Presentation on theme: "Landmines In Poor Software Development -- Legal Risks from Sales through Support September 7, 2012 Southern California Software Process Improvement Network."— Presentation transcript:
Landmines In Poor Software Development -- Legal Risks from Sales through Support September 7, 2012 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove, P.E., Fellow NAFE Michael Krieger, Esq., PhD
7 May Our Touchstones Seeing as expert consults a parade of bad processes from sales to support Noting very big awards, i.e., many times (e.g., 5x and up) the value contracted) Recalling the messages in “Why Software is So Bad” cover story MIT TechReview, July 2002, “Software Engineering and the Law” IEEE Software May/June 2001, John Cosgrove
Why Software is So Bad MIT Technology Review July 2002
7 May MIT TR and Cosgrove – The Fix The fix is going to be lawyers inflicting enough pain on s/ware companies (or gov’t regulat’n) NOTA BENE: Whether due to code or implementation, big sytem failure => Business Loss May Far Exceed Contract $ Failed system victim’s problem: computer contracts limit liability litigation is dreadfully expensive directly and on internal resources
7 May Sunshine Mills v Ross Systems Alabama jury awards $61M for ERP system where original s/w licence was $250, Dec A pet foods company in the US alleged that its ERP supplier fraudulently misrepresented the capabilities of its software.
7 May Headlines – InfoWorld etc. University accuses Oracle of extortion, lies, 'rigged' demo in lawsuit 2011/12/14 Montclair State elaborates on case against Oracle over ERP project gone wrong Chris Kanaracus –IDG
7 May Division of Labor John Cosgrove – Avoiding danger Pitfalls to Spot and to Avoid, Processes to Implement, etc in Major System: sales devl’ install’n -> etc Michael Krieger – Legal vulnerability Legal environment: outlines of law and litigation elements to reveal their application to cases of poor practices
7 May Cosgrove Computer Systems Inc. 8 JC - Topic Outline How projects can fail Origins of Failure Deliverable Definition Unrealistic Expectations Defective Process Discipline Origins of Legal Risks Case Histories Insurance Policy system Component Distributor Auto Mall SCM Summary
7 May MK – Topic Outline Time v. Oracle – outline facts, big $$$ Life cycle of a lawsuit Contract v. Fraud theory of suit: why care? How this played out in Trim. Summary Judgement Motion by D: what-why? Lack of success => settle Look at cases John describes
7 May American Trim v. Oracle American Trim = joint venture of Alcoa & Superior Metal Prod’ – components for GM, Ford, etc. Needed common system to interface with manufacturers; EDI was required (1996) Oracle: we’ve got that – Trim: Let’s see. Mock up demo purported to be live Long delay as Oracle tried to implement Trim cancelled, sued to for $1.8 M paid Jury: $3M compensatory + $10M punitive
7 May Life Cycle of a Lawsuit Complaint by Plaintiff – view#1 of facts, theory of harm and damages Answer by Def – view#2 of facts etc. Discovery - Depositions, document production, &&. Costly, contentious, protracted; computer=> experts Summary judgment (and other) motions More of above Trial and possibly Appeal
7 May Key complaint theories Breach of contract Breach of contract : parties make mutual promises, one fails to fulfill obligations Contract: typically sets out remedy for various breaches, i.e., mutually agreed limits on damages Tort Tort: breaching a societal obligation may entitled Injured party to all reasonably foreseeable damages. E.g. neighbor cuts down your tree; unsafe premises Misrepresentation: may qualify as tort Bingo Bingo: cast vendor failure as a tort to get all losses, not just amount paid
7 May Key fraud/contract distinction “Fraud,” i.e., misrepresentation involves mistating the present, or sometimes wholly unfounded claims about the future, not just promises about it. E.g., as to capability; resources; existance of softwara in use, is in beta, planned, ??? Depth and availability of team. All these subject to the spectrum from small exaggeration to fabrications of facts that the buyer relies on
7 May BSkyB v HP(EDS) Comment "Payment of £318m [for] an IT dev’t contract of £50m and which had a limitation of liability cap set at £30m is a very painful reminder to HP and others that the law of misrepresentation is alive and that senior management need to have processes in place [so] that they can take immediate action if there is any suggestion of fraudulent practices during the sales process or otherwise."
