Friday, September 23, 2011

Coverup of $217m software bug causes $2.5m penalty, plus accusation of fraud

Finance software bug causes $217m in investor losses

Dev pays $2.5m for hiding decimal-percentage flaw

http://www.theregister.co.uk/2011/09/22/software_bug_fine/

The article emphasizes a point that Cem Kaner makes about how the law is applied to software products. Software producers need to fully disclose their bugs that will materially impact their customers. Else you risk perpetrating fraud.

Our software does not have to be perfect (else we would never ship the product). But it is a reasonable expectation that when the producer becomes aware of a material defect in the product, they have an obligation to notify their customers of the defect.
“In 2009, an employee of Rosenberg's company, Barr Rosenberg Research Center, discovered a two-year-old bug in the code that caused it to incorrectly calculate risks.
How seriously do you consider correcting newly discovered problems that exists in multiple previous versions of the product? Do you discount fixing it because the customer has not reported the problem?
The error stemmed from the failure to reconcile the use of decimals in some of the data and percentages in other information, causing risks to routinely be underrepresented.
I have seen that exact same type of data precision error before. Have you?  What would it look like?
The employee disclosed his findings to Rosenberg and the firm's board of directors that same year.
I wonder if they fired him for finding and disclosing that bug all the way to the board of directors.

Rosenberg directed the others to keep quiet about the error and to not inform others about it, and he directed that the error not be fixed at that time,”
Did Rosenburg make an ethical choice with respect to all the stakeholders?
The error caused about $217 million in losses to more than 600 client portfolios.
In addition to paying the $2.5 million penalty, Rosenberg agreed to never again work in the securities industry.
The SEC said Rosenberg willfully violated anti-fraud provisions of the Investment Advisers Act of 1940.
The coverup is what really got him - because it lead to a fraud.  Plus he got the industry death-penalty.

What one lesson from this story would you apply to the way you manage your corrective action process?

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u

    <a href="http://www.isolve.co.in/Compliance Software</a>

    ReplyDelete