Tech Industry

Shoring up software is new group's aim

Oracle, Cisco and others team with Carnegie Mellon in a consortium seeking to raise the standards in software engineering. The open-source community already has concerns.

Microsoft, Oracle, Cisco Systems, NASA and others have teamed up with Carnegie Mellon University to make software more reliable, secure and less buggy.

Carnegie Mellon on Thursday launched the Sustainable Computing Consortium (SCC), which brings together academic researchers, government agencies, technology companies and businesses that use software. Funded with an initial $30 million, the group aims to create effective business practices for creating software--and tools that can test its dependability and security.

"Our standards have inappropriately been lowered by our daily experience," said Ken Jacobs, Oracle's vice president of product strategy. "We have to bring software engineering the kind of maturity we have in building bridges and buildings. We don't expect buildings to fall down every day."

Organizers say research shows that defects in software cost businesses an estimated $175 billion last year in lost productivity. The software industry has wrestled with reliability problems for years. Software makers often put out patches to fix bugs and security holes after the release of its products.

Microsoft, for example, recently highlighted the industry's problem when the company announced its Trustworthy Computing initiative, in which it set security as its top priority. The tech giant has long been plagued by glitches and security holes in its software, from Windows to the Internet Explorer browser.

Oracle's Jacobs said the consortium has not set a timetable to reach its goals but is optimistic that it will help improve future software.

"It's ambitious, no question. We have a broad scope, from developing methodology, tools, specifications and standards to public policy recommendations," said Jacobs, who added that the effort to improve software quality has been in the works for years.

"You can't expect instant results. It's a never-ending battle. It's not like there's one magic technology to solve all the problems," he said. "But having a common way to discuss reliability of systems will help."

One SCC goal is to create tools to help software companies test the quality of their product before releasing it, he said. "In other words, if you plug a strobe or thermometer into a piece of software to measure its reliability. That's a nice thing."

Bill Guttman, director of the consortium and a professor of economics and technology at Carnegie Mellon, said the organization will meet this summer to hash out an agenda.

The open-source software community is already raising concerns about the licensing terms for the technology resulting from the SCC's efforts, Guttman said. Open-source describes a collaborative method of developing software by freely sharing programming code, with no single company owning the rights.

But Carnegie Mellon, like most universities, owns the intellectual property of its research, he said. Each member of the consortium can use future technology, such as testing tools, for its own internal use. But they are subject to royalty payments to the college if they want to include the testing tools in their software products, he said.

"The open-source community has made great contributions to software development, and they have expressed their concerns," Guttman said. "We're engaged in discussions to accommodate the open-source community. It's difficult but not impossible."

Other members of the consortium include Alcoa, Caterpillar, General Atlantic Partners, Merck, Pfizer, Raytheon, RedSiren Technologies, Reed Smith, Tata Consultancy Services and UPMC Health Systems. Guttman said the group expects to sign on more companies in the next two weeks.

Carnegie Mellon has a long history with software reliability and security. The university, located in Pittsburgh, houses the Computer Emergency Response Team (CERT) Coordination Center, which provides alerts on security breaches.