Netscape co-founder and prominent tech investor Marc Andreessen famously noted that “software is eating the realm.” Unfortunately, it also includes eating the lunch of most enterprises, including federal agencies.

For the entire discuss wasteful government IT spending, little is asserted in regards to the costs agencies pay to patch buggy software, a consequence of the industry’s predisposition to release their wares now and connect them later. For Robert Jack, CIO of the U.S. Marine Corps, those costs aren’t incidental.

“We now have roughly 300,000 people, of which a 3rd have day-to-day access to the enterprise network,” Jack said at a contemporary forum on cybersecurity. “i need to defend the network on the desktop or end-user device. i’ve got over 450 registered systems which are regressed to ten significant versions. After we get a patch from a vendor, we need to exit and test that against all that.”

He continued, “Consider the labor hours where i need to touch [and administer patches on] all those devices. And that’s the reason only for one patch.” A week, dozens of recent vulnerabilities are catalogued by US-CERT, the government’s computer emergency readiness team, offering a glimpse of the headaches Jack and CIOs like him face.

Chatting with the software industry at large, Jack said bluntly, “You’re killing me.”

[ As cloud and mobile proliferates, federal IT leaders should take more data-centric method to security. Read Secure Data, Not Devices. ]

The staggering cost of software bugs is difficult to nail down. However, a Cambridge University study released earlier this year estimated that finding and fixing coding problems costs software makers and the worldwide economy $312 billion a year. That does not reflect what customers should also spend to patch and maintain that software on their networks.

The matter, however, goes way past the mechanics of software and system maintenance. It also goes to the guts of network security and the growing risks related to unknown software vulnerabilities, Jack said. Having spent 40 years answerable for command, control, communications, computers and cyber operations for the Air Force, the Defense Department and now the Marine Corps, Jack knows the issues in addition to anyone.

Software by its nature is a piece in progress. While vendors can’t anticipate every problem, a number of that are spawned when software interacts with other software on a network, vendors are making too many calculated compromises with a purpose to ram their products and updates into production, Jack said. But worse, they’re exposing organizations and their executives to growing liabilities if something goes wrong.

Jack pointed to recent reports, which he didn’t specify, indicating that 25% of hospital operating room liability lawsuits at the moment are tied to software coding problems. Lawsuits in accordance with software failures also are becoming a huge concern for the car industry, he said, and the difficulty has prompted high-level discussions inside the Defense Department.

It is just a question of time before the high-profile enterprises become targets for liability lawyers trying to exploit software mishaps, Jack warned, adding that those in positions of authority must consider “in search of some big-time insurance.”