ed or considered by the designers and
the software misbehaves and damages
the environment or data. A user makes
a mistake with the software and there
is no provision to back out to a previous
good state. Over time, users develop
new expectations that cannot be met by
the current capabilities of the software.
There can be unforeseen interactions
between the many copies of the same
software distributed throughout a network—for example, the stock market
crash of 1987 occurred when a large
number of computers programmed to
sell when prices dropped by more than
a preset amount automatically issued
sell orders, driving prices down and
triggering more selling by other computers. Operating system security vulnerabilities are another example: any
or all of millions of systems can be attacked via a single vulnerability.
From long experience, a good software designer may include functions
the user did not ask for but that will
spare the user unwanted future problems. An example is the Apple Time Machine continuous backup system; the
user can retrieve any previous version
of a file and can transfer an entire file
system to a new computer quickly. Another example is the Microsoft Secure
Development Lifecycle, a set of internal management controls that significantly reduced bugs and security vulnerabilities in Microsoft systems.
designer will continue to work with the
customer after the software is installed
in order to modify the software in case
negative consequences are discovered.
These actions—anticipation and continued availability after delivery—are
essential for a software producer to
earn the user’s satisfaction at this level.
Level 4: Software delights. At this
level the product goes well beyond
the user’s expectations and produces
new, unexpected, sometimes surprising positive effects. The user expresses
great delight with the product and often promotes it among others. The
user feels the producer understands
the user’s world and contributes to the
user’s well being.
Very few software systems have pro-
duced genuine delight. Some early ex-
amples include the Unix system, which
was elegant and enabled powerful op-
erations with simple commands; the
Apple Macintosh, which brought an
the one in which the international
standards were developed, when con-
sumer software was relatively uncom-
mon. Under pressure to beat competi-
tors to market, software developers
routinely deliver software with bugs.
Moreover, many software systems are
so big and complex there is no hope
to deliver them without bugs. For ex-
ample, among operating systems, the
Linux kernel has 15 million lines of
code, Windows 10 has 50 million, Ma-
cOS 10. 4 has 86 million, and full open
source Debian release of Linux has 420
million (all according to Wikipedia).
These systems are riddled with flaws,
which contribute to buggy application
software and cyber exploits.
Emerging User-Level Standards
Let us consider how this looks from a
user perspective. Users do not ask, “Is
this software well structured by ISO
9126 standards?” but rather “Does this
software help me get my work done?
Can I depend on it?” What does it mean
to the user to get work done or depend
on software? There is a strong correlation between the user’s experience of
satisfaction and the user’s assessment
of quality. I see six distinct levels—four
positive and two negative (see the accompanying table). I will discuss them
from the bottom up.
Level -1: No trust. Users do not trust
the software. It may be full of bugs,
crash their systems, or carry malware.
You might think users would avoid
untrusted software. But users do often
use untrusted software—for example,
after being lured by fraudulent pitches,
phishing, visits to compromised websites, overwhelming desires for convenience, and the like.
Level 0: Cynical satisfaction. Many
users trust some but not all the claims
made by the software maker—but they
trust enough to be cynically willing
to use it. Much software is released
with bugs and security vulnerabilities,
which the developers fix only after
hearing user complaints and bug re-
ports. User forums are rife with stories
about how the software has failed them
and with requests for workarounds and
fixes; representatives of the developers
are usually nowhere to be seen in these
forums. A combination of factors fa-
cilitates this situation including strong
pushes to get something workable to
market before the competition, belief
that users will tolerate many bugs, and
a lack of liability codified in the license
agreements users must sign to unlock
software. This approach to software
delivery is coming under fire because
the many bugs are also security vulner-
abilities. Cynical users have no loyalty
and will desert to another producer
who makes a better offer.
Level 1: Software fulfills all basic
promises. The user assesses the producer has delivered exactly what was
promised and agreed to. This might be
called “basic integrity.” The ISO standard addresses this level well.
Level 2: Software fits environment.
The user assesses the software is a
good fit to the user’s environment.
This means several things. The practices and routines to use the software
align with other practices and routines
already in the environment; for example, because an ATM implements
familiar practices of making bank
transactions, users can use an ATM
immediately without having to learn
anything special or new. The software
does not enable or encourage actions
that violate social or cultural norms
in the environment. The user has the
experience that the software improves
the user’s ability to get work done and
to carry out important tasks.
Level 3: Software produces no negative consequences. After a period of use,
the user has encountered no unforeseen problems that cause disruption or
losses. The user assesses that the product’s design has been well thought out
and that it anticipates problems that
were not apparent at the outset.
Negative consequences can arise in
numerous ways: The software carries
vulnerabilities that can be exploited
by hackers and malware. The software
itself contains malware that can steal,
damage, or destroy user data. The user
attempts an action that was not intend-
4 Software delights
3 Software produces no negative consequences
2 Software fits environment
1 Software fulfills all basic promises
0 Some trust, begrudging use, cynical satisfaction
– 1 No trust
Six User Levels of Software