Software rot

Last updated January 16, 2025

Software rot (bit rot, code rot, software erosion, software decay, or software entropy) is the degradation, deterioration, or loss of the use or performance of software over time.

Causes

Several factors are responsible for software rot, including changes to the environment in which the software operates, degradation of compatibility between parts of the software itself, and the emergence of bugs in unused or rarely used code.

Environment change

A screen recording of a bug introduced to Blender 2.9 as result of changes in AMD drivers, causing strobing dots of light and incorrect rendering of surface normals. Updates had to be made in Blender's code to accommodate these changes, fixing the bug.

When changes occur in the program's environment, particularly changes which the designer of the program did not anticipate, the software may no longer operate as originally intended. For example, many early computer game designers used the CPU clock speed as a timer in their games.^[2] However, newer CPU clocks were faster, so the gameplay speed increased accordingly, making the games less usable over time.

Onceability

There are changes in the environment not related to the program's designer, but its users. Initially, a user could bring the system into working order, and have it working flawlessly for a certain amount of time. But, when the system stops working correctly, or the users want to access the configuration controls, they cannot repeat that initial step because of the different context and the unavailable information (password lost, missing instructions, or simply a hard-to-manage user interface that was first configured by trial and error). Information architect Jonas Söderström has named this concept onceability,^[3] and defines it as "the quality in a technical system that prevents a user from restoring the system, once it has failed".

Unused code

Infrequently used portions of code, such as document filters or interfaces designed to be used by other programs, may contain bugs that go unnoticed. With changes in user requirements and other external factors, this code may be executed later, thereby exposing the bugs and making the software appear less functional.

Rarely updated code

Normal maintenance of software and systems may also cause software rot. In particular, when a program contains multiple parts which function at arm's length from one another, failing to consider how changes to one part that affect the others may introduce bugs.

In some cases, this may take the form of libraries that the software uses being changed in a way which adversely affects the software. If the old version of a library that previously worked with the software can no longer be used due to conflicts with other software or security flaws that were found in the old version, there may no longer be a viable version of a needed library for the program to use.

Online connectivity

Modern commercial software often connects to an online server for license verification and accessing information. If the online service powering the software is shut down, it may stop working.^[4]^[5]

Since the late 2010s most websites use secure HTTPS connections. However this requires encryption keys called root certificates which have expiration dates. After the certificates expire the device loses connectivity to most websites unless the keys are continuously updated.^[6]

Another issue is that in March 2021 old encryption standards TLS 1.0 and TLS 1.1 were deprecated.^[7] This means that operating systems, browsers and other online software that do not support at least TLS 1.2 cannot connect to most websites, even to download patches or update the browser, if these are available. This is occasionally called the "TLS apocalypse".

Products that cannot connect to most websites include PowerMacs, old Unix boxes and Microsoft Windows versions older than Server 2008/Windows 7 (at least without the use of a third-party browser). The Internet Explorer 8 browser in Server 2008/Windows 7 does support TLS 1.2 but it is disabled by default.^[8]

Classification

Software rot is usually classified as being either 'dormant rot' or 'active rot'.

Dormant rot

Software that is not currently being used gradually becomes unusable as the remainder of the application changes. Changes in user requirements and the software environment also contribute to the deterioration.

Active rot

Software that is being continuously modified may lose its integrity over time if proper mitigating processes are not consistently applied. However, much software requires continuous changes to meet new requirements and correct bugs, and re-engineering software each time a change is made is rarely practical. This creates what is essentially an evolution process for the program, causing it to depart from the original engineered design. As a consequence of this and a changing environment, assumptions made by the original designers may be invalidated, thereby introducing bugs.

In practice, adding new features may be prioritized over updating documentation; without documentation, however, it is possible for specific knowledge pertaining to parts of the program to be lost. To some extent, this can be mitigated by following best current practices for coding conventions.

Active software rot slows once an application is near the end of its commercial life and further development ceases. Users often learn to work around any remaining software bugs, and the behaviour of the software becomes consistent as nothing is changing.

Examples

AI program example

Many seminal programs from the early days of AI research have suffered from irreparable software rot. For example, the original SHRDLU program (an early natural language understanding program) cannot be run on any modern-day computer or computer simulator, as it was developed during the days when LISP and PLANNER were still in development stage and thus uses non-standard macros and software libraries which do not exist anymore.

Forked online forum example

Suppose an administrator creates a forum using open source forum software, and then heavily modifies it by adding new features and options. This process requires extensive modifications to existing code and deviation from the original functionality of that software.

From here, there are several ways software rot can affect the system:

The administrator can accidentally make changes which conflict with each other or the original software, causing the forum to behave unexpectedly or break down altogether. This leaves them in a very bad position: as they have deviated so greatly from the original code, technical support and assistance in reviving the forum will be difficult to obtain.
A security hole may be discovered in the original forum source code, requiring a security patch. However, because the administrator has modified the code so extensively, the patch may not be directly applicable to their code, requiring the administrator to effectively rewrite the update.
The administrator who made the modifications could vacate their position, leaving the new administrator with a convoluted and heavily modified forum that lacks full documentation. Without fully understanding the modifications, it is difficult for the new administrator to make changes without introducing conflicts and bugs. Furthermore, documentation of the original system may no longer be available, or worse yet, misleading due to subtle differences in functional requirements.

