HOW SERIOUS IS
THE YEAR 2000 SOFTWARE PROBLEM?

November 29, 1997



Abstract

The year 2000 software problem has generated strongly polarized opinions as to how serious the impacts may be. Some press reports have asserted that the year 2000 problem is a minor issue which is being exaggerated by vendors and consultants in order to bring in business. Conversely, some year 2000 specialists and economists are concerned that the problems may be severe enough to trigger a global recession and damage the economies of the industrialized nations.

Because the year 2000 problem has not yet occurred there is no solid empirical evidence yet available as to the final consequences. Applying the principles of game theory to the year 2000 problem indicates that ignoring or minimizing the year 2000 problem is a poor choice. The potential economic damages from not solving the year 2000 problem are much higher than the costs of achieving year 2000 compliance.

Capers Jones, Chairman
Software Productivity Research, Inc.
1 New England Executive Park
Burlington, MA 01803-5005

Phone 781 273-0140 X-102
FAX 781 273-5176
Email Capers@spr.com
CompuServe 75430,231






Copyright 1997 by Capers Jones, Chairman, SPR, Inc.
All Rights Reserved.
HOW SERIOUS IS THE YEAR 2000 SOFTWARE PROBLEM?


INTRODUCTION

The software problem which has come to be called "the year 2000 problem" appears to be a minor issue when first considered. In order to conserve expensive storage space on computer disks and tape drives, software applications for many years stored dates in two-digit form rather than in four-digit form. Thus the year 1998 would be stored in many computers just as the number 98.

The practice of using two-digit date fields started in the 1950's when computers began to be used for business purposes. Using two digits for dates is benign and causes no harm so long as the next year is a larger number than the current year. For example software applications that use dates have no problem with the sequence of 95, 96, 97, 98, and 99. However, when the century ends the year 2000 will be stored as 00. The sequence of 99 followed by 00 is devastating to many kinds of calculations which employ dates, such as interest rates, funds transfers, air line reservations, and even telephone switching systems.

Everyone agrees that the year 2000 problem will affect many computer applications and can cause problems if the date fields are not fixed. However there are strong differences of opinion regarding these two issues:

How many applications will not be fixed in time?

How serious will the problems be from not fixing the dates in time?

Let us consider these two questions in the light of all available data about the year 2000 problem and its possible consequences. Using the concept of game theory, the year 2000 problem can have two possible outcomes: if the year 2000 problems are not fixed they can either be fairly minor or very severe.

The effort and costs that must be devoted to correcting the year 2000 problem are known to be expensive and time consuming. Therefore the fundamental issue is whether the year 2000 repair costs are justified because they will head off or minimize a possible economic calamity. But if the year 2000 problem is minor and does no serious harm, then the costs and effort spent on achieving year 2000 compliance could have been used for other purposes. Therefore it is important to explore every aspect of the possible consequences of the year 2000 problem to ascertain what might occur under both scenarios.

The year 2000 problem is an important human and international issue. If the year 2000 problem were only a business issue affecting financial software, the consequences might be unpleasant but not actually dangerous to human beings. Unfortunately, the year 2000 problem is not only a business issue but a topic which affects human lives and safety as well. The reason for this is because the year 2000 problem affects a great many public utilities such as electric power generation, telephone systems, and air traffic control. In addition, date problems can also affect the operation of medical instruments, navigation devices on board ships and aircraft, and a host of major military and defense applications.

The year 2000 problem is important because computers and software control so many of the things that comprise our national "infrastructure" such as the generation of electric power, telephone switching systems, transportation systems, and the like. Therefore it is important for laymen, politicians, attorneys, and software specialists to understand the issues surrounding this major event.


HOW MANY APPLICATIONS WILL NOT BE FIXED BY THE YEAR 2000?

From discussions with the year 2000 managers among our clients, and from additional discussions with company and government executives who have not yet begun year 2000 repair work, it is becoming obvious that a great many software applications will not achieve year 2000 compliance. The exact number which will not be ready is of course speculative, but since it is already too late to achieve 100% compliance at a global level, there is no longer any serious debate that at least some software will not be fixed in time.

