The effects of a software bug range from minor (such as a misspelled word in the user interface) to severe (such as frequent crashing).
In 2002, a study commissioned by the US Department of Commerce's National Institute of Standards and Technology concluded that "software bugs, or errors, are so prevalent and so detrimental that they cost the US economy an estimated $59 billion annually, or about 0.6 percent of the gross domestic product".
Mistake metamorphism (from Greek meta = "change", morph = "form") refers to the evolution of a defect in the final stage of software deployment.
In 2011, after receiving scrutiny from US Senator Al Franken for recording and storing users' locations in unencrypted files,[9] Apple called the behavior a bug.
However, Justin Brookman of the Center for Democracy and Technology directly challenged that portrayal, stating "I'm glad that they are fixing what they call bugs, but I take exception with their strong denial that they track users.
"[10] Preventing bugs as early as possible in the software development process is a target of investment and innovation.
Languages may include features such as a static type system, restricted namespaces and modular programming.
For example, the Java does not support pointer arithmetic which is generally fast, but is considered dangerous; relatively easy to cause a major bug.
But this code always executes foo: A convention that tends to prevent this particular issue is to require braces for a block even if it has just one line.
Some contend that formal specifications are impractical for anything but the shortest programs, because of problems of combinatorial explosion and indeterminacy.
Tools for static code analysis help developers by inspecting the program text beyond the compiler's capabilities to spot potential problems.
Maurice Wilkes, an early computing pioneer, described his realization in the late 1940s that “a good part of the remainder of my life was going to be spent in finding errors in my own programs”.
As an alternative to using a debugger, code may be instrumented with logic to output debug information to trace program execution and view values.
Sometimes, a bug is not an isolated flaw, but represents an error of thinking or planning on the part of the programmers.
One cause of the Therac-25 radiation machine deaths was a bug (specifically, a race condition) that occurred only when the machine operator very rapidly entered a treatment plan; it took days of practice to become able to do this, so the bug did not manifest in testing or when the manufacturer attempted to duplicate it.
Since the 1990s, particularly following the Ariane 5 Flight 501 disaster, interest in automated aids to debugging rose, such as static code analysis by abstract interpretation.
[17] A tracked item is often called bug, defect, ticket, issue, feature, or for agile software development, story or epic.
Bugs of sufficiently high priority may warrant a special release which is sometimes called a patch.
In applications such as human spaceflight, aviation, nuclear power, health care, public transport or automotive safety, since software flaws have the potential to cause human injury or even death, such software will have far more scrutiny and quality control than, for example, an online shopping website.
In 1978, Lientz et al. showed that the median of projects invest 17 percent of the development effort in bug fixing.
[28] Another study in 1990 reported that exceptionally good software development processes can achieve deployment failure rates as low as 0.1 per 1000 SLOC.
[29] This figure is iterated in literature such as Code Complete by Steve McConnell,[30] and the NASA study on Flight Software Complexity.
[34] Such a bug can be from a lack of awareness of the qualities of the data storage such as a loss of precision due to rounding, numerically unstable algorithms, arithmetic overflow and underflow, or from lack of awareness of how calculations are handled by different software coding languages such as division by zero which in some languages may throw an exception, and in others may return a special value such as NaN or infinity.
[40] Government researchers, companies, and cyber security experts are the people who typically discover software flaws.