Software failures

Software Fail Watch 2016, Quarter Two

The second quarter of 2016 has come to a close, signaling the time for our favorite quarterly recap of software bugs. Q2 showed an increase over Q1, clocking in at 147 stories – nearly a 25% increase from the quarter before.

Q2 also showed an uptick in transportation related stories; particularly recalls for software related car issues. For the first time however, these stories were stemming primarily from one or two sources: car websites dedicated to cataloging and announcing recalls. Unlike 2015, where recalls were often published and republished within mainstream media, the transportation industry seems to be holding their errors a little closer to their chests in 2016.

The same goes for the Finance industry, which has always downplayed their software bugs when possible. A recent check into the finance-related stories we catalogued from late 2014 and 2015 revealed that a handful of the stories had been removed from the news sites, and the headlines scrubbed from search.

Of course the category that dominates the charts once again is Government, with a whopping 54 stories. The fact that the organizations we rely on for our civic wellbeing and safety should have so many software failures, is enough to give rise to other theories. In a 2012 Forbes article on cyber-security in government software, the researcher director at SANS Institute flat out stated that government’s “private contractor system actually rewards insecure coding”. He goes on to controversially state that, “the consequences for private sector software writers who write insecure code for the government is contract add-ons to fix the problem, and more revenue for their companies and job security for them.”

Whether or not this is the case in every government-related software failure, it does reveal that, in the end, government organizations will not suffer for software bugs in the same way as private sector companies. While a severe software bug may be enough to crumple a company within the private sector, a government organization will typically suffer no more than the annoyance of their employees and constituents – even if that software bug means unlawful (albeit unintentional) election tampering.

With the prominent American elections and the Brexit referendum taking place, many of the most widely circulated stories in Q2 showcased software bugs within the voting process. Stories range from votes being left incomplete, to hundreds of thousands of voters not receiving election information on time.

Other prominent stories from Q2 (government or otherwise) included:

Ineligible Votes Receive Brexit Referendum Ballots Due to Software Glitch

The biggest government-related story revolved around the history-making Brexit referendum. Within an already turbulent political atmosphere, the news emerged that at least 3400 people who were ineligible to vote received polling cards and postal votes. While the Electoral Commission claimed to quickly clamp down on the discrepancy, they were unable to avoid accusations of tampering with the vote.  Source. 

Lexus Navigation System Bricked by Software Update

Lexus owners woke up to find that an overnight software update had rendered their navigation systems useless. Several consumer videos circulated the web, showing the navigation system on an endless cycle of rebooting. Lexus declined to admit how many vehicles had been affected by the update, though the extent and longevity of the news articles made it clear that many car owners had been affected by a problem that was far from an overnight fix. Source.

Facebook Pays Out $10,000 Bounty to 10-Year-Old Bug Hunter

A 10-year-old Finnish boy became one of the youngest awarded bug hunter in history, when he discovered an Instagram API flaw that allowed people to delete any user’s comments. The “scope of risk” of the vulnerability was so broad that Facebook decided to award the young hacker with an unusually large payout. The novelty of the story revolved around the age of the boy, though our guess is that these types of stories will not stay novel for long. Source.

Bitcoin Rival Ethereum Fights for its Survival After $50 Million Heist

This story received hardly any attention, regardless of the fact that it is one of the most sensational exploits this quarter. The cryptocurrency “Ethereum”, a rival to the more well-known Bitcoin, was hacked, with thieves stealing around $50 million worth of currency. The hacks themselves leveraged two bugs to repeatedly steal set amounts of “ether”, the currency base unit. Since the initial heist, multiple copycat hacks have taken place. Engineers involved in the cryptocurrency have said that the currency continues to remains vulnerable, as the security flaw is a particularly difficult one to solve. Source.

More on Software Failures

Software Fail Watch 2016, Quarter One

Software Fail Watch: 2015 in Review

Software Failures of 2015: Quarter Three

Software Failures of 2015: Quarter Two

Software Failures of 2015: Quarter One

Software Failures of 2014: Finance Edition