7 May For litigators in failure cases Docs and likely hold key to case, i.e., no need for dealing with bits/bytes Expert costs are much smaller Juries can understand incompetence, lying and cheating, not hex, interrupts. Lawyer can understand his/her case! Smaller cases become “litigatable, i.e, the cost doesn’t overwhelm the expected ROI
7 May Plaintiff and defendant goals P: Include fraud, i.e., really bad misrep’ that was critical to the loss D: fight factual + legal basis of claim Resist discovery Move for Summary judgment M/SJ: your honor, facts so far show that a fraud claim has no legal basis. So toss the claim, no need to put the issue before a jury
7 May Role of summary judgment Defendant does not want the fraud claim and associated facts before a jury due to risk of big damages Consequently, cases tend to settle if the court sustains the fraud claims Note that a defendant can appeal as did Oracle in Trim, which is why we know about it. Question: why did Oracle even go to trial and let a jury see such an ugly set of facts?
7 May American Trim v Oracle Appeal Upheld trial court on fraud, high damages. Special note of “present” tense by Oracle Fraud reached well up management ladder Reviewed whether it was reasonable for Trim’s people to believe the simulation was live, whether attendance at a convention should have clued them that s/w not in beta. Upheld all lower court finding
The SW Development View Factors which affect the developers legal risks. Mistakes the client makes 7 May 2015 Cosgrove Computer Systems Inc. 19
7 May How Projects Can Fail Cost – Quality – Schedule Getting too costly – Budget is ?? Causes major errors – Too risky Still not done – Schedule is ?? Unacceptable: don’t pay, sue (& replace) How to recover/replace system Salvage or do-over Who pays for recovery?
7 May Origins of Failure Defective definition of deliverable Unrealistic expectations Defective process discipline Cosgrove Computer Systems Inc.
7 May Deliverable Definition What is the deliverable? Describing it in the contract Should include process requirements Change management at least –Features, cost & schedule Acceptance criteria & procedure Define priorities–Independent Variable Cost, schedule or quality? Any cost or schedule OK with low quality Cosgrove Computer Systems Inc.
7 May Unrealistic Expectations Communicating expectations both ways Supplier Promised too much, too soon, too cheap Competitive bids can set the stage Client Short term decision criteria – cost & schedule Failed to ID critical trade-off factors Cosgrove Computer Systems Inc.
7 May Defective Process Discipline Software is Invisible Disciplined process overcomes this Management only possible with process elements suitable to the project Automated support must be suitable Size, complexity, risk elements, etc. Testing processes – explicit, recorded & enforced Legal risks largely driven by process discipline Cosgrove Computer Systems Inc.
7 May Origins of Legal Risks Most litigation starts with project history Artifacts start with the solicitation/sales stage Representations generated by both sides Definitions & obligations expressed in contract –Features, cost/schedule & required process Artifacts generated by development stage Absence of artifacts may become critical Project status, testing records, etc. Artifacts generated by deployment stage Cosgrove Computer Systems Inc.
7 May Case Histories Insurance Policy System ERP System for Electronic Component Distributor Auto-Mall SCM System Cosgrove Computer Systems Inc.
7 May Insurance Policy System -- I Off-shore developer’s quality was unacceptable to insurance underwriter Design discipline & testing failed System produced invalid policy documents –Customers sued citing financial risk Code was fragile causing DB corruption and system crashes Discovery document revealed internal review recommending system re-write Cosgrove Computer Systems Inc.
7 May Insurance Policy System -- II Developer’s quality assurance process Design discipline & testing failed to detect policy data corruption from improperly designed terminal sessions. Ineffective programmer supervision produced fragile code without error control. Lack of independent QA ignored known defects risking client’s business survival Cosgrove Computer Systems Inc.
7 May Component Distributor ERP - I Business model – Next day delivery System promised < 1 Y, <$5M Allowed Go-Live with known defects after cost & schedule exceeded Critical Operations failed with Go-Live – bankruptcy followed Only assets are potential damages against suppliers Cosgrove Computer Systems Inc.
7 May Component Distributor ERP -II Disciplined process promised but not followed Supplier experienced two mergers during project Supplier Management team restructured & compromised Records show management inconsistencies Cosgrove Computer Systems Inc.
7 May Auto Mall SCM System – I Multi-brand auto mall orders replacement Auto-retailing SCM System was promised “turn-key” in 1 week Critical features promised for all brands EDI inventory management Common lead management Cosgrove Computer Systems Inc.
7 May Auto Mall SCM System –II Promised turn-key is incomplete with some features yet to be developed. Neither of 2 critical functions are operational with multi-brand dealers SCM sales team was conflicted with pressure to book sale by EOY. Cosgrove Computer Systems Inc.
7 May Development Summary Software Intensive Systems Fail “Trend” is for potential liability awards to be measured by business loss Implicit “Duty of Care” requires evidence of disciplined processes Software developers must observe levels of care similar to professions