Buying tips for Year 2000 tools

The impending challenge facing managers to get their code and embedded software ready for the Year 2000 has prompted industry to create thousands of tools to help find and automate the fixes. But for anxious buyers, the dizzying choice of tools often adds to the confusion. Whether you are shopping for a test tool or a front-end assessment tool, the questions remain: How do you choose the right tools? How do you get the most for your money? How do you use the tools to meet your fast-approaching deadline?

FCW polled the experts, and here is their shorthand advice for Year 2000 shoppers:

n Don't ignore PCs. Having a relatively new computer is no guarantee that the bug has been fixed, warned Nancy Peters, vice president of Year 2000 business development for CACI Inc., Arlington, Va. She cites experts who assign pre-1997 BIOS chips a 97 percent likelihood of failure and give post-1997 BIOS chips a 47 percent chance of failure.

Prioritize. "Prioritize your projects into what's going to kill you first," advised Bob Anderson, software support activity lead for the Navy's Tactical Aviation Mission Planning System, China Lake, Calif. And "maximize your present [contractor] team, if you have one." Anderson called on his current software development and test contractors to find a Year 2000 consultant— CTA Inc.— that was knowledgeable about military systems and whose services were available on the General Services Administration schedule.

Focus. Focus on the software that is critical to running agency business, which is not always the same code that the MIS department thinks is important, said Jim Duggan, research director for Gartner Group's Application Development and Year 2000 Services, Stamford, Conn. "The biggest error people make is that they pick the thing they worry about all the time."

Automate. Automation is becoming increasingly important. You need as much automation as you can afford, given that the back-end test cannot really be automated, Duggan said. Testing can take as much as 60 percent of your time and resources. Unit test— the test of changed pieces of code— is the only type that realistically can be outsourced, Duggan said. Cycling the code back into larger systems needs to be done at the customer site.

Think long term. Choose Year 2000 tools with some added value beyond 2000, said Joe DiStefano, director of federal operations for Viasoft Inc., Herndon, Va. Tools by Viasoft, McCabe & Associates Inc. and many others were adapted from existing generic technology, so they are applicable to other related problems in software development and testing.

The good news is that "there are adequate tools in all areas," Duggan said. The bad news is that "it's too late for [more] good tools to be developed." Evolutionary improvements and incremental additions keep coming out, however, allowing greater performance and increased automation.

Among the better-known Year 2000 tool providers are Platinum Technology Inc., Compuware Corp., Viasoft, Micro Focus Group Ltd., SEEC Inc. and Computer Associates International Inc. Big service providers, some of whom use their own tools, include IBM Corp., Keane Federal Systems Inc., Cap Gemini America Inc., Science Applications International Corp. and CACI.

Typically, Year 2000 tools are divided into four areas:

- Analysis tools that identify the scope of an organization's Year 2000 problems.

- Impact-assessment tools that determine the implications of Year 2000 problems.

- Remediation tools that actually fix date problems.

- Test tools that ensure the date problems have been fixed for production environments.

Many vendors focus primarily on remediation, automating the processing of finding and fixing date problems for a particular language, such as Cobol. More recently, industry has turned its attention to testing tools.

While choosing the right Year 2000 tools is important, most agencies do not have much time for comparison shopping. Do not spend too much time agonizing over small differences between tools, Duggan recommended. "We're to the point now where a month's delay is 10 percent of the time remaining." Programs will not wait until Jan. 1, 2000, to fail; they will fail in 1999, "when you first put in 2000 as a year."

"You could spend until 2000 deciding what tools to use," agreed Sue Glick, Year 2000 project manager for the Navy Fleet Material Support Office, Mechanicsburg, Pa. But even though her organization started early on Year 2000 repairs, she only spent "a couple of months" in the selection phase. "Y2K is not so much a technical problem as a project-management problem," Glick said. Comprehensive procedural control is essential.

Find and Fix

With time to fix the millennium bug running out, the newest Year 2000 products stress increased automation. For example, IBM's Millennium Language Extensions (MLE) includes Maintenance 2000, which helps find the dates to be changed; CCCA, which "automatically makes the MLE annotations"; and the compiler, which "automatically adds 'windowing' code," said Yvonne Perkins, director of application development technologies at IBM's Santa Teresa Laboratory, San Jose, Calif. Windowing involves changing how a computer reads a two-digit year rather than changing the date itself.

