Countdown to Year 2000: How to Trust, and Verify, Y2K Work

How to Trust, and Verify, Y2K Work

Unexpected side effects to Y2K efforts are causing as much grief as themillennium date change itself. Along with Y2K glitches that may get missed in remediationand testing, many companies are discovering a host of newly created bugs that result fromopening up their code bases to remediation. Experts calculate the total additional tab toU.S. companies may be in the neighborhood of $98 billion to $188 billion ­ about 31percent of the money already spent on Y2K renovation projects.

The error rate runs high, even at the best-managed companies. Calculations by CapersJones, Chairman of Software Productivity Research, Inc. (Burlington, Mass.), find thatthere is at least one defect for every 144 lines of COBOL remediated for Y2K. As of thefourth quarter of 1998, the average program undergoing Y2K remediation contained almost800 defects, most of which can be categorized as "bad fixes" rather than centurydate issues.

"Even the best programmer alive will typically make three errors for every 100modifications that he or she makes to the code," adds Steve Angelo, Vice President ofReasoning, Inc. (Mountain View, Calif.). The top 500 U.S. corporations alone may have todeal with over four million new defects caused by Y2K repair work. The message is clear:Don't wait until testing ­ which usually only involves portions of systems ­ to catchpotential problems.

How can IT managers assure themselves ­ as well as corporate managers, investors,customers, auditors and other interested parties ­ that their code is good to go for Y2Kand beyond? Over the past year, a new class of Y2K tools and services have come on thescene, performing a function known as Independent Verification and Validation (IV&V).IV&V tools and services ensure that remediated Year 2000 code doesn't containsurprises.

While testing typically sets up simulations of future dates in the system,"IV&V examines data and the underlying logic to locate and identify 'missed' datefields and invalid date-processing logic," says Kevin Coyne, Chief Technology Officerand Senior Vice President of Information Analysis, Inc. (Fairfax, Va.)

A large part of the IV&V process is actual inspection of remediated code ­ usuallyin runtime mode ­ as one last look before testing. This can help avoid costly disruptionsduring testing. Such code inspection helps catch lingering Y2K errors, as well as newerrors that may have been created in the process. "IV&V provides an expedient andcost-effective way to pinpoint problems that might otherwise be missed by inadequatetesting, so that they can be fixed more inexpensively before the Year 2000 begins,"says Year 2000 guru Ian Hayes, President of Clarity Consulting (Marblehead, Mass.).

IV&V procedures can also address inconsistencies in remediation, which may alsocause applications to fail, says Reasoning's Angelo. For example, a windowing solution inone application might have a pivot date of 50 [all dates greater than 50 are in the 20thcentury, and dates less than 50 are considered 21st century], while another will use 35.

A Few Good Options

Meta Group (Stamford, Conn.) cites a number of benefits from implementing IV&V andinspection tools and services. First, many companies that have relied on outside oroffshore conversion services will have a way to quickly inspect and audit returned code,and set benchmarks into their contracts. Likewise, internal conversion efforts will bemore cost-effective, since "bugs are five to 10 times costlier to fix after code hasbeen put back into production," Meta analysts say. Plus, verifying Y2K compliancewith IV&V tools and services may help assuage the concerns of nervous executives, andprovide knowledgeable details for audit reports.

A number of tools have appeared on the market to help provide inspections of remediatedcode. IBM's Runtime Analyzer, Millennium Runtime Windowing and Unit Test Assistant toolsare focused on helping inspect runtime code on S/390 systems.

Computer Associates International (Islandia, N.Y.) and Information Analysis announced afamily of automated date remediation tools ­ CA-Fix/2000-IV&V andUnicast/2000-IV&V ­ designed to help verify and validate their Year 2000 complianceefforts for COBOL environments. Reasoning's Y2K code inspection and auditing services forCOBOL environments can be performed by a product on-site or as an off-site service.

Data Integrity, Inc. (Waltham, Mass.) offers Millennium CrossCheck for COBOL, andrecently announced Cross Check for PL/1, an IV&V tool for PL/1 environments. The SEECIV&V Workbench, from SEEC, Inc. also provides a methodology for identifying high-riskapplications.

Joseph McKendrick is a research consultant and author, whose firm, McKendrick &Associates (Doylestown, Pa.), specializes in surveys, research and white papers for theindustry. He can be reached at