Tony Scott, the chief technology officer of the worlds largest automaker, General Motors, is never shy about using his companys roughly $3 billion annual spend on hardware and software to bring change to how technology is procured.
The latest inadequacy he intends to rectify: Buying complex pieces of code with little assurance that it will work the way it is supposed to.
“GM couldnt sell a car using the [current] software model,” in which the buyer assumes the risk of making sure the product works reliably, says Scott, whose company is a large SAP and Electronic Data Systems customer.
Software vendors typically provide a 90-day limited warranty that promises the application will conform to published specifications. The supplier usually adds that the software may have errors and notes there are no guarantees that an installation will be successful.
Thats not good enough, Scott says. Software vendors will have to offer better warranties. “We have a ways to go before we get quality in basic matters of security and integration with operating systems and databases,” he says.
Scott would like software vendors to offer a warranty that would cover errors that cause harm to a companys operations. For instance, a vendor that ships an application with a known security problem that brings down an enterprise planning system should be held accountable. Currently, customers dont have much recourse and cant hold the vendor liable for financial damages. Scott would want the software fixed, and to be compensated for the harm to his business.
Technology executives roundly dismiss todays software warranties as reams of legalese that merely tell you the vendor isnt responsible for any problems. For instance, Cisco Systems says in its standard user license and software warranty that “in no event” does it guarantee that its code is error-free or will run “without problems or interruptions.” As for security, Cisco says it doesnt warranty that its software “will be free of vulnerability to intrusion or attack.”
Meanwhile, money-back guarantees on the software alone are almost meaningless since the price of software is a pittance compared to the cost of staff and consultants needed to implement, say, an enterprise planning suite.
According to a Nucleus Research study of SAP implementations, software costs represented about 18.3 percent of an initial deployment; the rest went to consulting (36 percent), personnel (24.5 percent), training (12.5 percent) and hardware (8.7 percent).
What SAP and MS
Software vendors such as SAP and Microsoft say they currently offer warranties ensuring that their applications operate as promised in the documentation.
For instance, Microsofts Office XP products “will perform substantially in accordance with the accompanying materials for a period of 90 days from the date of receipt.” Software updates arent covered after that 90-day period. Even Microsofts security bulletins note the information is provided “as is” without warranties of any kind.
Warranties for SAP are more complicated and subject to negotiation because the software can cost millions of dollars and is often customized. Documents detailing negotiated software warranties werent available, but lawyers say vendors dont warranty against coding flaws and potential security issues.
In fact, that customization is why SAP says its impossible to offer a warranty for software as you would, say, a bicycle, notes Dennis Moore, senior vice president at SAPs cross-applications division.
“You can offer a warranty of a GM car because I dont put in 16 different seats and a new transmission when I first buy it,” says Moore, who spoke on an industry panel with Scott at the CeBIT electronics show in New York this past May. Moore added that many products come in standard configurations set by the manufacturer and consumers dont change them. Software, however, is configured differently by each customer, thereby rendering warranties moot because whatever is in the documentation isnt reality. Moore and SAP declined further comment.
Nevertheless, the fundamental flaws in software are adding up. The U.S. Department of Commerces National Institute of Standards and Technology estimates software flaws cost the economy $59.6 billion a year, and theres little recourse for customers other than to install patches and other fixes, even though that may impact more than one system.
Whos on the Hook
Who should be on the hook for software flaws? Suppliers? You? At issue is a fundamental question about the definition of software.
Is software a tool, or is it clay that customers mold? Is it different from other products? Is software intellectual property that operates under new rules?
What would be the cost of producing near-flawless software? Should software vendors be responsible when integrators botch implementations?
Ed Hansen, a partner at Shaw Pittman, a law firm that negotiates enterprise software contracts, says there are no quick answers. For starters, software is set up so it operates against documentation that details the type of hardware needed and outlines how it should work. Details arent terribly specific and usually underestimate the hardware costs involved with an implementation. Without documentation indicating how SAP works in a shop with, say, Oracle databases and Microsoft operating systems, theres no warranty.
“Sometimes warranties and performance guarantees are invalidated if the software is used with any product not provided or approved by the vendor,” says Hansen. “Clearly, in the current environment this is a huge hole.”
Nevertheless, there are some protections customers can negotiate-especially large companies that have leverage over software vendors due to the millions of dollars at stake. Depending on the size of a deal, Hansen says customers should get coding-defect protection, either in a warranty or in the maintenance agreement for a fee. For complex deals such as a worldwide installation of a human-resources application, the project should be accepted in phases to ensure the software works as promised. Money should be paid out only after stress tests in the customers environment prove the software works as it should.
Customers should also be wary of money-back guarantees. “As a software user, you want to know that a problem will be fixed, not that youll get money back,” says Hansen. He advocates that customers include coding fixes in the maintenance agreement.
MS and JetBlue Speak
Microsofts Sunny Jensen Charlebois, product manager for worldwide pricing and licensing, says the software giant does update its applications to make appropriate fixes and enhance security. She argues that software is intellectual property that cant be guaranteed to work at every company because there are multiple suppliers and applications.
“Given all the elements and variables in an organizations infrastructure, I wouldnt say its realistic to say in a warranty there are no bugs,” says Charlebois. “Software is a different animal because it is updated often. The warranty says the software will do what we believe it will do.”
Indeed, to Charlebois a patch by another name may not be a patch. Updates that happen to fix security flaws “are not patches,” she says gamely. “They are updates. I am saying that with a straight face.”
Jeff Norman, a partner at Chicago law firm Kirkland & Ellis, says that mode of thinking is rampant in the software industry. Bugs are acceptable to software makers. “No one would offer a warranty saying that software is bug-free because it just wouldnt be true,” he says.
Jeff Cohen, the former chief information officer at JetBlue, a Microsoft customer, says there is no defense against bugs and flawed software because suppliers are never going to warranty that their products are bullet-proof.
“If a product has a bug in it, youre screwed,” says Cohen, now the chief executive of Vertical Software Group. “The problem is there are too many variables in this business. Theres always an out. The software guy says it was the integrator, and the integrator says, I didnt build the software. Software warranties are only a liability statement about what [vendors] wont do.”
Cohen says he got Microsoft to be responsive to JetBlues needs by standardizing on its operating system and productivity applications. Becoming a showcase client gave him pull when, for instance, he needed fixes to his SQL databases.
How to Get a
Another way to get something that resembles a product warranty from software suppliers: Become a technology executive at a large company, like Scott.
Companies like GM and Halliburton can often dictate terms with vendors and get warranties that flawed code will be fixed. When there are hundreds of millions of dollars at stake, a company can insist on items such as payment based on acceptance testing for large implementations, interoperability guarantees and free code fixes.
In the end, Norman of Kirkland & Ellis says companies will have to vote with their dollars. Large companies will have to shun software vendors that wont assume any liability for malfunctioning software.
Small- and medium-sized companies will have to band together and insist on a standard set of warranties from providers of off-the-shelf software that at least guarantee the buyer that applications will be free of code defects and be secure outside a lab.
“There will have to be some kind of collective action by smaller midsized companies since they will be the ones getting software off the shelf,” Norman says.
Stan Alexander, vice president for technology strategy and architecture at EDS, agrees.
“As the world moves toward packaged applications and no modifications, this will be more of an issue,” Alexander says. “If a company is not dinking around with the code, its reasonable to me that there will be some kind of better warranty.”