Hackers or Bugs? Which is the Bigger Threat?

fear_of_bugsIf you’re in the software business – and care about quality – then chances are you’ve probably lost sleep over the idea of hackers taking control of your application and running amok. For many, this is their #1 concern. Let’s call it hackerphobia.

But as a recent TechWeek article suggests, software developers should actually fear the software bug over the software hacker. Entomophobia, as it’s called, although not in the strict sense of the term.

Anyway, I wanted to share some of the author’s thoughts on the matter, as it’s not a view you see often in the mainstream tech press, but it’s certainly one we’ve emphasized in previous posts. Here are a few key excerpts that stood out to me:

Cyber attacks and cyber war may be headline grabbing, but a bigger threat to data security could be the software glitch. And the cause of this glitch is the data itself – or rather the sheer amount of it stored in our databases.

Databases are now so large that it is impossible to refresh them regularly, to run tests frequently and to fix errors quickly. This leads to more frequent and more dangerous software glitches. Whilst threats from large scale cyber-attacks should not be overlooked, for most organisations it is the threat of a software glitch that presents a clearer danger.

It seems these types of glitches are happening more frequently than ever before. Why? Often the cause lies in insufficient testing. When databases are as large and complex as they are today, trying to duplicate and refresh data sets for testing is becoming harder and harder. IT teams are spending more and more time responding to requests for copies of databases and in some cases they can’t fulfil those requests at all. Developers are pushed to finish projects faster, but often IT can’t meet their demands which results in minimal testing of applications before they go live.

In other instances, IT departments provide copies of databases for testing, but by the time a copy is available, the data is old. Data can be obsolete after only a couple of hours, but refreshing a single testing data set can takes days, so most tests never uses data which is up to date enough to be risk free.

Stopping glitches from occurring isn’t always possible and implementing a new application will always have inherent risks, but more can be done. Companies need to make testing a priority and equip their IT teams with technology and resources that will enable them to test often and on recent data. Neglecting testing, as some of the recent examples show, can have dire consequences.

In other words, software development departments are their own worst enemy – not the hackers. This is not meant to diminish the threat of hackers (or the need for security testing) but rather to highlight the sometimes downplayed threat of what seem like common software bugs.

As testers and developers, what are you more worried about, hackers or bugs? be sure to let us know in the comment section.

Essential Guide to Mobile App Testing

Comments

  1. says

    “Whilst threats from large scale cyber-attacks should not be overlooked, for most organisations it is the threat of a software glitch that presents a clearer danger.”

    With the increasing number of applications running on servers, a lack of application security testing can lead to catastrophic failures.

    Application security testing doesn’t have to be expensive, in fact Veracode offers this as a free service through its partner BDS. To get a free application security scan, simply navigate to this page: http://blackdiamondsolutions.com/partner/veracode/

    Cyber attacks are only a small part of the risk that IT managers have to deal with. In my experience I have seen many more security issues stemming from lax application security testing policies than any amount of damage hackers have caused.

    Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *