Landmines In Poor Software Development -- Legal Risks from Sales through Support September 7, 2012 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove, P.E., Fellow NAFE [email protected], www.CosgroveComputer.com Michael Krieger, Esq., PhD [email protected]
33
Embed
Landmines In Poor Software Development -- Legal Risks from Sales through Support September 7, 2012 Southern California Software Process Improvement Network.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Seeing as expert consults a parade of bad processes from sales to support
Noting very big awards, i.e., many times (e.g., 5x and up) the value contracted)
Recalling the messages in “Why Software is So Bad” cover story
MIT TechReview, July 2002, “Software Engineering and the Law” IEEE
Software May/June 2001, John Cosgrove
Why Software is So Bad
MIT Technology Review July 2002
April 18, 20234
MIT TR and Cosgrove – The Fix
The fix is going to be lawyers inflicting enough pain on s/ware companies (or gov’t regulat’n)
NOTA BENE: Whether due to code or implementation, big sytem failure => Business Loss May Far Exceed Contract $
Failed system victim’s problem: computer contracts limit liability litigation is dreadfully expensive
directly and on internal resources
April 18, 20235
Sunshine Mills v Ross SystemsAlabama jury awards $61M for
ERP system where original s/w licence was $250,000 15 Dec. 2010
A pet foods company in the US alleged that its ERP supplier fraudulently misrepresented the capabilities of its software.
April 18, 20236
Headlines – InfoWorld etc.
University accuses Oracle of extortion, lies, 'rigged' demo in lawsuit
2011/12/14 Montclair State elaborates on case
against Oracle over ERP projectgone wrong Chris Kanaracus –IDG
April 18, 20237
Division of Labor
John Cosgrove – Avoiding danger
Pitfalls to Spot and to Avoid, Processes to Implement, etc in Major System: sales devl’ install’n -> etc
Michael Krieger – Legal vulnerability
Legal environment: outlines of law and litigation elements to reveal their application to cases of poor practices
April 18, 20238
Cosgrove Computer Systems Inc. 8
JC - Topic Outline How projects can fail Origins of Failure Deliverable Definition Unrealistic Expectations Defective Process Discipline Origins of Legal Risks Case Histories
Insurance Policy system Component Distributor Auto Mall SCM
Summary
April 18, 20239
MK – Topic Outline
Time v. Oracle – outline facts, big $$$ Life cycle of a lawsuit Contract v. Fraud theory of suit: why
care? How this played out in Trim. Summary Judgement Motion by D:
what-why? Lack of success => settle Look at cases John describes
April 18, 202310
American Trim v. Oracle American Trim = joint venture of Alcoa &
Superior Metal Prod’ – components for GM, Ford, etc.
Needed common system to interface with manufacturers; EDI was required (1996)
Oracle: we’ve got that – Trim: Let’s see. Mock up demo purported to be live Long delay as Oracle tried to implement Trim cancelled, sued to for $1.8 M paid Jury: $3M compensatory + $10M punitive
April 18, 202311
Life Cycle of a Lawsuit Complaint by Plaintiff – view#1 of facts,
theory of harm and damages Answer by Def – view#2 of facts etc.Discovery - Depositions, document
Summary judgment (and other) motions More of above Trial and possibly Appeal
April 18, 202312
Key complaint theories Breach of contractBreach of contract: parties make mutual promises,
one fails to fulfill obligations Contract: typically sets out remedy for various
breaches, i.e., mutually agreed limits on damages TortTort: breaching a societal obligation may entitled
Injured party to all reasonably foreseeable damages. E.g. neighbor cuts down your tree; unsafe premises Misrepresentation: may qualify as tort
BingoBingo: cast vendor failure as a tort to get all losses, not just amount paid
April 18, 202313
Key fraud/contract distinction
“Fraud,” i.e., misrepresentation involves mistating the present, or sometimes wholly unfounded claims about the future, not just promises about it.
E.g., as to capability; resources; existance of softwara in use, is in beta, planned, ??? Depth and availability of team.
All these subject to the spectrum from small exaggeration to fabrications of facts that the buyer relies on
April 18, 202314
BSkyB v HP(EDS) Comment "Payment of £318m [for] an IT
dev’t contract of £50m and which had a limitation of liability cap set at £30m is a very painful reminder to HP and others that the law of misrepresentation is alive and that senior management need to have processes in place [so] that they can take immediate action if there is any suggestion of fraudulent practices during the sales process or otherwise."
April 18, 202315
For litigators in failure cases
Docs and email: likely hold key to case, i.e., no need for dealing with bits/bytes Expert costs are much smaller Juries can understand incompetence, lying
and cheating, not hex, interrupts. Lawyer can understand his/her case!
