TrainingConferencesAbout UsContact UsAdvertiseSQE.comRSS Feed
StickyMinds.com: brain food for building better software

Log In

Search For:
 Clarify Your Search Criteria

Tips on Using Our Search Feature(s)
 
StickyMinds.com Home
ResourcesTopicsCommunityPowerPassBlogs
Home  >  Detail: Real Money



A StickyMinds.com Original
Article Picture
Real Money

By Linda Hayes

Send This Content to a FriendGet a Short Link to This ContentPrint This ContentSee User Comments About This Content

Summary: According to a new government report, inadequate software testing costs the US economy $59.5 billion a year. How’s that for proof that software testers perform a vital service? If you’d like to know how that number was derived, read on as Linda Hayes unwraps some of the methodology behind the study.

Editor's Note: The editors at StickyMinds saw this report and asked Linda to write a column about it. Special thanks to her for tackling the lengthy NIST report and delivering this column on short notice.


HP
If you have been struggling with making a business case for more and better testing, you now have an ally in the form of the National Institute of Software and Technology (NIST), which is part of the Department of Commerce Technology Administration. In their 300+ page report released in May of this year, the NIST estimates that inadequate testing costs the US economy $59.5 billion a year.  
 
As staggering as that amount is, I initially thought the number was too low, considering that USA Today previously estimated the annual loss at $100 billion. But then I realized that the NIST was strictly looking at the costs to developers and users of fixing defects and not to the costs to the business in the form of lost revenue or productivity. But whether it is $100 billion or $59.5 billion, as they say in Texas: A billion here, a billion there, pretty soon you’re talking about real money! 
 
But to understand what’s behind these numbers, and how to map them to your own organization, it’s important to understand the methodology and assumptions the NIST used. To download your own copy, go to www.nist.gov/director/prog-ofc/report02-3.pdf, or for a free printed version send an email to dherbert@nist.gov and ask for Planning Report 02-3. 
 
Methodology 
The NIST surveyed two industries that are heavily dependent on technology: transportation manufacturing and financial services. These two categories represent hard and soft goods: transportation-manufacturing systems are used to produce tangible goods, and financial-services systems are used to process electronic data. These differences account for some wide variations in the cost of defects, as you will see. The survey forms delivered to these industries are contained in one of the report appendices. 
 
The report then proposes a taxonomy of costs for software developers and users. Developer costs include labor costs to find and fix bugs, as well as the supporting software, hardware, and external services (think consultants) costs. For users, the costs included the time and resources invested to select software and install it, and the ongoing maintenance costs to detect and repair defects and any damaged data. 
 
Findings 
The report is extensive and there’s not room here to show you all of the findings. I’ll mention a few especially for testers. One caveat: for purposes of the report, testers are lumped in with developers. Try to overlook that if you can, otherwise it may become distracting. 
 
Early on, the report offers a definition of software testing that is…well, interesting. It says “Software testing is the process of applying metrics to determine product quality…(and) the dynamic execution of software and the comparison of the results against predetermined criteria.” This wording will probably launch the code review and walkthrough contingents into orbit. In defense of the report, though, it does go on about the difficulty in identifying and measuring quality attributes. At least they noticed. 
 
Next, it refers to a 1995 book that estimates the allocation of effort within the development cycle at 40% for requirements analysis, 30% for design, and 30% for coding and testing. I don’t know about you, but I think these numbers are wishful thinking. It also estimates that programmers spend 10% of their time testing, while software engineers spend 35%. The distinction between programmers and engineers is not spelled out, but I must be used to working with programmers. 
 
But the real meat of the report, at least in my opinion, is when it gets down to costs. First it offers the observation that we have all heard before—the sooner you find defects, the less they cost to fix. They offer an example of 1X cost to fix a defect in requirements and analysis, 5X to find in coding and unit test, 10X in integration and system test, 15X in beta test, and 30X in post-release. I’ve seen them much higher—as much as 1000X in production—but whatever. The point is made. 
 
Then, however, it attaches some real money. In the transportation manufacturing sector, the surveys indicated it cost 268.4 hours per major bug for repairs, $604,900 in lost data, and 1.5 months of delay in time to market. Then, somehow, it arrives at a cost per bug of $4,018,588. Don’t ask me to explain this last number, I can’t and they don’t. But it is impressive! 
 
In the financial services sector, those numbers are 18.4 hours per major bug for repairs, $1,425 in lost data, 1.5 months delay in time to market, arriving at a cost per bug of $3,293. We can only assume that the huge difference between these two industries is the difference between repairing defects in manufactured goods versus electronic data—the former is far more costly to fix than the latter, and has a much longer useful life. 
 