Wiki example

Suppose a webmaster installs the latest version of MediaWiki, the software that powers wikis such as Wikipedia, then never applies any updates. Over time, the web host is likely to update their versions of the programming language (such as PHP) and the database (such as MariaDB) without consulting the webmaster. After a long enough time, this will eventually break complex websites that have not been updated, because the latest versions of PHP and MariaDB will have breaking changes as they hard deprecate certain built-in functions, breaking backwards compatibility and causing fatal errors. Other problems that can arise with un-updated website software include security vulnerabilities and spam.

Refactoring

Refactoring is a means of addressing the problem of software rot. It is described as the process of rewriting existing code to improve its structure without affecting its external behaviour.^[9] This includes removing dead code and rewriting sections that have been modified extensively and no longer work efficiently. Care must be taken not to change the software's external behaviour, as this could introduce incompatibilities and thereby itself contribute to software rot. Some design principles to consider when it comes to refactoring is maintaining the hierarchical structure of the code and implementing abstraction to simplify and generalize code structures.^[10]

Software entropy

Software entropy describes a tendency for repairs and modifications to a software system to cause it to gradually lose structure or increase in complexity.^[11] Manny Lehman used the term entropy in 1974 to describe the complexity of a software system, and to draw an analogy to the second law of thermodynamics. Lehman's laws of software evolution state that a complex software system will require continuous modifications to maintain its relevance to the environment around it, and that such modifications will increase the system's entropy unless specific work is done to reduce it.^[12]

Ivar Jacobson et al. in 1992 described software entropy similarly, and argued that this increase in disorder as a system is modified would always eventually make a software system uneconomical to maintain, although the time until that happens is greatly dependent on its initial design, and can be extended by refactoring.^[13]

In 1999, Andrew Hunt and David Thomas use fixing broken windows as a metaphor for avoiding software entropy in software development.^[14]

Related Research Articles

Java applets are small applications written in the Java programming language, or another programming language that compiles to Java bytecode, and delivered to users in the form of Java bytecode.

An integrated development environment (IDE) is a software application that provides comprehensive facilities for software development. An IDE normally consists of at least a source-code editor, build automation tools, and a debugger. Some IDEs, such as IntelliJ IDEA, Eclipse and Lazarus contain the necessary compiler, interpreter or both; others, such as SharpDevelop and NetBeans, do not.

In computing, a legacy system is an old method, technology, computer system, or application program, "of, relating to, or being a previous or outdated computer system", yet still in use. Often referencing a system as "legacy" means that it paved the way for the standards that would follow it. This can also imply that the system is out of date or in need of replacement.

In computer programming and software design, code refactoring is the process of restructuring existing source code—changing the factoring—without changing its external behavior. Refactoring is intended to improve the design, structure, and/or implementation of the software, while preserving its functionality. Potential advantages of refactoring may include improved code readability and reduced complexity; these can improve the source code's maintainability and create a simpler, cleaner, or more expressive internal architecture or object model to improve extensibility. Another potential goal for refactoring is improved performance; software engineers face an ongoing challenge to write programs that perform faster or use less memory.

VBScript is a deprecated programming language for scripting on Microsoft Windows using Component Object Model (COM) based on classic Visual Basic and Active Scripting.

In computer programming, a code smell is any characteristic in the source code of a program that possibly indicates a deeper problem. Determining what is and is not a code smell is subjective, and varies by language, developer, and development methodology.

GNU Wget is a computer program that retrieves content from web servers. It is part of the GNU Project. Its name derives from "World Wide Web" and "get". It supports downloading via HTTP, HTTPS, and FTP.

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities. A patch may be created to improve functionality, usability, or performance. A patch is typically provided by a vendor for updating the software that they provide. A patch may be created manually, but commonly it is created via a tool that compares two versions of the resource and generates data that can be used to transform one to the other.

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Software maintenance is the modification of software after delivery.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

Hard coding is the software development practice of embedding data directly into the source code of a program or other executable object, as opposed to obtaining the data from external sources or generating it at runtime.

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.

CryptGenRandom is a deprecated cryptographically secure pseudorandom number generator function that is included in Microsoft CryptoAPI. In Win32 programs, Microsoft recommends its use anywhere random number generation is needed. A 2007 paper from Hebrew University suggested security problems in the Windows 2000 implementation of CryptGenRandom. Microsoft later acknowledged that the same problems exist in Windows XP, but not in Vista. Microsoft released a fix for the bug with Windows XP Service Pack 3 in mid-2008.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

In software development and other information technology fields, technical debt is the implied cost of future reworking because a solution prioritizes expedience over long-term design.

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.

Software entropy is the idea that software eventually rots as it is changed if sufficient care is not taken to maintain coherence with product design and established design principles. Another aspect can be found in what is perceived to be a decay in the quality of otherwise static software that is the result of the inevitable changes to its environment, that often occur as operating systems and other components are upgraded or retired. The common usage is only tangentially related to entropy as defined in classical thermodynamics and statistical physics.