In my book "The Year 2000 Software Problem - Quantifying the Costs and Assessing the Consequences" (Addison Wesley Longman, 1998) I include the following segment which discusses unrepaired software for the United States:

As shown earlier in this report the total number of software applications deployed in the United States is not known with certainty, but probably is in the range of 36,000,000. However, not all of these applications deal with dates or have any year 2000 problems embedded within them.

The "best case" scenario is that only about 25% of the installed applications in the United States are both active (rather than dormant) and have year 2000 hits. The "expected case" scenario would be that 50% of the applications have year 2000 hits, and the "worst case" scenario would be that 75% of the applications have year 2000 hits.

We should also consider the ranges of year 2000 discovery and repair activities. It would be nice to assume that the "best case" for the year 2000 problem is 100%, but unfortunately among our clients that is a very optimistic projection. In more realistic terms, the worst case for repairing year 2000 problems will be close to 0%, the expected case will be about 70%, and the "best case" will be lucky to top 95%.

In order to deal with the probable damages and recovery costs of these software applications, it is necessary to consider what kinds of software we are likely to be affected by the year 2000 problem. There is no agreed-to taxonomy for software types, but the following general categories are fairly well understood:

--Management information systems (MIS) software is defined as software applications which deal with numerical and alphabetic information. Examples of MIS applications would be payroll systems, banking applications, insurance claims handling, tax calculations, and a host of others.

--Systems software is defined as software which controls some kind of physical device. Examples of systems software would be computer operating systems such as MVS or DOS, telecommunication switching systems, manufacturing control systems, and process control systems.

--Embedded software is defined as software which is actually contained within a physical device and is used to control or modify its operation. Examples of embedded software would be automobile fuel injection software, medical instrument controls, aircraft flight control software, the software inside a microwave oven, or the software controlling the time lock on a bank vault.

--Commercial software is defined as software which is leased or marketed to consumers or to corporations. Examples of commercial software would be Microsoft Excel, Lotus, ACT, Quicken, Visual Basic, Netscape, SAP R/3, or my own company's CHECKPOINT( and KnowledgePLAN( software estimating tools which were used for some of the calculations in this report.

Military software is defined as software which was developed in accordance with various military and defense standards such as the well-known DoD 2167A or the more recent DoD 498 standard. Military software can be subdivided into logistics software, weapons system software, and command, communication, and control (CCC) software. The military logistics software resembles civilian MIS applications. The military weapons software is embedded within actual weapons systems such as the Tomahawk cruise missile or the Mark 160 gun control system. Military CCC software is concerned with the ability to coordinate military organizations and functions.

Scientific software is defined as software which deals with equations or statistical information used primarily for research purposes. Examples of scientific software would be special applications utilized for analyzing seismic information, for astronomical purposes, or for medical and genetic research.

End-user software is defined as software written for private use by a knowledge worker who is not a professional programmer, but rather in some other field of work such as accounting, electrical engineering, law, or medicine.

The category "other" is for software which does not fit conveniently into some of the other categories. Examples of "other" applications would include JAVA applets on the web, some on-line computer games, software tools built for internal use such as test tools, and even some proprietary year 2000 search and repair engines which companies have built for dealing with the year 2000 problem itself.

The following table assumes a reasonable approximation of a "best case" scenario, in that only about 25% of U.S. applications are assumed to contain year 2000 problems. The critical dimension of the table however, are the assumptions on the percentages of applications which contain year 2000 problems that will actually be fixed before the end of the century:

Note that this table deals with "unique applications." For example, there are millions of customers using the Windows 95 software package but Windows 95 is essentially one application. We are not dealing at the moment with how many specific customers are using an application, but rather with how many applications might exist and how many of these might contain the year 2000 problem after the turn of the century..

Probable Number of U.S. Unrepaired Year 2000 Problems        
Software Types Active Percent of Percent of Unrepaired
Applications Applications Applications Applications
Containing Repaired Not Repaired in January
Year 2000 in Time in Time of 2000 AD
Problems
MIS 4,687,500 82.00% 18.00% 843,750
Systems 1,250,000 77.00% 23.00% 287,500
Commercial (PC) 2,500,000 90.00% 10.00% 250,000
Commercial (Mini) 1,250,000 95.00% 5.00% 62,500
Embedded 200,000 77.00% 23.00% 46,000
Commercial (Mainframe) 1,125,000 96.00% 4.00% 45,000
End-User 125,000 65.00% 35.00% 43,750
Military logistics 210,000 94.00% 6.00% 12,600
Scientific 28,125 80.00% 20.00% 5,625
Military weapons 30,000 96.00% 4.00% 1,200
Military CCC 15,000 97.00% 3.00% 450
Other 600,000 80.00% 20.00% 120,000
Sum/Average 12,020,625 85.75% 14.25% 1,718,375

Since the year 2000 event has not yet occurred, the table is obviously somewhat speculative and has an unknown margin of error. However, no one seriously doubts that as the sun rises on January 1, 2000 AD there will be a significant number of software applications that still contain two-digit date logic and will no longer function as intended.

