The average software application has more than $1m of trouble buried inside it, and government apps are the worst, says a software quality analyst.
In the largest study to date of the structural quality of IT applications, Cast Inc found that it would cost more than $1m (£668,000) to fix a conservative number of bugs that remain in an the average business application once it is running.
The cost of fixing these problems, often called technical debt, was a primary contributor to an application's cost of ownership, and a driver of the high cost of IT, Cast said.
The study also showed that applications in government agencies scored lowest in changeability, meaning they were harder to fix. Cast said this was probably why market analyst Gartner had found that governments spend 73% of their IT budgets on maintenance.
"There are many plausible explanations for this," said Bill Curtis, Cast's chief scientist and senior vice-president. "These include multiple contractors working on different parts of an application, contractual disincentives for delivering high quality software, and the need for better software acquisition practices and management."
Cast used automated analysis tools to measure the structural quality of 288 IT applications from 75 companies from a different industries. The study looked at some 108 million lines of code.
Based on data from the automated analysis, Cast estimated which problems would be fixed and how much it would cost, revealing an average cost of nearly $2.82 per line of code. The average-sized application in the survey had 374,000 lines of code, translating into technical debt of over $1,055,000 per application.
In Cast's sample, 75% of the government applications were outsourced compared to 51% of applications in the private sector.
Cast also found that the applications that IT consultancies build for their own internal use were much higher in quality and changeability than the ones they delivered to clients.
"The study showed that software quality scores tended to be highest where there was a business mandate, such as higher security scores for the core business applications that run financial services," said Curtis.
He said technical debt was a risk decision for IT executives. CIOs could invest in fixing bugs now, or risk outages, breaches, or other problems that could cost far more than the fix.
"In any event, technical debt represents waste, resources they could have invested in developing new competitive functionality rather than reacting to emergent problems," Curtis said.
The study also found big differences in the quality of code produced by different coding systems. SAP's ABAP created up to 30 times fewer violations than C or C++, and 10 times less than Microsoft's .Net, Cast found.