A technology consortium dedicated to improving the reliability and
security of commercial software has been formed by a group of US
businesses and academics.
Microsoft, Oracle and Cisco have teamed with insurance groups such
as American International Group (AIG), banks, and mission-critical
software users such as NASA to launch the Sustainable Computing
Consortium (SCC).
The new outfit will be co-ordinated from Carnegie Mellon University
in Pittsburgh and will work to initiate public policy debates and
create standards and techniques for developing more reliable
software.
"Software systems have become the critical infrastructure of our
nation and economy. Unreliable software has profound consequences,"
said William Guttman, director of the SCC.
He said that the loss of a single mobile telephone network node
because of a software failure could cost a company £12,300 or more
per minute.
Recent statistics from the Washington-based National Research
Council show that US companies spent £120bn last year to repair
damages caused by software defects and £8.5bn to repair systems
affected by computer viruses. SCC officials said those costs are
likely to rise this year.
However, the software industry has been slow to take action on
reliability and security issues, said Jim Morris, dean of the
school of computer science at Carnegie Mellon.
Steve Perkins, senior vice-president of Oracle's US public sector
and homeland security division, agreed. "Software, as an industry,
is pretty immature," Perkins said. "We lack the metrics, the
standards and the discipline, [and] these kinds of capabilities
cannot be architected [into software] after the fact."
Morris was optimistic that things can change. "We now have all of
the players who can address these problems," he said, adding that
the SCC will be recruiting other companies to take part.
Ty Sagalow, chief operating officer at AIG's eBusiness Risk
Solutions group, one of the largest US companies offering security
risk insurance, said the insurance industry would play an important
role in promoting "positive behaviours" in software
developers.
However, Sagalow added, the SCC will be key in helping the industry
quantify cyber risks. "We must act now," he said. "There is a
business need to create a cycle of risk management."
Guttman said the consortium hopes to define specific challenges and
a plan for developing technological measurements within the next
year. He would not spell out specific deliverables and timetables.