Furthermore, from more than 25 years of accumulated research on the efficiency of finding errors of other kinds, the U.S. average for "defect removal efficiency" is just about 85%, which makes the table a reasonable extrapolation from known empirical studies.

For the United States as a whole, a number of just over 1,700,000 unrepaired applications must, unfortunately, be regarded as the "best case" scenario. The "expected case" scenario is about 3,500,000 applications and the "worst" case scenario could top 10,000,000 applications or a full one third of all applications in the United States!

At a global level, the number of unrepaired applications on January 1, 2000 might be about 10,000,000 as a best-case scenario, 21,000,000 as a most likely scenario, and may go as high as 60,000,000 in the worst-case scenario."

As the century ends all countries use computers and software but the three most computer-dependent regions of the world are the United States, the Western Europe, and portions of the Pacific Rim such as Japan and South Korea. It is interesting to speculate on how many applications with year 2000 problems exist in these highly industrialized regions.

The approximate numbers of applications with year 2000 problems for the European Union are shown below, with a large margin of error since the data merely uses ratios derived from U.S. samples augmented by some in-country reports:

Estimated Percentage of Unrepaired Year 2000 Problems for the European Union          
Country Software Applications Percent Percent Applications
Staffs With Date Repaired Not Repaired Not Repaired
Problems in Time in Time by 1-1-2000
Germany 550,000 3,300,000 75.00% 25.00% 825,000
United Kingdom 390,000 2,340,000 80.00% 20.00% 468,000
France 385,000 2,310,000 75.00% 25.00% 577,500
Italy 375,000 2,250,000 75.00% 25.00% 562,500
Spain 235,000 1,410,000 75.00% 25.00% 352,500
Netherlands 100,000 600,000 75.00% 25.00% 150,000
Belgium 65,000 390,000 75.00% 25.00% 97,500
Portugal 65,000 390,000 75.00% 25.00% 97,500
Greece 60,000 360,000 75.00% 25.00% 90,000
Sweden 60,000 360,000 75.00% 25.00% 90,000
Austria 51,000 306,000 75.00% 25.00% 76,500
Denmark 34,000 204,000 75.00% 25.00% 51,000
Finland 32,000 192,000 75.00% 25.00% 48,000
Ireland 24,000 144,000 75.00% 25.00% 36,000
Luxembourg 3,000 18,000 75.00% 25.00% 4,500
Sum/Average 2,429,00 0 14,574,000 75.33% 24.67% 3,526,500

Viewed collectively, the European Union deploys slightly more software than the United States. However due to the Euro-currency focus, Europe lags the United States in achieving year 2000 compliance. The net result may be more than twice as many unrepaired year applications with year 2000 problems at the dawn of the 21st century.

For the industrialized countries of the Pacific Rim, their economies are already shaky as a result of severe banking and stock market problems. The added impact of massive software failures associated with the year 2000 problem does not lead to a cheerful economic projection for the start of the next century.

Estimated Percentage of Unrepaired Year 2000 Problems Within the Pacific Rim          
Country Software Applications Percent Percent Applications
Staffs With Date Repaired Not Repaired Not Repaired
Problems in Time in Time by 1-1-2000
Japan 900,000 5,400,000 75.00% 25.00% 1,350,000
South Korea 300,000 1,800,000 70.00% 30.00% 540,000
Sum/Average 1,200,00 0 7,200,000 72.50% 27.50% 1,890,000

The margin of error for Japan and South Korea is even larger than for the European Union, but from discussions of software issues with managers and executives from Japan and South Korea, there is no reason to be optimistic about approaching year 2000 compliance anywhere in the Pacific, except perhaps for India.

