Y2K Site Map | Terms of Use | Problem | Steps | Certification | Briefings | Compliance | Solutions | BIOS | Test & Evaluation | Cost

The following Y2K material has been kept available by MITRE for historical purposes only and has not been updated unless noted.

Year 2000 Assessment Report Executive Summary

Background

A significant number of computer-based systems will be adversely affected by the arrival of the Year 2000 (01/01/2000), unless action is taken now to replace, update, or change components of these systems to eliminate or otherwise mitigate the effects this event. The millennium poses a significant problem for software maintenance. Dates, time, and time duration are used in almost every computer based application and improper calculation of these values can cause a malfunction which may have catastrophic effects.

In the early days of computing, the year portion of the date was represented in software by its last two digits to save precious and expensive memory and disk storage. Unless detected and remedied in advance, this shortcut will cause problems and failures at the turn of the millennium. On 29 November 1995, Director of Defense Research and Engineering Dr. Anita Jones asked if The MITRE Corporation could perform a quick assessment on "the effects of date calculations on software as the world crosses the century mark." In response, a team of MITRE experts from the Software Center and the Economic and Decision Analysis Center was formed. The briefing summarizes the results of this team's efforts over approximately one calendar month to size and scope the date problem for the Department of Defense (DOD) and to evaluate the effectiveness of automated tools in isolating code that needs to be modified. In addition, MITRE performed a literature and internet search to learn what others in industry and government are doing about the problem.

As part of its assessment, the MITRE team performed a short code analysis experiment to validate "well publicized" estimates of the size of the problem and likely cost to repair it. Also, the availability and effectiveness of commercial tools offered to isolate and repair code was evaluated.

The Problem

In addition to the problem caused by carrying only the last two digits of a year, there are a host of similar problems that have begun to arise. Some are related to selecting a base year for dates other than 1900. Others result from either incorrectly or incompletely coding the rules for determining a leap year.

The problem is expected to manifest itself in hardware, microcode, and firmware, as well as in system software, middleware, government-off-the shelf and commercial off-the-shelf (COTS) packages. It will also affect applications, databases, files and message sets.

Summary of Findings

The MITRE team analyzed over 5.4 million lines of code from 9 command and control and 2 logistics Automated Information Systems (AIS). Per system, an average of 1.16% of the code was affected, with a range between 1 and 5%. These percentages include possible false positives. The estimated effort to correct the problem ranged from 9 to 16 staff years per million lines of code (LOC) in the system or $0.75 to 1.70 per LOC for AIS, and 8 to 71 staff years per million LOC in the system or $1.00 to 8.52 per LOC for command and control systems. These results appear consistent with other emerging studies.

While commercially available tools will not solve the problem, they will aid in locating suspected occurrences. After the suspect code is identified, an analyst still must examine each case to ascertain that repair is needed and to actually make the fix, if necessary. The MITRE team also found that many commercial tools are available for the popular languages, but parsers and specialized tools must be developed for many of the legacy DOD systems written in less popular languages like Jovial, CMS2, and Assemblers.

Recommendations

MITRE advises that particular attention be paid to potential breaches of security that could result from undiagnosed problems in systems using passwords, encryption keys and the like.

MITRE also recommends that DOD establish a centralized clearinghouse for information collection and dissemination but employ a decentralized approach to locating and fixing problems. In addition, a Year 2000 Tools and COTS Laboratory should be established to demonstrate and assist in solving the problems in DOD software and firmware. Finally, in addition to testing all repaired systems, DOD should also validate continued interoperability with other systems.