread computer failure that led to them being incapable to access patient files. According to the national cyber security centre, the failure was owed to technological issues as opposed to a cyber attack however it still caused wide disturbance as unable to access blood, X-Ray results, and etc. It also caused a backlog as patients could not be contacted to cancel appointments and notes could not be typed up and saved on NHS systems . 

The reasons for software failure refer to the lack of presence of success factor for the software project. Some important factors for software failure:

1. Inadequate Project Planning: Project planning is a central part of project management and it is the responsibility of the project manager to set an appropriate plan for the project.
2. Scope Creep: Scope creep refers to change in scope of the project and also known as requirement creep or feature creep. The scope is the work required for a project. Scope creep refers to how the requirements of a project keep on varying over a project lifecycle. 
3. Use of Unpracticed Tools and Techniques: Good tools and techniques are required for the success of a software project. A universal illusion is made by the project manager and team leader to utilize unpracticed tools and techniques at the preliminary of project.
4. Shortage of Resources/Requirements: Every project requires some resources according to requirement and need. The quantity of resources depends on the size and scope of the project. Sometimes, the project is unreachable due to the shortage of resources and necessary requirements.
5. No or Poor Risk Management: At present, we have to deal with some real facts in project management. Poor or no risk management has the capability to influence the project management. Project failure is the worst case of poor risk management. Some of the most vital influences on the poor risk management are given as:

• Project failure
• Slow- running projects
• Risk of reputation damage
• Superfluity budget
• Unresponsive customers and less user adoption
• Inactive benefits

Poor risk management is one of the major contributors to project failure and had a negative impact on project success.

6. Lack of User Engagement: A project which is aimed at developing various products is going to have especial users i.e. a group of people who does business at the organization.

7. Poor Controlling and Monitoring: Controlling and monitoring are the necessary parts of project management. A project can succeed only when there is suitable governance for the project management. Without proper planning and monitoring, the project may fail. The absence of controlling and monitoring impacts the project in many ways:

• Difference in cost, scope, and schedule baselines
• Project may not be finished on time as expected
• Quality of the output can be degraded
• Organization figure will damage
• Opposition between project team can be raised
• Poor project performance
• Unsatisfied user

8. Inexperienced Project Managers: Project failure is a widespread term that every project manager wants to split from. No one craves to take the responsibility of project failure as it may blot his career record. But if a project fails, then it simply means that project manager did a unfortunate job. Ensure that the project manager has sufficient knowledge of what the best techniques are because hiring of well skilled project manager can’t be mislaid.

9. Ineffective Communication: Project team knows their manager only through his communications. Whether it a project, an operation or personal life, communication plays an important role. Without communication, we are executing tasks in the dark area. Project managers should develop a communication plan. Even time to time meet-ups should be planned to discuss the project performance.
 
10.Poor Project Management: When there is no proper management for project then the project may fail due to poor management. If a project is decently staffed, proper planning, have a good WBS, availability of resources, proper scheduling, and the support of sponsors but even gets fail then the simply reason behind it is that project management was poor.
Fortunately, all is not gone.  Here are five steps to improving the people based factors affecting IT delivery:

1. Freeze the technology/business relationship via governance
2. Integrate technology intro strategic planning
3. Set and share a simple, multi-year roadmap for overall business strategy
4. Establish an open planning process
5. Teach and promote communication and relationship skills

We believe if we view IT projects as not just a technology problem and consider the people factors then software organization will boost its implementation success, create better relationships, and maximize its return on investment (ROI). So, it becomes important for the project manager to know which factors can result in project failure. It will help to focus on those factors while managing the software project.

References: "Systems and Software Process", published by Narosa Publication Delhi 2020

Read More

Software Coding and Module Testing

SOFTWARE CODING AND MODULE TESTING

Software coding and implementation stage of software development is the process of converting a system specification into an executable system. It always involves programming to develop software product. During the coding, the project team creates the actual product. Software development can be an exciting phase for the user because their idea for the software becomes impressive product. Project developers and programmers commence building and coding the software. If requirements are gathered correctly and software designed accurately, the coding process is more efficient. Project teams are better capable to meet software coding deadlines when the accurate information is gathered straight from the user.

In business programming it is general principle that each system application is so unique that it must be designed and coded from the beginning. So, prewritten reusable modules cannot be designed, coded, and reused. A code editor is also called an IDE. An IDE is a software application for formatting code, checking syntax, as well as running, and testing code. Some IDEs can work with many programming languages while some are extremely specific for only one language. Programmers use an IDE for checking syntax, formatting code, and testing programs. The common steps for writing a program include the following:

• -Understand the problem you are trying to solve

• -Design a solution

• -Draw a flow chart

• -Write pseudo code

• -Then write code

• -Test and debug

• -Testing with real-world users

• -Release program

• -Iterate the steps for the next version

  Computer code is fundamentally a list of instructions and commands that can be run by a certain program. Mainly code consists of plain text documents so they can be used for numerous different programs. A unique file extension is given to the document to specify the nature of the code. For example: a file created using Python is saved with a .py extension, like ‘program.py.’ However, the real content of the file is still just simple text. Table  shows hello word program in C, C++, Java, Python, and Mathematica.

  Table  Hello word program in C, C++, Java, Python, and Mathematica

  #include #include class Hello { print("Hello Print ["Hello <stdio.h> <iostream> world") world"]

Activities of Software Development Process 

main () { printf("Hello world"); }

main() { std::cout << "Hello world\n"; }

public static void main(String[] args) { System.out.println("Hello world");} }

Above table shows how hello world is printed using C, C++, Java, Python, and Mathematica.

Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Test techniques contain but are not restricted to the process of executing a program through the aim of finding software bugs. There are black box testing, grey box testing, and white box testing methods that can be used for software testing. Functional and non- functional levels of testing include diverse methodologies that can be used for conducting software testing . There are numerous approaches in software testing. Reviews, walkthroughs, and inspections are referred as static testing whereas essentially executing programmed code with a given set of test cases is called as dynamic testing. Mainly there are three levels of testing such as: unit testing, integration testing, and system testing.

Documentation for testing help estimating the testing effort, test coverage, requirement tracing. Most commonly used documented artifacts are: test case, test plan, test scenario, and traceability matrix. Test cases involve a set of conditions, steps, and inputs that can be used for performing testing tasks. Test plan outlines the plan that will be used to test software. Test scenarios used to guarantee that all process flows are tested from end to end. Traceability matrix (Requirement Traceability Matrix, RTM) is a table which is used to trace the requirements during the development cycle. It can be used for forward tracing (from requirements to design or coding) or backward (from coding to requirements). In traditional waterfall model, testing is performed by an independent group of testers. This can be done after the functionality is developed but before it is delivered to the user. However even in waterfall model unit testing is regularly done by the software development team still when further testing is done by a separate testing team. In comparison of some emerging software development techniques such as: extreme programming (XP) and agile software development hold to a ‘test-driven software development’ model. In this software process, unit tests are written initial, by the software engineers. Unit tests are maintained along with the rest of the software code and generally integrated into the build process. The vital goals of this test process are to sustain continuous integration and reduce defect rates. This method increases the testing effort done by development process before reaching any formal testing team. In other development models most of the test execution occurs after the requirements have been defined and coding process has been completed.

Module testing is the testing of entire code objects as created by the compiler when built from source. Modules are completely formed chunks of coherent source code that can usually be tested by driving a few purpose signatures with different stimulus. Module testing is a process of testing the individual subprograms, classes, subroutines, and procedures in a program. As a replacement for of testing whole software program at once, module testing proposes testing the smaller building blocks of the program. Module testing is principally a white box oriented. The objective of module testing is not to exhibit proper functioning of the module but to reveal the existence of an error in the module. Module testing allows to apply parallelism into the testing process by giving the prospect to test several modules simultaneously. Module testing is suggested because probability of identifying bugs or errors on smaller chunks of program becomes high, multiple modules can be tested concurrently thus supports parallel testing and complexity of testing can be effortlessly managed. Table shows the difference between module testing and unit testing

Table  Module Testing vs. Unit Testing

Module Testing

Module testing may be engage combining the units test.

Unit Testing

Unit Testing might be testing units in separate form.

Module tests are a set of tests written by a tester after some code has been written by a software developer.

Unit tests are a compilation of tests written by a developer through the software development process.

So basically module testing is a non-incremental testing which requires more work for debugging test, misunderstanding test doubles, and need to understand the code.

Reference 

Book : Systems and Software Process, Narosa Publishing House Pvt. Ltd. New Delhi 2020, ISBN 978-81-8487-661-1

Read More

Security Attacks

A Security Attack is an unauthorised attempt to steal, damage, or expose data from an information system such as your website. Active and Passive Attacks are security attacks. 

In an Active attack, an attacker tries to modify the content of the messages.  A passive attack is an attack on a system in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The passive attack, an attacker observes the messages, copy them and may use them for malicious purposes. ... Passive Attack is dangerous for Confidentiality.

How serious is a particular attack type, is depends on two things, how the attack is carried out and what damage is done to the compromised system. An attacker being able to see code on his machine is probably the most serious kind of attack for a home user. For an e-commerce company, a denial-of-service (DOS) attack or information leakage may be of more immediate concern. Each vulnerability that can lead to compromise can be traced to a particular category, or class of attack. The properties of each class give you a rough feel how serious an attack in that class is, as well as how hard it is to defend against.

We examine seven categorised attack types. These seven attack types are the general criteria used to classify security.

1. Denial-of- service
2. Information Leakage
3. Regular file access
4. Misinformation
5. Special field/database access
6. Remote arbitrary code executing
7. Elevation of privileges

Denial-Of-Service :

A DOS attack takes place when availability to a resource is intentionally blocked or degraded by an attacker. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.

Information Leakage: 

Information leakage can be likened to leaky pipe. Whenever something comes out, it almost always undesirable and results in some sort of damage. Information Leakage is a category of software vulnerabilities in which information is unintentionally disclosed to end-users, potentially aiding attackers in their efforts to breach application security.  The key criteria for Information Leakage is that the exposure is  unintentional and useful to attackers.

Regular File Access: 

Regular file access can give an attacker several different means from which to launch an attack. Regular file access may allow an attacker to gain access to sensitive information, such as the usernames or passwords of users on a system.

Misinformation:

Misinformation is false or inaccurate information that is communicated regardless of an intention to deceive. Examples of misinformation are false rumors, insults. For example Military wants to make his forces seem like less of a threat than they really are. Military hides his heavy weapons, and the greater part of his infantry while allowing visibility of only a small portion of his force. 

Special File/Database Access:

Methods used to gain access to a system are through special files and database access.

Remote Arbitrary Code execution:

Remote code execution is the ability an attacker has to access someone else's computing device and make changes, no matter where the device is geographically located. ... The best way to protect a computer from a remote code execution vulnerability is to fix holes that allow an attacker to gain access.In computer systems, arbitrary code execution refers to an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. a remote code execution vulnerability is to fix holes that allow an attacker to gain access. In computer systems, arbitrary code execution refers to an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process.

Read More