Extreme programming (XP) is a software development methodology intended to improve software quality and responsiveness to changing customer requirements. As a type of agile software development, it advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted.

References

↑ Raymond, Eric. "Bit rot". The Jargon File. Retrieved 3 March 2013.
↑ Salemi, Joe (1992-01-28). PC Magazine. Ziff Davis, Inc. p. 286.
↑ Jonas Söderström. "Onceability: The consequence of technology rot". Archived from the original on 2021-06-03.
↑ Amadeo, Ron (31 October 2016). "The (updated) history of Android". Ars Technica. Retrieved 31 October 2021.
↑ "Adobe CS2 is Now Available for Free, Sort Of". Mobile Magazine. 2013-01-14. Archived from the original on 2013-01-18. Retrieved 2013-01-20.
↑ Paul Wagenseil (2020-12-24). "Apocalypse deferred: These Android devices will no longer go offline next fall". Tom's Guide. Retrieved 2023-03-16.
↑ "RFC ft-ietf-tls-oldversions-deprecate: Deprecating TLS 1.0 and TLS 1.1". IETF Datatracker. 2021-03-23. Retrieved 2023-03-16.
↑ "Windows 7 adds support for TLSv1.1 and TLSv1.2 - IEInternals - Site Home - MSDN Blogs". Archived from the original on 2013-12-26.
↑ Fowler, Martin (October 11, 2007). "What Is Refactoring" . Retrieved 2007-11-22.
↑ Suryanarayana, Girish, Ganesh Samarthyam, and Tushar Sharma. Refactoring for Software Design Smells : Managing Technical Debt / Girish Suryanarayana, Ganesh Samarthyam, Tushar Sharma. 1st edition. Waltham, Massachusetts ; Morgan Kaufmann, 2015. Print.
↑ Tripathy, Priyadarshi; Naik, Kshirasagar (2014). Software evolution and maintenance: a practitioner's approach. Hoboken, New Jersey: Wiley. p. 376. ISBN 978-0-470-60341-3.
↑ Lehman, M. M.; Belady, L.A. (1985), Program evolution: processes of software change, Academic Press, pp. 143–144, ISBN 9780124424401
↑ Jacobson, Ivar; Christerson, Magnus; Jonsson, Patrik; Övergaard, Gunnar (1992), Object-Oriented Software Engineering: A Use Case Driven Approach , ACM Press. Addison–Wesley, pp. 70-72, ISBN 0-201-54435-0
↑ Hunt, Andrew; Thomas, David (1999), The Pragmatic Programmer , Addison Wesley, pp. 4–6, ISBN 0-201-61622-X

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Raymond, Eric. "Bit rot". The Jargon File. Retrieved 3 March 2013.

[2] Salemi, Joe (1992-01-28). PC Magazine. Ziff Davis, Inc. p. 286.

[3] Jonas Söderström. "Onceability: The consequence of technology rot". Archived from the original on 2021-06-03.

[4] Amadeo, Ron (31 October 2016). "The (updated) history of Android". Ars Technica. Retrieved 31 October 2021.

[5] "Adobe CS2 is Now Available for Free, Sort Of". Mobile Magazine. 2013-01-14. Archived from the original on 2013-01-18. Retrieved 2013-01-20.

[6] Paul Wagenseil (2020-12-24). "Apocalypse deferred: These Android devices will no longer go offline next fall". Tom's Guide. Retrieved 2023-03-16.

[7] "RFC ft-ietf-tls-oldversions-deprecate: Deprecating TLS 1.0 and TLS 1.1". IETF Datatracker. 2021-03-23. Retrieved 2023-03-16.

[8] "Windows 7 adds support for TLSv1.1 and TLSv1.2 - IEInternals - Site Home - MSDN Blogs". Archived from the original on 2013-12-26.

[9] Fowler, Martin (October 11, 2007). "What Is Refactoring" . Retrieved 2007-11-22.

[10] Suryanarayana, Girish, Ganesh Samarthyam, and Tushar Sharma. Refactoring for Software Design Smells : Managing Technical Debt / Girish Suryanarayana, Ganesh Samarthyam, Tushar Sharma. 1st edition. Waltham, Massachusetts ; Morgan Kaufmann, 2015. Print.

[11] Tripathy, Priyadarshi; Naik, Kshirasagar (2014). Software evolution and maintenance: a practitioner's approach. Hoboken, New Jersey: Wiley. p. 376. ISBN 978-0-470-60341-3.

[12] Lehman, M. M.; Belady, L.A. (1985), Program evolution: processes of software change, Academic Press, pp. 143–144, ISBN 9780124424401

[13] Jacobson, Ivar; Christerson, Magnus; Jonsson, Patrik; Övergaard, Gunnar (1992), Object-Oriented Software Engineering: A Use Case Driven Approach , ACM Press. Addison–Wesley, pp. 70-72, ISBN 0-201-54435-0

[14] Hunt, Andrew; Thomas, David (1999), The Pragmatic Programmer , Addison Wesley, pp. 4–6, ISBN 0-201-61622-X

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]