Jason Flores

SECEEP Assignment
10/22/2021
CS 110 - 001
Word Count: 1338
Software bugs are infamous for creating unfortunate turn of events for any product
created by code. Some of the more known cases are the Patriot Missile disaster, which failed due
to tracking calculation errors, and the Ariane 5 Rocket explosion, which exploded due to using a
floating-point number that was larger than a 16-bit integer could handle. There are plenty of
cases that revolve around malfunctions with a software product due to software bugs, one in
particular that will be the main focus is the glitch that allowed about 3,200 prisoners in the
Washington state Department of Corrections (DOC) to be released from prison earlier than their
assigned release date. The bug was introduced back in 2002 and remained undiscovered until
2012, but even then it was neglected until 2013. The bug was in software created to reduce the
number of time inmates served in prison, if they behaved well, then they would get good-
behavior credits which would reduce their sentence. In 2012, the family of a victim notified the
DOC that the offender did not serve their full sentence, and was released early. The DOC stated
they would look into the bug, but kept postponing the fix until a new IT boss took notice of the
issue and decided to do something about it. The IT department took a deeper look into the bug,
the software was created to calculate the release dates depending on whether or not a prisoner
showed good behavior, in 2002 the supreme court required an update for the software, this
update would allow prisoners to collect their credits while serving in either state prison or county
jail. Unfortunately, due to the change in code, and neglect of maintenance, the bug was well
hidden for years to come. As stated before, about 3,200 prisoners were released early due to the
bug, some were released about 50 days early, while there was one that was released almost two
years early. Once the new IT manager took note of the situation, they quickly informed the
authorities about the situation. Governor of Washington state, Jay Inslee, had issued a fix for this
bug, but it never happened. Authorities were ordered to return every early-released prisoner to
the DOC but failed which led to a much greater problem for the years to come. The first story
about this case was published around 2015, another article that was published in 2019 updates
the public about the situation. DOC had about four years to resolve this issue, yet they were
unable to fix it. During this time, at least two people were killed by prisoners that were released
early, this is due to the DOC’s irresponsibility.
The SECPP principles could be applied to this situation, as it would’ve prevented the
many issues the DOC encountered. In this specific situation, the rules that should’ve been
followed are the public and product principles. The DOC’s IT team should’ve made certain
decisions that would’ve met the public interests, it also should’ve followed the procedures to
ensure that the product they’ve created or modified would meet high expectations. One can argue
that the DOC failed to comply with other principles, but the main ones are the public and product
principles. For the public principle, DOC failed to follow sections 1.01, 1.03, 1.04, 1.05, and
1.06; while they failed to follow these product principles, 3.10, 3.11, and 3.15. DOC failed to
comply with the public principle for a multitude of reasons. When it became public in 2019 that
the bug was not fixed and that it led to two homicides, the DOC would blame the bug, yet would
not do anything to fix it. Ever since it was discovered back in 2012, the IT department would
constantly postpone the repair, even to this day, it is not known whether or not the problem was
Jason Flores
SECEEP Assignment
10/22/2021
CS 110 - 001
fixed. The DOC approved the software update in 2002, without properly testing the software,
and ensuring that it would be safe to deploy to the public. Due to their negligence, the bug
existed for well over 15 years, releasing dangerous criminals back to the public earlier than
expected. Two victims paid the price with their lives, this diminished the quality of life and did
not diminish the harmful environment that was created. So far the DOC has failed 1.01 and 1.03,
but what about 1.04 and 1.05? These points relate to disclosing information to the public and
authorities about issues that are potentially dangerous to them from the software. The DOC did
follow these points, but a little too late. They addressed what happened with the software to the
public, but after more than 10 years since the bug’s existence. At this point, the public now
questions whether the one in charge of these software applications should be trusted or not.
Whether it be for dishonesty or irresponsibility, the DOC now has its reputation negatively
affected. This leads to 1.06, avoiding deception. This one is very crucial for the DOC to follow,
as they were already starting to lose trust with the authorities and the general public; however,
they broke this principle as well. Back in 2015 when all of this was discovered, the DOC made
plans to fix the bug in January of 2016, they released this information to the public. Fast forward
to 2019, they are still having issues with the bug. They lied to everyone, promising that the issue
would be fixed immediately, but then failing to complete that promise. Along with the public
principle, the DOC had broken the product principle as well. It was not stated whether or not the
IT department conducted enough tests for the software, but one can assume they didn’t. The
point of testing software and debugging them is to get rid of any potential bugs within the
program. Failing to do so would make it highly likely to encounter bugs in the future. 3.11 is an
interesting one, as the DOC’s IT department partially followed this point. Similar to the points
previously stated about the public principle, the DOC notified everyone about the software issue
but was unable to do it on time. Years had passed and over 3000 prisoners were released early
before the statement was given. To make matters worse, the DOC said the problem would be
fixed, but no solutions were discovered yet. This leads to the last point, 3.15, there is not enough
information about the maintenance process of the software. But according to this product
principle, maintenance should be treated as a new development project, which means
maintenance should be treated as a high priority as if one were to create a new software product.
This was not the case with the DOC. If the bug was neglected for so long, that would only mean
that the IT department dealt with little to no maintenance on the software.
Over 3,200 prisoners were released early from prison in over 15 years, all due to a
malfunction within the software that miscalculated the amount of good behavior credits a
prisoner was allowed to claim. These credits were used to reduce the sentence time, but due to an
update of the software in 2002, the program was coded incorrectly so much so to miscalculate
these credits. The lack of maintenance checks allowed this bug to exist for a long time,
throughout this time several deaths have occurred by some of the former prisoners. The safety of
the general public was put to risk, the DOC stated they would fix the issue but did not. As of
right now, it is unknown whether the issue was resolved or not. The DOC broke two important
SECEPP principles, some may argue they broke more than two. They broke the public and
product disciplines. Failure to inform the public and authorities about the issue promptly,
Jason Flores
SECEEP Assignment
10/22/2021
CS 110 - 001
refusing to take full responsibility, putting everyone’s lives at risk, failing to conduct enough
software tests, and failing to check the maintenance of the software are the main factors as to
how and why this event happened.
Jason Flores
SECEEP Assignment
10/22/2021
CS 110 - 001
Works Cited

