NEW YORK-A corporate culture of hear no evil, see no evil, speak no evil spells problems ahead, even for companies that think they have gotten the millennium bug out of their systems, Johnson M. Hart said.
Since 1994, Hart, founder of JMH Associates, Weston, Mass., has served as a consultant in year-2000 project planning, validation and post Y2K strategies. During his prior 25 years of experience, he served as a researcher, software developer and manager at Hewlett-Packard Co., Apollo Computer, Peritus Software Services and the Open Software Foundation.
Hart’s presentation at International Business Communications’ recent conference on “Moving through and beyond Jan. 1, 2000,” seemed to echo the admonition of Federal Communications Commissioner Michael Powell. Powell warned members of the Network Reliability and Interoperability Council in mid-July that the millennium bug problem is a special challenge requiring everyone to work collaboratively.
For this reason, the commissioner said, carriers do not have the option of withholding information from the FCC. Powell said he would speak personally with the chief executives of any telecommunications companies that resist this directive.
Chief executives who link bonuses to goals reached and legal departments afraid of lawsuits likely are the sources of pressure to ignore additional Y2K-compliance problems unearthed after initial systems testing is completed, Hart said.
“Some companies have gotten into a strange mentality. Employees who have done the Y2K testing are saying they are mad they did it,” he said.
“If they go back and find other problems once the boss has pronounced the system (Y2K) compliant, they must worry about their bonuses, which are tied to milestones. [Furthermore], the legal department says don’t fix the fix after you find a new problem because we might get sued.”
Hart is an evangelist for the gospel of Independent Renovation Inspection, which goes by two other monikers-Code Audits and Independent Valuation and Verification.
Date Sensitive Item Identification is the heart of IRI “because you can’t change what you can’t find, and it’s a mystery how people thought you could,” Hart said.
Even conscientious Y2K-compliance testing “won’t find a defect if there is a date missing, which is the essence of the Y2K problem, and many testing procedures say only to test what you change.”
Date Sensitive Item Identification uses tools to sift through files, ignoring numbers “that are completely out of range and can’t possibly be a date, suggesting things that might be a date,” Hart said.
The process is highly automated and precise, “although it does require manual intervention to resolve ambiguous situations and seeding to specify known date sensitive items.”
In a sample of five Independent Renovation Inspections JMH Associates conducted for large financial, government and telecommunications systems based on COBOL that already underwent Y2K-compliance testing, these were its findings: fundamental errors, or root cause defects, numbering from 16 in 166,000 lines of code to 200 in 350,000 lines of code.
“It is an open software industry secret that it is typical to find two to three defects per 10,000 lines of code, even without the Y2K problem, and up to 10 defects per 10,000 L.O.C. with it,” Hart said.
Not only does conventional Y2K testing detect fewer defects, it also costs more-$1,000 to $5,000 per detected defect, compared with $50 to $500 per detected defect for Independent Renovation Inspection, he said.
“If you are still (Y2K) testing, use IRI as a pre-test filter. If you can’t afford to use IRI on the whole thing, use it on a sample of your riskiest or most important code,” Hart said.
“Can you afford not to? Residual defects are real and potentially serious, so you must consider [their] business impact.”