Available with the company's Cobol and PL/1 compilers, MLE technology provides a "quick way to do remediation," Perkins said.

IBM also offers its Millennium Date Compression Tool, which was developed with Allstate Insurance Corp. The idea is "to represent four digits as two," fixing the code as the program is running, Perkins said. Consulting is required with this tool, however, as customers need to be aware that the "data format will be changed."

However, "there's no way around a lot of manual work" in testing code, said Mark Phillips, executive vice president of CTA Inc., Rockville, Md. "That's why you need a lot of schedule there." There are "no special tools" for integration testing, he said. It is also important to leverage your existing tool environment, said Hoyt Warren, director of Year 2000 technology for CACI. Do not add unnecessary complexities. And the tools selected need to be compatible with that environment, so the fastest tools may not be the best.

Speed, however, is a key differentiator. Viasoft claims to have helped a federal client identify, convert, test, validate and move into production 1.1 million lines of mainframe Cobol code over a six-week period, DiStefano said.

Computer Associates claims its CA-Fix/2000 and Unicast/2000 average code conversion at the rate of 50,000 lines of code in 30 minutes. One should scrutinize a vendor's "productivity metrics" as well as its track record, CTA's Phillips stressed.

Many sites already have basic configuration-management and test tools that they will use in the Year 2000 process. But organizations also will have to buy Year 2000-specific tools for date simulation, data aging and Year 2000 assessment. Among these products are Tictoc by Isogon Corp. and HourGlass 2000 by Princeton Softech Inc.

Vendors also stress the need for "intelligence" in tools. Some tools, for example, are like find-and-replace utilities, said Mark Stabler, vice president of the Year 2000 Business Unit at CA. But "the vast majority of dates don't need to be changed," he said. Ravi Koka, president and chief executive officer of SEEC, Pittsburgh, contends that less than 0.5 percent of code actually needs to be changed. Whereas the "vast majority of tools on the market give only about a 65 percent accuracy rate in finding and fixing dates," CA's tools attain a greater than 95 percent rate, Stabler said.

Beyond pattern scanners, there is a need for "third-level" tools knowledgeable about the structure of computer languages in order to "tell which variables are date-related," said Terence Zagar, senior vice president and Year 2000 practice chief scientist for BDM International Inc. He cites technologies by CAP Gemini of America and Forecross Corp. as examples of tools with "intelligence."

Some of the better-known tool providers strive for integration between tools. Viasoft, for example, prides itself on being a "totally integrated solution." Any information produced in the process "goes to a central repository" that can be used for other business functions, DiStefano said.

Viasoft spans the mainframe and desktop worlds. It offers its mainframe tools in an annually renewable package for federal users called US2000, DiStefano said. Included are analysis, remediation, testing and validation capabilities. Introduced this year, US2000 now boasts 10 agencies, he said. The annual fee, in lieu of buying the software, depends on the size of the system, but it typically comes in under $90,000.

Checking Your Work

Test tools are the most critical element of a Year 2000 fix, one vendor said. Test tools are where one gets the "biggest bang for the buck," agreed Bonnie Fisher, Year 2000 program manager for the Year 2000 Service Bureau of the Transportation Department's Transportation Administration Services Center Computer Center. The TASC Computer Center's Year 2000 Service Bureau numbers five external agencies, as well as DOT components, among its customers. The bureau's services are available under DOT's Information Technology Omnibus Procurement contract.

In the test area, some organizations "have barely scratched the surface," Fisher said. "People are looking at applications and not systems. They need to look at interfaces, BIOS, hardware and software." The DOT organization offers independent verification and validation among its other services. It also created an assessment tool that understands the code structure of up to 15 languages.

Testing for the Year 2000 is difficult because it differs from past testing, said Peter de Jager, a Year 2000 expert in Toronto. "Some people underestimate the complexity of testing." It's hard to identify all the things that will change, he said. Although it can be minimized, uncertainty will remain because testing cannot be fully automated, and the repaired systems "can't be fully tested."

