Heads up: 'Fixed' Y2K code has flaws
Review shows one error in every 2,000 lines.
February 23, 1999
by Thomas Hoffman
(IDG) -- Organizations spending tens or hundreds of millions of dollars to make their systems year 2000-ready are likely to end up with a software portfolio that still has some flaws.
So says Howard Rubin, a research fellow at Meta Group Inc. in Stamford, Conn., and a consultant at Cap Gemini America, a software house in New York. Following a two-month review of 20 million lines of code that were "fixed" by clients, Cap Gemini discovered an average of one error in every 2,000 lines of code that were remediated, Rubin said.
While Rubin has a vested interest in plugging Cap Gemini's auditing services, other year 2000 experts support his findings.
"It's a big problem. It's not easy to find every date field, especially in older legacy applications," said Carl Greiner, an analyst at MetaGroup, who is a supporter of independent verification.
To put a dollar figure on it, defects brought about during year 2000 repairs are expected to cost U.S. companies between $98 billion and $188 billion to fix, according to Dan Galorath, president of Galorath Inc., an El Segundo, Calif.-based software consultancy. Another way of looking at it: An organization with a portfolio of 100 million lines of code could end up with 50,000 programming errors.
The findings, obtained by Computerworld last week, reinforce the need for organizations to hire an independent auditor such as Cap Gemini or Andersen Consulting to review their remediated code for mistakes.
Of course, Cap Gemini has a self-interest in publicizing the error rate. "Don't independent organizations [like Cap Gemini] have something to gain? They'd like to come in and fix everything," said Rick Brown, a Linwood, Mass.-based contract programmer who's working on his fourth year 2000 project for a Pacific Northwest aerospace firm.
Still, the notion that fixing software produces a new batch of errors is well-known. And companies with hundreds of millions of lines of legacy software code "just can't catch it all," said John Stumpf, information systems director at Guinness Import Co. in Stamford, Conn.
Another option is to use independent verification and validation tools to sift through the code thought to be fixed and look for errors. Examples include the Exam 2000 package from Tominy Inc. in Cincinnati and Millennium CrossCheck from Data Integrity Inc. in Waltham, Mass.
The consequences for organizations that don't validate their software conversions "are scary," Stumpf said. "All it takes is one problem, and you're in trouble."
Because of the availability of auditing tools and the general knowledge about errors introduced through software remediation, "it's almost malpractice or negligence" for organizations not to have their work checked, Rubin said.
Most of the defects detected by Cap Gemini weren't "catastrophic" and didn't stop processing, Rubin acknowledged, but he said they would have caused glitches after Jan. 1, 2000.
Rubin advised companies to monitor those "nagging errors" that don't disable systems but can have ripple effects later, such as fouling up general ledger systems.
"My greatest fear is that most everything appears to work, but [below the surface] it doesn't," he said.
Ron O'Donoughue, year 2000 project manager at Royal Bank of Canada in Toronto, is a true believer in verifying year 2000 repairs by using automated tools, which he said are much faster and more accurate than manual methods.
For the 8 million lines of Cobol code the bank manually converted, it missed one to 14 dates per program, O'Donoughue said. But the automated tool the bank used didn't miss a single date field for the 22 million lines of code it scanned.
Independent verification, he said, is "cheap insurance, but it's valuable."
Not everyone is sold on independent checkups, however. Pluess-Staufer Industries Inc., a Proctor, Vt.-based carbon composites manufacturer, uses mostly packaged software. "We're trusting our own ability to test" the few custom software programs in the company's portfolio, said F. Allan Sylvester, information technology director.
Win 2000: New code will demand most applications be rebuilt
RELATED IDG.net STORIES:
Federal Y2K czar defends upbeat outlook
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.