List of software bugs

Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences - either financially or as a threat to human well-being. This is a list of the software bugs with the most notable consequences:

Space exploration

* NASA Mariner 1 went off-course during launch, due to a missing overbar in the specifications for its FORTRAN software (July 22, 1962). [cite web
url = http://www.faqs.org/faqs/space/probe/
title = Space FAQ 08/13 - Planetary Probe History
accessdate = 2008-01-07] Note that the initial reporting of this software bug was incorrect (another bug). [cite book
last = Hoare
first = C. A. R.
title = Hints on Programming Language Design in cite book
title = Sigact/Sigplan Symposium on Principles of Programming Languages
date = October 1973, reprinted in cite book
last = Horowitz
title = Programming Languages, A Grand Tour, 3rd ed. See [http://catless.ncl.ac.uk/Risks/9.54.html#subj1 Risks Digest: "Mariner 1", Vol. 9: Iss. 54, 12 Dec 89] (and cite web
url = http://catless.ncl.ac.uk/Risks/8.75.html#subj1
title = Mariner I -- no holds BARred
accessdate = 2008-01-07]
* NASA Apollo 11 a software error during the final approach to land on the moon came close to crashing the Lunar Module (July 20, 1969). [cite web
url = http://www.hq.nasa.gov/alsj/a11/a11.landing.html
title = Apollo 11 Lunar Surface Journal: The First Lunar Landing
author = Jones, Eric M. (editor)
publisher = NASA ]
* Russian Space Research Institute's Phobos 1 deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988). [cite journal
author = R. Z. Sagdeev & A. V. Zakharov
title = Brief history of the Phobos mission
journal = Nature
year = 1989
volume = 341
pages = 581–585
doi = 10.1038/341581a0]
* The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software. [cite journal
title = The Ariane 5 Software Failure
month = March
year = 1997
volume = 22
number = 2
journal = Software Engineering Notes
last = Dowson
first = M.
pages = 84
doi = 10.1145/251880.251992]
* NASA Mars Polar Lander destroyed because its flight software mistook vibrations due to atmospheric turbulance for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999). [cite web
url=http://solarsystem.nasa.gov/missions/profile.cfm?MCode=MPL
title=Mars Polar Lander
accessdate = 2008-01-07]
* NASA Mars Global Surveyor a mis-sent command from Earth caused the software to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun - subsequently overheating it. (November 2, 2006). [cite web
url = http://www.nasa.gov/mission_pages/mgs/mgs-20070413.html
title = Report Reveals Likely Causes of Mars Spacecraft Loss
accessdate = 2008-01-07] [cite web | url = http://www.space.com/news/070110_mgs_softwareglitch.html/ | title = Faulty Software May Have Doomed Mars Orbiter | publisher = Space.com | accessdate = January 11 | accessyear = 2007]

Medical

* A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of X-rays. [cite web
url = http://sunnyday.mit.edu/papers/therac.pdf
title = The Therac-25 Accidents (PDF), by Nancy Leveson
accessdate = 2008-01-07] [cite web
url = http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html
title = An Investigation of the Therac-25 Accidents (IEEE Computer)
accessdate = 2008-01-07] [cite web
url = http://neptune.netcomp.monash.edu.au/cpe9001/assets/readings/www_uguelph_ca_~tgallagh_~tgallagh.html
title = Short summary of the Therac-25 Accidents
accessdate = 2008-01-07]
* A Medtronic heart device was found vulnerable to remote attacks in March 2008. [cite web
url = http://www.nytimes.com/2008/03/12/business/12heart-web.html
title = A Heart Device Is Found Vulnerable to Hacker Attacks
accessdate = 2008-09-28]