Another challenge is creating the test data "to simulate every possible situation that could come up and test for every possible condition of a program," said Mike Lips, Platinum's director of Year 2000 services in San Francisco. Platinum's

TransCentury products include analysis, renovation and testing as well as date simulation and file aging for the mainframe environment. The date-simulation product "makes the computer think it's running on Jan. 1, 2000," Lips said. And the file ager "massages data files to create the test environment."

In the test arena, intelligence means knowing what lines of code have been renovated and what logic paths have to be covered to make sure that changed lines of code are executed, SEEC's Koka explained. SEEC, Viasoft and McCabe are the only vendors offering Cobol "slicer" technology, which when given a point in a program "will tell you all the paths that lead to that point," he said. Besides tools covering unit and regression testing and system testing and verification, SEEC offers Cobol and C/C++ analysis tools and Cobol renovation tools.

In testing, it is imperative to know "exactly what's been changed...and to ensure you've tested every possible logic path," DiStefano said. When it comes to validating Year 2000 fixes, one has to be able to supply documentation that shows this.

McCabe has worked in test validation since 1991 (and in software analysis since 1987). The company's Visual 2000 suite was "built on top of a testing product," said Mike Smith, director of product management at McCabe, Columbia, Md. Additionally, McCabe is one of the few companies willing to tackle embedded systems and Ada code.

McCabe offers three products in its Visual 2000 line— Visual Quality, Visual Testing and Visual Reengineering— that share common technology and cover Cobol, C, C++, Ada, Fortran and Visual Basic.

All three products contain language-specific analysis, visual display and reporting capabilities. The test tool is unique in that it takes the logic mapped by the analysis component and "lays out the conditions you need to execute in order to test your application," Smith said. But it does not actually execute the test.

IBM also has announced its Application Testing Collection, which assists in figuring out what parts of your source code you have changed, how much of your source code your test cases have covered and the "minimum set of test cases you need to run" to get the coverage you need, IBM's Perkins said. The tool covers MVS Cobol and PL/1.

The more complex the environment, the more difficult the Year 2000 remediation solutions are to test. And government environments are notoriously large, heterogeneous and complex. "Testing an integrated environment over any kind of scale hasn't been done yet," CACI's Warren said. "I don't think anybody has a solution for that right now."

Many agencies are turning to outside contractors to help in the testing phase because it is easy to get overwhelmed, Gartner Group's Duggan said. More than 87 percent of people globally are using integrators in some capacity, according to a Gartner Group survey.

Client/Server Tools

Client/server software is a "very hidden problem" that is not being taken seriously enough, said Donald Henrich, president and CEO of Software Emancipation Technology Inc., Burlington, Mass.

One of the few companies focusing primarily on the client/server arena, SET offers Discover Y2K, which is a suite of tools for asset inventory, impact analysis, remediation and testing and which supports C, C++ and SQL, Henrich said. "No one else does C, C++ and SQL together at the same level of functionality," he said.

SET claims to work at a deeper level— with entities, functions, macros and classes— than competitors do. The company's tools "build a database out of source code" that can be queried, Henrich said.

Viasoft's OnMark 2000, the company's client/server product, covers analysis, remediation and testing. It is being added to the GSA schedule.

IBM also provides a set of "find-and-fix" tools created by Bellcore Corp. for the Intel/Unix world, which it offers as IBM Maintenance Tools for C and C++, Perkins said.

Although it is growing late for government agencies to be shopping for Year 2000 tools, the market is still active because the work of fixing systems will go on long after the initial code repairs to mission-critical systems. While ideally the first round of code fixes should be near completion now, with testing finished by the end of the year, only 15 percent of people globally "are to the point where they can sustain operations with what they've done," Duggan said.

While most government agencies are still behind that schedule, some are not. The Social Security Administration, for example, as of late March had renovated more than 90 percent of its code, said Bob Vaccaro, Year 2000 project manager in Baltimore.

"We're checking data flowing back and forth between systems," he said.

The Year 2000 problem in the computer world generally "will be barely touched by 2000," Fisher predicted. "There will be contingency plans for life and safety systems and Band-Aids or temporary solutions" which will need to be evaluated and remediated, keeping specialists busy until at least 2003.

Adams is a free-lance writer based in Alexandria, Va. She can be reached at cbadams@erols.com.