Thursday, 27 June 2013

Hackers or Bugs? Which is the Bigger Threat?

If you’re in the software business – and care about quality – then chances are you’ve probably lost sleep over the idea of hackers taking control of your application and running amok. For many, this is their #1 concern. Let’s call it hackerphobia.
But as a recent TechWeek article suggests, software developers should actually fear the software bug over the software hacker. Entomophobia, as it’s called, although not in the strict sense of the term.
Anyway, I wanted to share some of the author’s thoughts on the matter, as it’s not a view you see often in the mainstream tech press, but it’s certainly one we’ve emphasized in previous posts. Here are a few key excerpts that stood out to me:
Cyber attacks and cyber war may be headline grabbing, but a bigger threat to data security could be the software glitch. And the cause of this glitch is the data itself – or rather the sheer amount of it stored in our databases.
Databases are now so large that it is impossible to refresh them regularly, to run tests frequently and to fix errors quickly. This leads to more frequent and more dangerous software glitches. Whilst threats from large scale cyber-attacks should not be overlooked, for most organisations it is the threat of a software glitch that presents a clearer danger.
It seems these types of glitches are happening more frequently than ever before. Why? Often the cause lies in insufficient testing. When databases are as large and complex as they are today, trying to duplicate and refresh data sets for testing is becoming harder and harder. IT teams are spending more and more time responding to requests for copies of databases and in some cases they can’t fulfil those requests at all. Developers are pushed to finish projects faster, but often IT can’t meet their demands which results in minimal testing of applications before they go live.
In other instances, IT departments provide copies of databases for testing, but by the time a copy is available, the data is old. Data can be obsolete after only a couple of hours, but refreshing a single testing data set can takes days, so most tests never uses data which is up to date enough to be risk free.
Stopping glitches from occurring isn’t always possible and implementing a new application will always have inherent risks, but more can be done. Companies need to make testing a priority and equip their IT teams with technology and resources that will enable them to test often and on recent data. Neglecting testing, as some of the recent examples show, can have dire consequences.
In other words, software development departments are their own worst enemy – not the hackers. This is not meant to diminish the threat of hackers (or the need for security testing) but rather to highlight the sometimes downplayed threat of what seem like common software bugs.

No comments:

Post a Comment