Even though the margin of error is large, it is a useful exercise to consider how many applications exist in countries with year 2000 problems, how many are likely to be repaired in time, and what the consequences may be to their economies and infrastructures from the unrepaired applications which still contain year 2000 problems at the start of the next century.

Unfortunately, the rest of the major nations of the world also appear to be lagging in year 2000 readiness. Space does not permit a full discussion, but there is no reason to think that year 2000 preparations are any better than Europe for countries such as Argentina, Brazil, China, Egypt, Indonesia, Mexico, Russia, Thailand, the Ukraine, etc.

HOW SERIOUS IS THE YEAR 2000 PROBLEM?

Because the year 2000 problem has not yet occurred, all of the available information on the possible consequences comes from either analysis of software applications or from experimental testing of applications to ascertain whether or not they need year 2000 repairs.

One way of evaluating the seriousness of the year 2000 problem is to consider the possible consequences of various degrees of failure. The best of the best would be to achieve 100% year 2000 compliance, and leave no applications with date problems unrepaired. This is so unlikely that it can almost be viewed as impossible, and is certainly highly improbable.

Conversely, the worst case would be to repair 0% of the year 2000 problems, and have 100% of the date problems still present at the beginning of the next century. This is also unlikely to occur. Indeed it will not occur at least in the United States because many thousands of staff years and billions of dollars have already been expended on achieving year 2000 compliance.

Even for the countries and industries that are lagging, it is probable that some of the year 2000 problems will be fixed. Therefore there is no purpose to assume that even the worst of the worst cases will leave more than 75% of year 2000 problems unrepaired, although a 75% miss rate can lead to very serious damages indeed.

The key issues to be considered are: 1) What percentage of software applications will still contain date problems when the next century begins?; and 2) What are the economic and business consequences of unrepaired year 2000 problems?

The following table attempts to summarize the ranges of possible outcomes based on discussions with economists and other year 2000 specialists including the year 2000 executives from a number of large corporations and some government agencies:

Possible Economic Consequences From Unrepaired Year 2000 Problems

Percentage Percentage Economic and Political Impact
of Year 2000 of Year 2000 of Unrepaired Year 2000 Problems
Problems Problems
Repaired Not Repaired

100% 0% No impact
95% 5% Local impact for some enterprises
90% 10% Significant impact for many enterprises
85% 15% Severe impact: best case for United States
80% 20% Severe impact: possible recession
75% 25% Severe impact: best case for European Union
70% 30% Very severe impact: possible depression
65% 35% Very severe impact: depression probable
60% 40% Very severe impact: political crises
55% 45% Very severe impact: martial law probable
50% 50% Very severe impact: governments fail
45% 55% Very severe impact: Bankruptcies common
40% 60% Very severe impact: Unemployment > 35%
35% 65% Crisis level: Infrastructure crippled
30% 70% Crisis level: Infrastructure collapses
25% 75% Crisis level: Famines probable

Of course this table of year 2000 consequences has relevance only for industrialized nations with economies that are based on manufacturing and high-technology equipment. The impact of the year 2000 problem on an agrarian society using mostly hand tools would be negligible, except for the fact that manufactured products will probably be hard to acquire if the year 2000 problem is not contained.

The available empirical data from U.S. and Western European companies as of the end of 1997 give the strong impression that the United States may have as many as 15% unrepaired year 2000 problems at the end of the century but about 85% of the problems may be fixed.

For the United States, many large enterprises are nearing the completion of their year 2000 repair activities and will probably achieve year 2000 compliance for their key applications. However, the year 2000 repair cycle is averaging close to three years, and only about two years remain until the century ends. Therefore enterprises which have not yet begun their year 2000 repair work have little chance of finishing in time.

The data from the European Union is troubling, and it would not be surprising to see 25% or more year 2000 problems unrepaired in the European Union and only 75% fixed in time. The obvious reason for this lag is that European companies and their governments have been concentrating on the Euro-currency conversion issue, and have not seriously addressed the year 2000 problem at National or Industry levels, although there are some exceptions to this statement.

For the rest of the world; i.e. the Pacific Rim such as Japan, South America, and Eastern Europe, etc. the probability of achieving year 2000 compliance varies widely, but it would be surprising to see more than about 75% of the year 2000 problems fixed, while 25% may remain unfixed at the end of the century. Unfortunately, this is the "best case" prognosis.