Finally, the report boils it down to the cost per developer/tester of inadequate testing: $69,945, of which about half could be avoided through “feasible” improvements. Wow! I see some raise requests on the horizon. But guess what? Only 36% of the costs affect developers—the 64% majority affect users. Maybe we have been pitching quality to the wrong side of the house all along, and the latest trend of only doing IT projects that are user-funded will work in our favor. 
 
Meaning 
All in all, this report has the most value by validating what we have always known, and attaching real money to it. Whether you buy these numbers (or whether your management does), there is value in walking through the way they were derived, so that you can make your own business case. And get some real money.

About the Author
Linda Hayes is the founder of three software companies including AutoTester in 1986, which delivered the first automated testing program for the IBM PC. Linda has pioneered automated test tools. Her new company, Worksoft, offers Certify, which represents the next generation of enterprise-level test automation. Worksoft also offers a free online newsletter called "Reality Check," which provides links to articles, white papers, and other compelling information on testing. A frequent industry speaker and award winning author, she publishes the monthly Quality Quest column for Datamation, wrote the Automated Testing Handbook, and co-edited Dare to be Excellent with Alka Jarvis on best practices in the software industry. You can contact Linda at Linda@worksoft.com.

Back to Top 

StickyMinds.com Weekly Column From 9/9/02 

Member Comments
Add Your CommentExpand Comments
 
Comment:    
by James Bach 9/10/2002

I think Linda has been taken in by a slick marketing document that looks like science. The study is flawed in its basic reasoning, as well as in how it gathered its data. A detailed critique of the study, including comments by Bret Pettichord, Cem Kaner, Doug Hoffman, and myself can be found at http://www.satisfice.com/nist.htm. Please, friends, let's hold ourselves to a higher intellectual standard.

Author's Response: 9/13/2002    
Although there is no question this report is imperfect, there is also no question that a significant investment of time and effort was made, and also that there was involvement of a reasonable sample of companies. The key is not what is wrong with this report (or any report, for that matter), but how we can use the information (and credibility of the NIST) it provides to help.

 
 
Comment:    
by Nicki Lynch 9/10/2002

Thank you for pointing out the research NIST is doing on software development. Having worked there a number of years ago, I know how much research is done and reported. Unfortunately, NIST does not get the notice it should for its work. I also have correction on the name - the "S" is for "Standards" not "Software". Congress changed the agency's name from the Bureau of Standards to the National Institute of Standards and Technology about 12 years ago.

Author's Response: 9/13/2002    
Thanks for the QA, Nicki. I agree that the NIST deserves credit for at least trying to quantify the cost of inadequate testing.

 
 
Comment:    
by Bret Pettichord 9/10/2002

As much as i would like to see a study proving that we need more testing, i also found the NIST study flawed. The biggest problem that i noticed was that that they equated the costs due to defects as the cost due to inadequate testing. You could just as easily call this number the cost due to sloppy development. Better testing would surely find more of these problems, but the best solution is probably a mix of more testing with other software engineering practices: reviews, design, configuration management, requirements, etc. It contains no argument for its conclusion that testing is the best, much less the only, solution. Consequently it...Read On

 
 
Comment:    
by Heather Martin 9/9/2002

It's an interesting report, but I find something deeper in it. Search the report for "certification" and "certified". NIST is pitching certification for testing software. Some examples from the text (italics are theirs): ------------------------ "An improved software testing infrastructure may include certification tests and metrics that would enable end users to compare quality across different venders’ products. These certification tests would increase the responsiveness (elasticity) of end-users’ demand to changes in software quality. Increasing the responsiveness of the end-users’ demand curve provides greater incentive for software...Read On

Author's Response: 9/13/2002    
Good catch, Heather. Now if only they would tell us what "certification" means!

 
 
Comment:    
by Gerold Keefer 9/9/2002

from a former review of the study i posted to a mailing list: 1. the study is based on 2 surveys with roughly the same contents. one conducted in the automotive/transportation and aerospace industry and the other conducted in the financial industry of the US. 2. the survey respondends are primarily *users* (179/98) of software, not producers (10/4). 3. based on the survey data the study calculates per-employee costs associated with bugs for users (automotive-aero/finance) and producers and potential cost savings through an improved "feasible testing infrastructure". 4. they finally come up with $59.5 billions in costs...Read On

 
Back to Top



 
Ads By Google
What's This?
 
 

Home   |   Resources   |   Topics   |   Community   |   PowerPass



© 2010 StickyMinds.com. All rights reserved.
StickyMinds.com is a division of Software Quality Engineering.
Privacy Policy    Terms & Conditions    Link to StickyMinds.com    Feedback
Seapine




Agile Development Practices 

STARWEST