The 170 million US Dollar software debacle, otherwise known as the FBI Virtual Case File, is a textbook example of large scale software development gone wrong. Peter Neumann, Robert Charette, Steve Bellovin and Matt Blaze comment on on mismanagement of the development and implementation of the project, where to place the blame for the project flopping, and the difficulties of developing large scale software implementations.
The application, which was intended to modernize the US Federal Bureau of Investigation's IT infrastructure as part of the 'Trilogy' program, turned into a complete fiasco after five years of development. The roundtable of security and risk management experts point to various failings which contributed to the demise of the project. They point out the lengthy and painful upgrade process involved in moving over to the new system. Most importantly however, the lack of a coherent and complete plan meant developers had no concrete goal during the development process.
It is difficult to blame only certain groups, because many different elements were involved: government employees with no software development experience, incompetent programmers, and software development project leaders, who may have held a Ph.D., but didn't have a clue. Failures in implementation of interoperability and catastrophic events like September 11th only ensured the severely mismanaged program was doomed to failure.
This program was originally broadcast on IEEE Spectrum Radio.
Peter Neumann has doctorates from Harvard and Darmstadt. After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, he has been in SRI's Computer Science Lab since September 1971. He is concerned with computer systems and networks, security, reliability, survivability, safety, and many risks-related issues. He currently edits CACM's monthly Inside Risks column, chairs the ACM Committee on Computers and Public Policy, co-chairs the ACM Advisory Committee on Security and Privacy, co-founded People For Internet Responsibility (PFIR), and CO-founded the Union for Representative International Internet Cooperation and Analysis (URIICA).
Robert Charette is the President of the ITABHI Corporation, an international high technology company involved in information and telecommunications systems management consulting. He is the author of over 40 articles on software, systems, and management, served as a consulting editor and columnist to Software Management magazine in London, and is now on the editorial board of Software Quality Professional. Charette's degrees are in electrical and computer systems engineering. He is a long-time member of the IEEE, ACM, Society of Risk Analysis, Risk Policy Institute, the Academy of Political Science, London Institute of Directors, among others.
Steve Bellovin is a professor in the Computer Science department at Columbia University. He does research on networks, security and why the two don't mix. In 2001, Bellovin was elected to the National Academy of Engineering. I was awarded the 2007 NIST/NSA National Computer Systems Security Awared. Bellovin co-authored, with Bill Cheswick, the book "Firewalls and Internet Security." He earned a B.A. from Columbia University; and received an M.S. and Ph.D. in computer science from the University of North Carolina at Chapel Hill.
Matt Blaze is a researcher in the areas of secure systems, cryptography, and trust management. He is currently an Associate Professor of Computer and Information Science at the University of Pennsylvania; he received his PhD in Computer Science from Princeton University. Blaze coined the term trust management to refer to the policy system which decides whether a particular entity should be permitted to carry out a particular action, and has provided foundation research in this area.
Harry Goldstein (host) is a Senior Associate Editor at IEEE Spectrum Magazine.
This free podcast is from our IEEE Spectrum Radio series.