bitHound Blog

The Bug Blog: Big Bugs from the 80’s

For the past few months, the bitHound team has been heads down getting ready for our beta launch. As with all product launches, quality and security have been top priorities for our team.

The appearance of the 'bash' command flaw is a timely reminder that your software can be vulnerable due to other tools/plugins/OS bugs.

I have come to realize how important it is to write good, clean code. Most importantly, I have learned what problems can arise if you do not. I started researching the effects and consequences software bugs can have on our economy and lives. In my new blog post series The Bug Blog, I will be highlighting examples of software bugs and their ramifications.

Code - it’s everywhere. But is it clearly written? Or do bugs lurk in your "spaghetti" code? Why should you care?

Software bugs cost the global economy a whopping $312 billion dollars a year. Yes, that's an annual cost!

With over 18 million developers in the world, computer software is an integral part of our daily lives. However, everyone is human (yes, even developers) and we all make mistakes (yes – even developers). Software is only as reliable as its creator's forethought, and the cost of bugs can be counted not only in dollars but also in lives.

Here are some of the first major coding errors that made headline news.

1. 1983 - The Near Cause of WWIII

A software bug resulted in a near miss of the Soviets launching missiles against the United States of America. The Russians' nuclear early warning alarm system reported that five ballistic missiles from the United States had been launched against Russia. Stanislav Yevgrafovich Petrov, an officer of the Soviet Air Defence Forces, assumed the missile launch warnings were incorrect and did not respond.

Investigation of the satellite warning system later confirmed that the system had, indeed, malfunctioned. The false alarms were caused by a rare alignment of sunlight on high-altitude clouds and the Russian satellites, the byproduct of an overlooked edge case.

Source: Wikipedia

2. 1985 - The Therac-25 Accident

The Therac-25 was a radiation therapy machine used in the mid-1980's. The machine had a high-power and low-power electron beam depending on the application. Its predecessors had a mechanical interlock system to rotate a beam spreader plate when the high-power setting was used. Therac-25 swapped the mechanical interlock for a software one which suffered from a race condition bug - a counter register which constantly overflowed. If the device was activated at the precise time of the overflow, the interlock would fail, resulting in a hugely overpowered burst of radiation in approximately 1 out of every 100 instances. At least 6 documented deaths have been reported as a direct consequence.

Source: Wikipedia, An Investigation of the Therac-25 Accidents

3. 1988 - The Robert Morris Worm Experiment

The first ever widespread attack on the Internet was caused on November 2nd, 1988 by Cornwall University Student, Robert Morris. His motivation was to develop a program to gauge the size of networks (including the Internet). The experiment resulted in computers passing it to others in the network and having it recurse back to itself from those other machines, resulting in multiple executions and, ultimately making all the computers crash. This viral like spreading was caused by an aggressive branching condition that failed to minimize the number program spawns on a computer - a case that could have been easily avoided if tested on a staging environment first. Morris unintentionally create the first mainstream worm, accumulating thousands of dollars in damages.

Source: Wikipedia

bitHound identifies risks and priorities in your Node.js projects.