Software quality issues such as vulnerabilities, software supply chain problems and technical debt could be costing the U.S. economy trillions, according to a new report from electronic design automation solutions and services firm Synopsys.
The Mountain View, Calif. company’s report, “The Cost of Poor Software Quality in the US,” finds that software quality issues may have cost the U.S. economy more than $2.4 trillion this year as the software industry is building up what the company calls a historic number of deficiencies.
The report, sponsored by Synopsys and produced by the Consortium for Information & Software Quality (CISQ), finds that cybercrime is a leading cause of these issues, with losses due to cybercrime rising 64% between 2020 and 2021, with 2022 on track for another 42% increase.
According to the report, cybercrime is predicted to cost the world $7 trillion in 2022, and the average cost of a data breach in the U.S. is now $9.44 million, up from $9.05 million the year prior.
In fact, the quantity and cost of cybercrime incidents have been on the rise for over a decade, and now account for a sum equivalent to the world’s third largest economy after the U.S. and China, the report found.
The software supply issues continues to be a major IT problem and are getting worse, with the report finding that the number of failures due to weaknesses in open-source software components accelerated by 650% from 2020 to 2021.
With problems with underlying third-party components rising significantly, Synopsys and CISQ urge the importance of responsible and comprehensive open-source security and risk management. The report of course highlights high-profile incidents, including the Log4Shell vulnerability which surfaced last year and is still causing problems for organizations.
However, the CISQ and Synopsys report identified technical debt as the largest obstacle for organizations to overcome. Technical debt, the cost of rework in software development and accumulated deficiencies that are time-consuming and expensive to fix, is leaving systems and organizations vulnerable, the report says.
Due to these issues, the technical debt in the U.S. has risen to more than $1.5 trillion this year, the report found.
Herb Krasner, the report’s author and a retired professor of software engineering at the University of Texas, Austin, says the report offers proactive advice for engineers, project teams and organizational leaders to improve the quality of the software the use and build.
“Now is the time to turn our attention to recent developments and emerging solutions to help improve the poor software quality situation as it now exists and stabilize and reduce the growth rate of CPSQ in the near future,” Krasner says.
Meanwhile, Dr. Anita D’Amico, the Synopsys Software Integrity Group vice president of cross-portfolio solutions and strategy and CISQ Board Member, urges the IT industry to adopt software bills of materials (SBOM) to help give organizations a comprehensive inventory of components used to make a piece of software.
“That means when a new vulnerability is identified in an existing component, organizations can quickly identify where it is in their software and take action to remedy it,” D’Amico says.