India may be an exception, since the major Indian software companies have become active outsourcers in the year 2000 problem domain. Also, the Indian infrastructure (power generation, telephones, transportation, etc.) is not as dependent upon computers and software as the United States or the highly industrialized nations.


TWO
SCENARIOS ON THE SERIOUSNESS OF THE YEAR 2000 PROBLEM

In general, the press reports on the year 2000 problem stress either one or the other of two alternate and opposing scenarios. In scenario 1, the year 2000 problem is viewed as a fairly minor business issue which consultants and vendors are exaggerating in order to bring in consulting work or generate sales of year 2000 tools.

In scenario 2, the year 2000 problem is viewed as a very serious topic with the most serious consequences being possible disruption of the infrastructure, such as the loss of telephone switching systems, damages to electric power generation facilities, and to medical devices and weapons systems.

Let us review these two alternate scenarios and consider the data which either supports or challenges their assumptions.

Scenario 1: The Seriousness of the Year 2000 Problem is Exaggerated

This first scenario assumes that the year 2000 problem will cause minor software problems for business applications but no serious damage to the infrastructure such as telephone systems, transportation, electricity, and so forth.

If the year 2000 problem is minor and will not cause serious harm, then the costs of achieving year 2000 compliance may not be exactly wasted but could certainly have gone to other kinds of software work.

Managers and consultants who recommended a high priority for year 2000 repairs will be embarrassed, and some may be dismissed or censured in various ways. However, since no serious business or infrastructure damages would occur, this scenario supports a "business as usual" view of the year 2000 problem.

This scenario also supports the European Union's target for bringing out a unified European currency starting on January 1, 1999. The Euro-currency conversion project in Western Europe has been utilizing all available software resources in a number of industries, and has been given priority status much higher than the year 2000 problem for banks, retail establishments, and all industries where currency and credit applications play a key role.

Under this scenario, politicians who ignored the year 2000 issue or even took stands saying it was minor will face no unpleasant surprises during the elections which occur in 2000 and the next few years thereafter.

Those who counseled ignoring the year 2000 problem or devoting only minor resources to year 2000 repairs will face no serious repercussions. As the century changes, a number of software applications will of course fail or produce incorrect results, but under this scenario these problems may be localized or repaired within a matter of hours or days.

In order for this scenario to be viable, it is obvious that at least 95% of the known year 2000 problems must be repaired before the end of the century. For key industries which support the infrastructure, such as banking, telecommunications, public utilities, airlines, etc. the repair rates for year 2000 problems should probably top 99%.

Unfortunately, from interviewing scores of year 2000 managers in major and mid-sized corporations, there is not very much empirical data available to support the optimistic scenario.

From discussions with reporters and columnists who have written optimistic stories that the year 2000 problem is exaggerated, they have no actual data to support this thesis. The primary rational for the optimistic scenario is merely that the consequences of the opposite scenario are too dreadful to want to publish them.

Scenario 2: The Seriousness of the Year 2000 Problem is Grave and Urgent

This scenario assumes that the year 2000 problem will be at least as severe as a major natural disaster such as an earthquake or a flood. That is, this scenario assumes that the year 2000 problem will cause a large number of software applications to fail simultaneously, and that some of these applications will affect human lives, safety, and national defense.

If the year 2000 problem is very serious and can cause major damages, then the costs of achieving year 2000 compliance are well spent, and failure to correct the problem is a possible sign of professional malpractice, violation of fiduciary duty, or both.

In the United States, the corporate executives who lagged on year 2000 repairs will have a high probability of being sued by shareholders for violation of fiduciary duty. In Western Europe the situation is not so clear cut, because there corporate executives have been following the urging of their political leaders to concentrate software resources on the Euro-currency conversion issue. Hence failure to achieve year 2000 compliance in Western Europe might be blamed on the policies of the European Union, which appears to be facing a major economic crisis at the end of the century without the political leaders being aware of it.

In the serious scenario the managers and consultants who recommended assigning high priorities to year 2000 repair work will escape censure and may even be viewed as possible saviors of the enterprise or indeed the government if they are civil servants or politicians.

Conversely, those who counseled ignoring the year 2000 problem or devoting only minor resources to year 2000 repairs will face very severe consequences, which may include personal lawsuits for violation of fiduciary duty if they are corporate officers, or lawsuits for professional malpractice if they are in software management leadership roles.

