CECS 7510 Assignment #2 Software Flaws and Faults

Name Gerardo E. Serrano Rodriguez

1. Find out as much information as you can about the number

software flaws found per

thousand lines of code for various commercial products and

industries. For example consumer products like cars and cameras
and software products like microsoft windows. How do different
industries compare? For example is there any difference between
NASA and Microsoft? How does the number of flaws change
throughout the software development life cycle?

Here is a table for the KLOC:

As we can see from the image depending on the company and the risk they
have to manage they can permit lower or higher flaws per thousand of lines
of code. Imagine that NASA has a higher percentage, they produce
spaceships that have to be controlled by systems and without connection to
make an update they must work with what they have in space. There was a
problem one time where the programmer forgot to convert from English to
standard units resulting in catastrophic losses, but if the project does not
have so much risk and can be updated then they can have a higher
percentage because it does not represent a higher treat and in addition
ensuring that it have a lower percentage will cost money and time.
The number of flaws usually decreases as the life cycle progresses because
you spent considerable amount of time in the early stages detecting errors,
because the earlier you detect the errors the less costly it will be to fix them.

2. Use the internet to find the 5 most costly software failures in

history. List them below with a brief description of the failure
including what exactly failed, how did it fail, the country where the
failure occurred and the estimated dollar amount of the loss.

1. Ariane 5 Flight 501 Failure

 Cost: Approximately $370 million

 What Happened: The European Space Agency's Ariane 5 rocket self-

destructed 37 seconds after launch. A wrong convertion number cause
an overflow and failure in the guidance system.

 Location: Guiana Space Centre in Kourou, French Guiana

2. Knight Capital Group Trading Glitch

 Cost: $440 million in 45 minutes

 What Happened: A faulty deployment of new trading software led to

a series of unintended trades meaning it traded for shares that were
not going to result in winnings, resulting in massive financial losses.

 Location: Jersey City

3. NotPetya Cyberattack

 Cost: Over $10 billion globally

 What Happened: Initially targeting Ukraine, the NotPetya malware

spread worldwide, damaging operations of major companies like
Maersk and FedEx. It exploited vulnerabilities in unpatched systems,
leading to widespread data encryption and operational disruptions.

 Location: Initially Ukraine, affected worlwide

4. Therac-25 Radiation Therapy Machine

 Cost: Multiple patient deaths and severe injuries

  What Happened: Software bugs in the Therac-25 radiation therapy
overdose patients with radiation, resulting in at least six accidents. The
incidents highlighted the dangers of software control in safety-critical
systems without adequate testing.

 Location: USA

5. Expeditionary Combat Support System (ECSS) – U.S. Air Force

(2005–2012)

 Cost: $1.1 billion before cancellation

 What Happened: The U.S. Air Force's attempt to implement an

enterprise resource planning system failed due to mismanagement and
integration issues. After seven years and over a billion dollars spent,
the system was deemed ineffective and the project was canceled.

 Location: USA

3. Use the internet to find information about the Therac-25 tragedy.

Describe what

happened and how it happened and why. What was the root cause
of the problem? Was it a design problem? A testing problem? A
hardware failure? A software failure? Operator error?
Documentation error? Please give a detailed analysis in answering
these questions.

The Therac-25 tragedy was a problem with radiation that occurred in the
USA. A Software bugs in the Therac-25 radiation therapy overdose patients
with radiation, resulting in at least six accidents. The incidents highlighted
the dangers of software control in safety-critical systems without adequate
testing. The problem with the software was that sometimes it does not
change correctly from low power to high power meaning that patients that
needed a low power sometimes receive the high power variation resulting in
receiving a higher radiation dose. A software design failure cause the
incident because they eliminated a part that prevented hardware
interlocking so if the part was still in the system then the overdose would not
occur. Also during the testing phase of this project it was poorly tested,
because a proper test for the part that they removed would have throw the
error. With more preparation and analysis the lives of the affected could have
been saved because being infused with a high dose of radiation can lead to
serious consequences.