Bugs and compliance
The Patriot Act, among other things, requires companies comply with certain types of reporting. I can't help but wonder how bugs play into this... there have been reports that there is no way to get off of no fly lists, what if an off by one bug put you on one? But false positives are two easy and most the time only hurt the individual, what about false negatives? What if Sybase PATRIOTcompliance solution (or any of the other financial institutions software) had a bug which prevented the reporting of 1 in a hundred, a thousand, even a million cases. Are those companies still in compliance?