Every now and again I'll come accross an article purporting to express the cost of software failures.
They'll throw out a number, I dunno, say "
billions and billions."
Typically this number comes from some survey done by the federal
government that we do not have access to - or some consulting group that
will sell the actual report for a few hundred dollars.
What they actually mean by cost is never really discussed in detail. I
mean, are we talking about the sales lost by the software development
company? Or the downtime from fixing the defects when the team could be
building new, sell-able systems?
Does that number include the cost in lost productivity on the customers side?
For that matter, does it subtract the extra time and money that would have been spent to prevent the defect in the first place?
When I read these reports, I often end up with more questions than answers.
Every now and again, though, we come across a bug with a very specific
cost -- say, for example, a bug limiting the deployment of software,
that could sell at so many thousands of dollars for every day. If it's
ten days late, we can multiply to find the cost of the bug. (Again
that's a trivial problem; it doesn't count that finding and fixing the
bug a day early would probably cost a day or so, or the opportunity cost
of the time spent fixing ... you get the point.)
Here's one example:
The security flaw in Google Buzz.
Yes, I know, old news, this came out last February you say. It is also
extremely hard to quantify the cost of two people I email, but don't
expect to know about, both seeing my status updates.
Besides that, google buzz is a
free service that ran on top of gmail, another
free service. It was released in
Beta, you say, for goodness sake, everybody knows beta is buggy. When people turned away for buzz, google didn't
lose
anything, really, except maybe some advertising revenue from pages it
now would not serve up -- and how to do you measure that, anyway?
How do you put a price tag on "damages" done by a free service, anyway?
Let's be honest, we are talking about inconvenience, nothing more.
C'mon, Heusser, we're talking on average, what, maybe a dime a person?
Maybe a dollar? Let's not get carried away.
Well, ok. Even so, I can still put a price on the security flaw in Google Buzz.
Eight and a half million dollars.
That's not fuzzy math; I did not multiply the number of people who used
gmail times ten cents to come up with it. This security bug is going to
objectively cost Google eight point five million dollars.
Here's the details, that I got in my in-box a few days ago:
Google rarely contacts Gmail users via email, but we are making an
exception to let you know that we've reached a settlement in a lawsuit
regarding Google Buzz (http://buzz.google.com), a service we launched within Gmail in February of this year.
Shortly after its launch, we heard from a number of people who were
concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case.
The settlement acknowledges that we quickly changed the service to
address users' concerns. In addition, Google has committed $8.5 million
to an independent fund, most of which will support organizations
promoting privacy education and policy on the web. We will also do more
to educate people about privacy controls specific to Buzz. The more people know about privacy online, the better their online experience will be.
Just to be clear, this is not a settlement in which people who use Gmail
can file to receive compensation. Everyone in the U.S. who uses Gmail
is included in the settlement, unless you personally decide to opt out
before December 6, 2010. The Court will consider final approval of the
agreement on January 31, 2011. This email is a summary of the
settlement, and more detailed information and instructions approved by
the court, including instructions about how to opt out, object, or
comment, are available at http://www.BuzzClassAction.com.
-----> Keep in mind, that doesn't include lawyers fees, or the
opportunity cost of re-writing, fixing, and revising Buzz code to add
security controls. It doesn't count lost ad revenue, or lost public
trust (if any).
That's simply an $8.5 Million cash write-off.
That said, I have to add that I admire the way Google runs it's business operations.
They have a ton of different buisness units, and those units take
risks. Every now and again, they'll have a slight embarrassment, but
they also have huge wins like Gmail, Adsense, Analytics, and Blogging.
To them, $8.5 Million isn't a huge deal.
But let me ask
If you work at a smaller company where $8.5 Million is a big deal, or if
you have a limited product line that can't afford any big blow-ups ...
well, thennext time someone challenges the value of testing, you might
want tell them the google buzz story and end it with this question:
"Google can afford an $8.5 Million write-off, maybe the failure of
one product line, a little egg on their face now and again. ... (look at
person) (pause) ... Can we?"