Is Catastrophic Software Failure a Black Swan?

The potential risks of software failure are variously described as a “fly in the soup” or an “elephant in the room.” These metaphors convey the idea of unexpected risk events (flies) or neglected, but obvious and visible (elephant), risks. Nassim Taleb, who popularized the use of Black Swans, added the important element of magnitude to unexpected and neglected risks. Black Swan events constitute a much more major, often catastrophic, risk than either flies or elephants.

Taleb observes that people and their organizations are often complacent about the existence of Black Swans. Even though, in retrospect, Black Swan events appear inevitable, the fact that they haven’t yet happened encourages a belief that they will not happen, and this causes shock when they do occur.

To indicate the added risks of complacency, Taleb uses the contrast between the view of a well-cared-for turkey that is surprised by Thanksgiving (the sucker), and the butcher (the knower) who plans for the turkey’s demise.

Despite recent apparent increases in the number and scope of software system failures leading to service outages and data breaches, those who haven’t experienced them expect they will not happen to them. In Taleb’s analogy, they are the suckers.

“Inevitable and Unpredictable”

Most organizations deliver their critical services directly or indirectly through digital systems. These services are seen as a utility – essential to the operation of the economy and society, and to the quality of life. But these digital systems contain software components over which the organizations have no control.

[....]