Worse, if the year 2000 problem causes the enterprise to shut down, to lose goods, to send out incorrect invoices, to miscalculate tax reports, or has some other major disruptive impact then the enterprise itself may be sued and may face bankruptcy.

Indeed, if the year 2000 problem damages the infrastructure and shuts down electric power plants, telephone systems, airports, freight movement, manufacturing, and gasoline production then a business recession among the industrialized nations is a probable outcome.

Under this melancholy scenario, the European Unions' decision to implement a unified European currency starting on January 1, 1999 will be considered a major error of public policy and a causative factor leading to a possible recession in Western Europe in the wake of year 2000 problems.

This scenario also leads to a bleak political outcome for politicians and elected officials who took no corrective action and allowed the year 2000 problem to affect the lives and jobs of their constituents. If the year 2000 problem is very serious, then all elected officials who failed in attempting to head off the problem will no doubt be thrown out of office at the same time.

The governmental implications of the serious scenario cannot be corrected by simply having an election which removes the offending politicians. It will be far too late for this to have any positive value. The worst part of the serious scenario for governments is the probability of the bankruptcy for many urban governments, coupled with severe reductions of services and raising of taxes.

The serious scenario will come about if the percentage of unrepaired year 2000 problems tops about 20% of the total number of year 2000 problems. Unfortunately, the best case scenario for the United States is that only about 85% of the year 2000 problems will be fixed and 15% will not be repaired in time. Further, the United States leads all other nations in year 2000 repairs as of the end of 1997.

Unfortunately, the empirical data which supports the serious scenario is both abundant and convincing. The evidence includes tests of software in the telecommunications and electric generation industries, testimony before congressional committees, surveys, and dispassionate analysis of the way software and computers are utilized by modern corporations, governments, and military organizations.


SUMMARY AND CONCLUSIONS

Whenever a major issue confronts the human species, there are some who try and resolve the issue or make it better and some who try to ignore the issue in the hope that it will pass away by itself. This is the way humans respond to natural disasters such as floods and earthquakes, and also to serious political crises which may lead to war.

The year 2000 problem is in the class of issues which generate views at polar opposites of the spectrum. A substantial number of press reports say that the seriousness of the year 2000 problem is being exaggerated. Yet almost as many press reports say the year 2000 problem might damage many industries and even national economies.

Since the year 2000 problem has not yet occurred, there is no method which is 100% certain to ascertain which scenario is the more realistic. However, an examination of the possible consequence of the year 2000 problem indicate that it is better to take it seriously and try and solve this problem than it is to assume that the consequences will be minor and easily corrected. Unfortunately the weight of evidence about the year 2000 problem currently supports the hypothesis that it is very serious indeed.

The year 2000 problem is confusing to laymen and politicians because of the widely divergent opinions as to the possible consequences of the year 2000 problem. Applying game theory to the year 2000 problem indicates that the safest course is to assume that the year 2000 problem is a serious one, with grave consequences if it is allowed to occur unchecked.


SUGGESTED READINGS FOR ADDITIONAL INFORMATION

DeJager, Peter and Richard Bergeon; "Managing 00 - Surviving the Year 2000 Computing Crisis"; John Wiley Sons, 1997.

Jones, Capers; "The Year 2000 Software Problem - Quantifying the Costs and Assessing the Consequences"; Addison Wesley Longman, 1998.

Jones, Keith; "Year 2000 Software Crisis Solutions"; International Thomson Computer Press, 1997.

Kappelman, Leon (editor); "Solving the Year 2000 Problem"; International Thomson Computer Press, 1997.

Lefkon, Dr. Dick (editor); "Year 2000 Best Practices for Y2K Millennium Computing: Panic in Year Zero"; Mainframe Special Interest Group (SIG) of the Association of Information Technologies (AITP); New York, NY.

Ragland, Bryce; "The Year 2000 Problem Solver"; McGraw Hill, 1997.

Robbins, Brian and Rubin, Dr. Howard; "The Year 2000 Planning Guide"; Rubin Systems, Inc.; Pound Ridge, NY; 1997.

Ulrich, William and Ian S. Hayes; "The Year 2000 Software Crisis - Challenge of the Century"; Prentice Hall, Yourdon Press; 1997.