In his new Cutter Consortium report, "Self-Insuring Your Software," Senior Consultant Murray Cantor addresses the issue that every software executive eventually faces: whether the economic benefits of shipping code outweigh the economic risks.
To decide, the executive must have a view of each. Says Cantor: "The hoped-for benefits are clear in that they are up front in the decision to build the software. They can include revenue, meeting contractual obligations, enterprise efficiency, or supporting some enterprise initiative such as a new service offering. But the economic risks can involve exposures resulting from software failures, leading to data breaches, data losses, excess support costs, and downtime losses."
According to Cantor, if the executive had the opportunity to buy an insurance policy to indemnify the organization against the losses, the decision would be simple. The ship decision would be based on whether the benefits exceed the cost of the insurance. But because there are limited forms of such insurance available, the decision to ship software is essentially equivalent to the decision to self-insure.
The self-insuring conversation may not require very extensive models of all possible liabilities. To the contrary, Cantor continues, "We need not obsess on finding the most accurate random variables. Rather, they need to be good enough to foster the right conversations and improve decision making."
Cantor concludes, "The decision to ship, develop, and deploy software is an economic one. You deliver software only if the expected benefits of the software outweigh the costs over the code’s lifetime, based on the estimated future costs and benefits."
"Self-Insuring Your Software" is available from Cutter Consortium and also includes two appendices: Continuous Random Variables and Computing Functions of Random Variables.