I received dozens of responses to my July 25 commentary "Complacency Creates Vicious Cycle of Software Bugs", which talked about bugs in the software development industry. I believe that most software companies try to deliver high-quality software. We live and work in a free-market society, and real pressures force software companies to keep quality high. But I think the bar of acceptable quality has dropped too low. Most readers agreed with me; the trick is how to make vendors accountable for bugs.

Many readers pointed out that all vendors must adopt any proposed initiative or it would fail. Here's an anecdote from one reader:

"In the old days, Ashton-Tate used to not only publish the known bugs in their dBase program, but they also published workarounds. This was very good for their users but unfortunately led to a situation where the press depicted dBase as a buggy and unreliable system! Naturally people didn't want to use a buggy system, and eventually Ashton-Tate stopped releasing or even acknowledging bugs in their software. Everybody lost a valuable source of information."

Another reader noted that vendors are not all alike. Should we give special consideration to small vendors so we don't prevent entrepreneurs from taking risks?

"... a lot of good software out there is freeware and/or shareware. The package I developed ... is totally free. Should I ever be subject to a liability law, I would just simply pull the plug and so would many of my colleagues."

Reporting bugs isn't as easy as you might think. Here's a comment from a colleague who works at a software company:

"Many bug reports have comments \[that specify which\] customers are affected, and \[the reports\] sometimes include code from a customer's scenario in addition to other proprietary intellectual property. Publishing all bugs to a clearinghouse would require us to create a small team for every product that did nothing but polish bug reports. This kind of work could drain resources better spent in other ways and could have a disastrous impact on smaller companies \[that are\] unable to shoulder the burden."

Should the government get involved? My commentary suggested a consumer watchdog agency backed by new legislation. Most of you believe that the government is poorly suited to solve this problem, and I tend to agree. Washington is unlikely to worry about a few bugs here and there unless an incident drains billions of dollars from the markets in one day, as some of the recent accounting scandals have done. Can or should Washington solve Bug-gate? Probably not. Someone who works for a software-development company offered the following:

"I believe that you need to let the market do its job. Participating in a software defect report effort would really be better suited as \[a voluntary effort\] a company \[could make\] in an effort to build a sense of trust and community around \[its\] product. Government-mandated business processes are bad."

So what should we do if reporting bugs is burdensome and expensive for vendors and the government can't snap its fingers to make everything all right? I don't think we should give up. One reader offered this thought:

"I think the trick (and possibly a difficult one to pull off) would be to create competition between the vendors, so they will happily try to outdo their neighbors. Microsoft and Oracle seem to base a great deal of development resources \[to\] achieving top TPC-C results. Perhaps if the bug levels were tracked and publicized in a similar way, they would see this as a competitive point and motivate themselves. A well-publicized standards authority may achieve greater results than a legal process."

Even better than a standards body, one clever reader suggested the following:

"I think that the software defect report could be a profitable startup. Look at companies \[such as\] Gartner that evaluate technology and vision. If the right \[people\] started the company, they could keep an independent record of bugs and software quality for all vendors and really make an impact. It would then behoove each individual company to contribute where they could to make sure that they had good reviews on the site."

I think that this reader's suggestion is a wonderful idea. It creates a model based on free-market dynamics that could create compelling incentives for software vendors to participate. I plan to launch it in my free time, which—as a DBA, author, husband, and father—I have plenty of!

Whatever the result of these comments, I'd hate to see the spirit behind this conversation die. The flood of email I received about this topic told me that I wasn't the only one who is unhappy with the current situation. At the least, software companies should begin paying attention to the problem of software bugs and should recognize the building dissatisfaction in the community. One reader put it this way:

"I think what's important is that the consumers ... show their frustration and keep the pressure on software companies. There is always a battle going on between features, resources, schedule, and quality. Companies will make choices based on what customers tell them is most important."