Consortium strives to boost software reliability

A technology consortium dedicated to improving the reliability and security of commercial software has been formed by a group of...

A technology consortium dedicated to improving the reliability and security of commercial software has been formed by a group of US businesses and academics.

Microsoft, Oracle and Cisco have teamed with insurance groups such as American International Group (AIG), banks, and mission-critical software users such as NASA to launch the Sustainable Computing Consortium (SCC).

The new outfit will be co-ordinated from Carnegie Mellon University in Pittsburgh and will work to initiate public policy debates and create standards and techniques for developing more reliable software.

"Software systems have become the critical infrastructure of our nation and economy. Unreliable software has profound consequences," said William Guttman, director of the SCC.

He said that the loss of a single mobile telephone network node because of a software failure could cost a company £12,300 or more per minute.

Recent statistics from the Washington-based National Research Council show that US companies spent £120bn last year to repair damages caused by software defects and £8.5bn to repair systems affected by computer viruses. SCC officials said those costs are likely to rise this year.

However, the software industry has been slow to take action on reliability and security issues, said Jim Morris, dean of the school of computer science at Carnegie Mellon.

Steve Perkins, senior vice-president of Oracle's US public sector and homeland security division, agreed. "Software, as an industry, is pretty immature," Perkins said. "We lack the metrics, the standards and the discipline, [and] these kinds of capabilities cannot be architected [into software] after the fact."

Morris was optimistic that things can change. "We now have all of the players who can address these problems," he said, adding that the SCC will be recruiting other companies to take part.

Ty Sagalow, chief operating officer at AIG's eBusiness Risk Solutions group, one of the largest US companies offering security risk insurance, said the insurance industry would play an important role in promoting "positive behaviours" in software developers.

However, Sagalow added, the SCC will be key in helping the industry quantify cyber risks. "We must act now," he said. "There is a business need to create a cycle of risk management."

Guttman said the consortium hopes to define specific challenges and a plan for developing technological measurements within the next year. He would not spell out specific deliverables and timetables.

Read more on IT risk management