A developer of financial software has agreed to pay $2.5 million to settle charges stemming from his concealment of a bug that caused about $217 million in investment losses. Barr M. Rosenberg, 68, of Sea Ranch, California, developed the quantitative investment modeling software and put it into production in 2007 to help …
Not finding *every* bug in a piece of software is understandable.
Finding it, not *fixing* it and not *telling* anyone about it is unforgivable.
Let's see them try to sell their *next* version of their software with that track record.
At 68 years of age I'm guessing he certainly won't be giving a shit that he can't work in the industry any more.
Presumably there are $217m of windfall profits on the other side of the deals. Will the winners pay him a £2.5m bonus?
Thought not. Typical finance 'industry'. We lose and it's everybody else's fault, we win and it's trebles all round.
"The SEC said Rosenberg willfully violated anti-fraud provisions of the Investment Advisers Act of 1940"
No conviction or jail time then?
I wonder if his bonus(es) for those years cover the fine? Probably.
I would like to know if this particular product had a typical "we are not responsible for anything that happens" EULA. My guess is that it was, but a combination of hiding a known problem and the specifics of the securities law trumped those claims.
I was once told by a development manager that his former employer, a producer of medical software, did not use bug-detecting software because they would be responsible for any bug found but not fixed. The time for the principle of "if you accept payment for it, you also accept responsibility" is long overdue.
Unfortunately, making developers responsible for damage caused by bugs in their software is completely unreasonable and unfair. I know that sentence makes people angry. But it's still true. It is mathematically impossible to guarantee that a piece of software is bug-free. Sure, using bug-detecting software is a good practice. But bug-detectors only find a very narrow category of problems - and they're themselves subject to bugs. Bottom line is, it's unreasonable and unfair that I can get hit with a multi-million dollar charge due to something that I literally have no way to prevent. Software is intrinsically fallible.
On the other hand, after a bug is found, attempting to hide it rather than fixing it is deeply irresponsible, and I'm totally fine with it being considered the basis for a lawsuit. And I'd also be fine with bug-detecting software being mandatory for critical applications.
I would disagree with your comments about making devs responsible. If you are writing code that is mission critical to a business, then at least you should have a robust set of test procedures to ensure that code is returning expected results. Unit Testing, UAT and all manners of other methods are hardly new to us.
If your code is flawed and it causes problems or losses, then you must willingly accept the responsibility and face the music.
I led a code review for the London Internation Financial Futures Exchange new back office system many years ago and given the importance of what this system did, it was extremely important to ensure all i´s were correctly dotted etc.
The company that actually wrote the code had done a simply outstanding job of creating the whole end to end test process, so that it actually did what it said on the tin. No easy feat and highly laudible. Wish I could say the same for many other organisations I´ve worked for down the years.
With responsibity comes accountability.
I worked on some aircraft systems (Hardware), and I know that I am responsible for anything untoward. It is down to a court and possibly a jury to decide if I should be punished for anything that went wrong; but I can certainly be called to account.
Saying that software is somehow different; that it doesn't have to meet fitness for purpose; that any problems caused by it are your own fault isn't right, and the sooner the weasles who push that theory are hung up by their gonads the better.
serves him right
Most software shops accept their duty towards the client is to fix known bugs.
Those which don't should learn from this lesson.
read the article
"The SEC said Rosenberg willfully violated anti-fraud provisions of the Investment Advisers Act of 1940. He agreed to the penalties without admitting or denying the SEC's findings.
The agreement comes seven months after a related Rosenberg firm, AXA Rosenberg, agreed to pay $242 million to settle charges."
he settled out of court and paid up the losses via another company..... therefore no jail time as no "crime" admitted..... Whilst the guys an arse for hiding the faulty software, hes coughed up fully for all losses.... quite unusual for a software vendor.....
He'll be HP new CEO in no time
As an ex-AXA Rosenberg employee (hence the anonymous posting) and having met Barr quite a few times through work, I probably have a better understanding than most of the situation.
The Research Centre was a self-contained unit (mostly operating just outside SF) which supplied data (basically trading instructions) to the AXA part, which made investments based upon that data. This kind-of exempts the AXA side from any blame, although ideally they should have had tighter reins on the RC.
Barr is not the kind of guy who you could question: he did what he wanted. Not in a authoritarian way, but purely by the fact that you never saw him and he had such an aura around him that you just didn't question him. He had access to the source code, as did many others, but notice that he specifically takes the fall for it ("Rosenberg directed the others to keep quiet").
Barr was not the only one that was punished internally for this - quite a few of the directors were moved on or retired.
Also as a result, AXA now owns the full 100% of the company which was something that it wanted for a long time after the original deal.
The model that the RC used is a behemoth written in Eiffel (no, I'm not kidding!) which was constantly undergoing revisions on a daily basis. The fact that there were errors would not be a surprise to anyone in the industry, but the scale is what is amazing.
Would Barr's bonus have covered the fine? Look him up on Wikipedia. It wouldn't have made a dent.
One has to wonder...
Did he make money from the mistake? Surely if he knew about the error, he could work out what deals the software would erroneously make and then take a contrary position.
That would explain why he did not want to disclose the problem - it was a cash cow.
No, he didn't make money (read the judgement or other news) they were losing money because of the bug and the company ended up paying the shortfall.
The bug was that it was misreporting the returns, thus the value of the client funds looked better (worth more) than they actually were.
The net results was a large outflow of money from the company as investors pulled out their funds.
AXA Rosenberg went from $148bn under management to around $30bn within the space of 18 months. Partly due to falling stocks, but what was left was taken out.
Also, Barr wasn't a "Dev"; he started and effectively owned the company, invented the models and liked to poke around with the code. The guy was already a multi-millionaire before he started this one, having sold BARRA to Nomura.
Also, it wasn't a software house but a Research Centre that created the software and would licence the output (trading recommendations) to AXA Rosenberg to act, so there were no "customers" in the traditional sense, just one big company.