Stalking the Y2K Phantom Menace

Many of the applications enterprises thought had been fixed when they were put back into service turned out to have latent problems, according to SPR's Jones.

Companies that have repaired and remediated their systems for Year 2000 may still find surprises when the code goes back into production. For example, in many newly refurbished programs, "a surprising number of missed leap years are coming up," says Capers Jones, software researcher and president of Software Productivity Research Inc. (SPR; Burlington, Mass.). In addition, he notes that calculation formulas using indirect dates are also proving to be troublesome.

Add to that the difficulties international companies are having meshing U.S. date formats with those of Europeans and the International Standards Organization, and the turmoil continues. "The combination of possible formats, coupled with the fact that there are 600 programming languages--all of which have date problems--continue to make the problem messy," says Jones, who has published numerous studies on application development metrics. "At least 15 percent of all software applications will not be fixed in time."

To help catch Y2K bugs that persist in AS/400s and other platforms, and provide a method of verification for top managers and business partners, SPR has been offering a Year 2000 verification service that helps companies ascertain the readiness of mission-critical applications. SPR employs a proprietary software estimation and assessment tool to help determine readiness, as well as action plans.

Even proactive companies that started Y2K work back in 1994 or 1995 are having last-minute problems as they put code back into production, Jones says. "Many of the applications they thought had been fixed when they were put back into service turned out to have latent problems. The combination of missed dates, plus bad fixes, is opening up a second wave of Year 2000 repairs."

As a result, the number of applications that organizations deem mission-critical--and thus being repaired--is actually declining, Jones observes. "Right now, we only have half as many applications in the industry identified as mission-critical as this time last year. Companies realized they weren't going to have time to fix everything." Unfortunately, even after Year 2000 has passed, these missed applications "are going to come back to bite organizations as well," he warns.

SPR's focus is to concentrate on individual applications that have undergone the remediation process, according to Jones. SPR's toolset employs industry averages to help determine the Y2K exposures in individual applications. Trying to eradicate lingering Y2K bugs is analogous to "trying to get rid of carpenter ants or termites in your house," he relates. "The first attempt is usually not successful, you have to come back for another spray after about a month. I hope we're more successful with Year 2000 than we have been with carpenter ants."