Smaller cases become “litigatable, i.e, the cost doesn’t overwhelm the expected ROI
April 18, 202316
Plaintiff and defendant goals P: Include fraud, i.e., really bad misrep’
that was critical to the loss D: fight factual + legal basis of claim
Resist discovery Move for Summary judgment
M/SJ: your honor, facts so far show that a fraud claim has no legal basis. So toss the claim, no need to put the issue before a jury
April 18, 202317
Role of summary judgment
Defendant does not want the fraud claim and associated facts before a jury due to risk of big damages
Consequently, cases tend to settle if the court sustains the fraud claims
Note that a defendant can appeal as did Oracle in Trim, which is why we know about it. Question: why did Oracle even go to trial and let a jury see such an ugly set of facts?
April 18, 202318
American Trim v Oracle Appeal
Upheld trial court on fraud, high damages. Special note of “present” tense by Oracle Fraud reached well up management ladder Reviewed whether it was reasonable for
Trim’s people to believe the simulation was live, whether attendance at a convention should have clued them that s/w not in beta.
Upheld all lower court finding
The SW Development View Factors which affect the developers
legal risks. Mistakes the client makes
April 18, 2023 Cosgrove Computer Systems Inc.19
April 18, 202320
How Projects Can Fail
Cost – Quality – Schedule Getting too costly – Budget is ?? Causes major errors – Too risky Still not done – Schedule is ??
Unacceptable: don’t pay, sue (& replace) How to recover/replace system
Salvage or do-over Who pays for recovery?
April 18, 202321
Origins of Failure Defective definition of deliverable Unrealistic expectations Defective process discipline
Cosgrove Computer Systems Inc.
April 18, 202322
Deliverable Definition What is the deliverable?
Describing it in the contract Should include process requirements
Change management at least– Features, cost & schedule
Acceptance criteria & procedure
Define priorities–Independent Variable Cost, schedule or quality? Any cost or schedule OK with low quality
Cosgrove Computer Systems Inc.
April 18, 202323
Unrealistic Expectations Communicating expectations both ways Supplier
Promised too much, too soon, too cheap Competitive bids can set the stage
Client Short term decision criteria – cost &
schedule Failed to ID critical trade-off factors
Cosgrove Computer Systems Inc.
April 18, 202324
Defective Process Discipline Software is Invisible Disciplined process overcomes this Management only possible with process
elements suitable to the project Automated support must be suitable Size, complexity, risk elements, etc. Testing processes – explicit, recorded &
enforced Legal risks largely driven by process discipline
Cosgrove Computer Systems Inc.
April 18, 202325
Origins of Legal Risks Most litigation starts with project history
Artifacts start with the solicitation/sales stage Representations generated by both sides Definitions & obligations expressed in contract
– Features, cost/schedule & required process
Artifacts generated by development stage Absence of artifacts may become critical Project status, testing records, etc.
Artifacts generated by deployment stage
Cosgrove Computer Systems Inc.
April 18, 202326
Case Histories Insurance Policy System ERP System for Electronic Component
Distributor Auto-Mall SCM System
Cosgrove Computer Systems Inc.
April 18, 202327
Insurance Policy System -- I Off-shore developer’s quality was
unacceptable to insurance underwriter Design discipline & testing failed
System produced invalid policy documents– Customers sued citing financial risk
Code was fragile causing DB corruption and system crashes
Discovery document revealed internal review recommending system re-write
Cosgrove Computer Systems Inc.
April 18, 202328
Insurance Policy System -- II Developer’s quality assurance process
Design discipline & testing failed to detect policy data corruption from improperly designed terminal sessions.
Ineffective programmer supervision produced fragile code without error control.
Lack of independent QA ignored known defects risking client’s business survival
Cosgrove Computer Systems Inc.
April 18, 202329
Component Distributor ERP - I Business model – Next day delivery System promised < 1 Y, <$5M Allowed Go-Live with known defects after
cost & schedule exceeded Critical Operations failed with Go-Live –
bankruptcy followed Only assets are potential damages
against suppliersCosgrove Computer Systems Inc.
April 18, 202330
Component Distributor ERP -II Disciplined process promised but not
followed Supplier experienced two mergers during
project Supplier Management team restructured
& compromised Records show management
inconsistencies
Cosgrove Computer Systems Inc.
April 18, 202331
Auto Mall SCM System – I Multi-brand auto mall orders
replacement Auto-retailing SCM System was promised “turn-key” in 1
week Critical features promised for all brands
EDI inventory management Common lead management
Cosgrove Computer Systems Inc.
April 18, 202332
Auto Mall SCM System –II Promised turn-key is incomplete with
some features yet to be developed. Neither of 2 critical functions are
operational with multi-brand dealers SCM sales team was conflicted with
pressure to book sale by EOY.
Cosgrove Computer Systems Inc.
April 18, 202333
Development Summary Software Intensive Systems Fail “Trend” is for potential liability awards to
be measured by business loss Implicit “Duty of Care” requires
evidence of disciplined processes Software developers must observe