Computing

* The year 2000 problem, popularly known as the "Y2K bug", spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes. [cite web
url = http://www.cnn.com/TECH/specials/y2k/
title = Looking at the Y2K bug, portal on CNN.com
accessdate = 2008-01-07] In addition, it is possible the problem could recur in 2038 (the year 2038 problem), as many Unix systems calculate the time in seconds since 1 January 1970, and store this figure as a 32-bit signed integer, for which the maximum possible value is 2³¹ (2,147,483,648). [cite web
url = http://www.2038bug.com/
title = The year 2038 bug
accessdate = 2008-01-12]
* The Pentium FDIV bug in which certain Intel processor chips would produce incorrect results for certain floating point division operations. [cite web |publisher=Intel |title=FDIV Replacement Program: Description of the Flaw |date=2004-07-09 |url=http://support.intel.com/support/processors/pentium/sb/CS-013007.htm |id=Solution ID CS-013007 |accessdate=2006-12-19 ]

Electric power transmission

* The 2003 North America blackout was triggered by a local outage that went undetected due to a race condition in General Electric Energy's XA/21 monitoring software. [cite web
url = http://www.securityfocus.com/news/8016
title = Software Bug Contributed to Blackout
accessdate = 2008-01-07]

Telecommunications

* AT&T long distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too - resulting in a 'wave' of failure that rapidly spread across the entire AT&T long distance network. [cite book
last = Sterling
first = Bruce
title = The Hacker Crackdown: Law and Disorder on the Electronic Frontier (ISBN 0-553-56370-X)
publisher = Spectra Books] [cite web
url = http://www.dmine.com/phworld/history/attcrash.htm
title = The Crash of the AT&T Network in 1990
accessdate = 2008-05-15]

Military

* The software error of a MIM-104 Patriot, caused its system clock to drift by one third of a second - resulting in it failing to locate and intercept an incoming missile which caused the deaths of 28 Americans in Dhahran, Saudi Arabia (February 25, 1991). [cite web|url=http://www.gao.gov/products/IMTEC-92-26|title=Patriot missile defense, Software problem led to system failure at Dharhan, Saudi Arabia; GAO report IMTEC 92-26|publisher=US Government Accounting Office] [cite web|url=http://www.mc.edu/campus/users/travis/syllabi/381/patriot.htm|author=Robert Skeel|title=Roundoff Error and the Patriot Missile|work=SIAM News, volume 25, nr 4|accessdate=2008-09-30]
* A Chinook crash on Mull of Kintyre in June 1994. A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre, killing 29. This was initially dismissed as pilot error, but an investigation by "Computer Weekly" uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft's engine control computer. [cite web
url = http://www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv12no2.html
title = The Chinook Helicopter Disaster
accessdate = 2008-01-07]
* Smart ship USS Yorktown was left dead in the water in 1998 for nearly 3 hours after a divide by zero error. [cite web
url = http://www.gcn.com/17_17/news/33727-1.html
title = Software glitches leave Navy Smart Ship dead in the water
accessdate = 2008-01-07]
* A software glitch in a South African antiaircraft cannon has killed 9 soldiers and seriously injured 14 others in 2007 during a shooting exercise. [cite web
url = http://blog.wired.com/defense/2007/10/robot-cannon-ki.html
title = Robot Cannon Kills 9, Wounds 14
accessdate = 2008-09-29]

Media

* Eve Online's deployment of the Trinity patch, which erased the boot.ini file off of several thousand users' computers. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory. [cite web
url = http://myeve.eve-online.com/devblog.asp?a=blog&bid=526
title = About the boot.ini issue (Dev Blog)
accessdate = 2008-03-08]
* In the Sony BMG CD copy prevention scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a "rootkit" on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD. [cite web
url = http://www.news.com/FAQ-Sonys-rootkit-CDs/2100-1029_3-5946760.html?tag=st.nl
title = Sony's 'rootkit' CDs
accessdate = 2008-05-15] Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it. [http://blogs.technet.com/markrussinovich/archive/2005/11/04/more-on-sony-dangerous-decloaking-patch-eulas-and-phoning-home.aspx "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home"] , "Mark's Blog," November 4, 2005, retrieved November 22, 2006.

Encryption

* In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised, as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, TOR, SSL or TLS protected connections and SSH. [cite web
url = http://www.debian.org/security/2008/dsa-1571
title = DSA-1571-1 openssl -- predictable random number generator
accessdate = 2008-04-16]

References