Poor Software Quality Costs US $2.08tn
Poor-quality software cost America over $2tn last year, according to a new report by the Consortium for Information & Software Quality (CISQ).
The "Cost of Poor Software Quality in the US: A 2020 Report," which was co-sponsored by American software company Synopsys, found that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08tn.
Researchers looked at poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt, and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.
Operational software failure was determined to be the leading driver of the total CPSQ. CISQ estimated the cost of operational software failure in the US in 2020 as $1.56tn, a figure that has increased 22% since 2018.
The next largest growth area of the CPSQ, estimated at $260bn, was unsuccessful development projects, the cost of which has risen 46% since 2018.
Unmitigated flaws in the software were reported as the primary underlying cause of operational software failure, while a lack of attention to quality was "a consistent theme" among the causes of unsuccessful development projects.
"Software quality lags behind other objectives in most organizations," wrote CISQ. "That lack of primary attention to quality comes at a steep cost, which is revealed in this report.
"While organizations can monetize the business value of speed, they rarely measure the offsetting cost of poor quality."
CISQ advised software shops to avoid unsuccessful projects by not creating arbitrary schedules. It further advised shops to "pay attention to defined quality objectives and measure against those objectives throughout a project's lifecycle."
Researchers put the CPSQ associated with operating and maintaining legacy software at $520bn, down from $635bn in 2018.
"As poor software quality persists on an upward trajectory, the solution remains the same: prevention is still the best medicine," said Joe Jarzombek, director for government and critical infrastructure programs at Synopsys.
"It's important to build secure, high-quality software that addresses weaknesses and vulnerabilities as close to the source as possible. This limits the potential damage and cost to resolve issues."