Horne, Deborah. “Doc Admits Computer Glitch That Allowed Early Release of Prisoners Is Still
Not Fixed.” KIRO 7 News Seattle, KIRO 7 News Seattle, 23 Nov. 2019, https://www-
kiro7-com.cdn.ampproject.org/v/s/www.kiro7.com/news/local/doc-admits-computer-
glitch-that-allowed-early-release-of-prisoners-is-still-not-fixed/925278189/?
amp_js_v=a6&_gsa=1&outputType=amp&usqp=mq331AQKKAFQArABIIACAw%3D
%3D#aoh=16345736530089&referrer=https%3A%2F%2Fwww.google.com&_tf=From
%20%251%24s&share=https%3A%2F%2Fwww.kiro7.com%2Fnews%2Flocal%2Fdoc-
admits-computer-glitch-that-allowed-early-release-of-prisoners-is-still-not-fixed
%2F925278189%2F.

“Jail Authorities Mistakenly Early Released 3,200 Prisoners Due to a Silly Software Bug.” The
Hacker News, 30 Dec. 2015, https://thehackernews.com/2015/12/early-release-
prisoners.html.

McCallister, Doreen. “Computer Glitch Allows 3,000 Inmates Early Release in Washington
State.” NPR, NPR, 23 Dec. 2015,
https://www.npr.org/sections/thetwo-way/2015/12/23/460779255/computer-glitch-allows-
3-000-inmates-early-release-in-washington-state.

“Software Bug Releases Thousands of US Prisoners Early.” ETeknix, 24 Dec. 2015,

https://www.eteknix.com/software-bug-releases-thousands-us-prisoners-early/amp/.

“Software Engineering Code - ACM Ethics.” ACM Ethics - The Official Site of the Association
for Computing Machinery's Committee on Professional Ethics, 19 Dec. 2018,
https://ethics.acm.org/code-of-ethics/software-engineering-code/.