Let me start by saying that RSA is a name I generally equate with security of enterprise systems. That belief made it even more surprising a few weeks ago when I read that the security giant had been the victim of a cyber attack. In an open letter on the RSA web site, RSA Executive Chairman Art Coviello reported that, “Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA.” He went on to explain that the attack has been classified as an Advanced Persistent Threat (APT) and that it “resulted in certain information being extracted from RSA’s systems.” A short time later, Uri … Read More
It’s Tuesday; Do You Know Where Your Patches Are?
It’s Patch Tuesday again. The monthly rite of passage for Microsoft as it attempts to patch some of the holes in its software that it didn’t bother to fix before they put it in the box as well as those exposed after the software had been installed in millions of devices. This month in particular, Microsoft has a “record number” of patches. In fact, Gregg Keizer at Computerworld wrote that,” Microsoft announced that next week’s monthly security update will feature a record-tying 17 bulletins that patch a record 64 vulnerabilities, 15 more than the previous largest-ever set in October 2010.” He adds that nine of these are “critical bulletins,” affecting … Read More
When Good Software Goes Bad
Another week, another software failure. Last week on the East Coast Main Line, which connects London to Edinburgh, a software malfunction left five trains stranded mid-track and significantly delayed others after a power supply issue knocked out the signaling system. According to reports, software that should have instructed the backup signaling system to kick in failed to function, causing all signals on the line to default to “Red,” halting trains where they stood. The failure left more than 3,000 rail passengers stranded or delayed for more than five hours on a Saturday afternoon. Software failures like this one have become all too commonplace in recent years. We treat news of … Read More
Waylaying the ‘Elephant in the Room’
Each year, software errors cost U.S. corporations in excess of $60 Billion for repairs and maintenance costs. The problem is pandemic, affecting companies of all sizes from those topping the Fortune list to pre-IPO start-ups. And the cost of software failures is not only financial. The hit to a company’s reputation that results from software malfunctions can result in lost customers, lost new business and damaged reputation, compounding the costs to fix the problem. When it comes to software, quality counts! Last week, Bruce Craig of Australia-based software modernization firm Micro Focus, wrote that software testing to detect software errors is no longer a practice reserved just for large enterprises. … Read More
Software Quality IS a Matter of Life & Death
There are many different levels of software quality related crises in the IT world. There are those that are a mere inconvenience, like when Twitter, Facebook or Gmail go down. There are those that pose a significant business difficulty, like when a number of financial organizations faced outages recently. In the medical industry, however, software quality failures go beyond inconvenience and difficulty; they result in life and death consequences! Medical News Today last week reported that 39 recalls of medical devices last year, and 500 recalls of devices over the last seven years, were a direct result of software defects and malfunctions. The number seems to pale in comparison to … Read More
Non-Risky Business: Using Static Analysis to Ensure Software Quality
Earlier this week, our own Jitendra Subramanyam joined industry luminary Capers Jones, Chief Scientist Emeritus of Software Productivity Research (SPR) to co-host a webinar on curbing application software outages like the ones seen in the financial sector over the past couple months. The webinar, titled “Stop High-Profile Outages by Quantifying Application Risks,” focused on the importance of static analysis of application software during the build and/or customization phases to identify potential issues than can them be fixed, preventing a future outage. Effectiveness of Static Analysis Jones has long been a proponent of static analysis over merely testing software. In his 2009 book, Applied Software Measurement, Jones wrote, “In terms of … Read More
Rumsfeld on Software – Handling Unknown Unknowns
While former Secretary of Defense Donald Rumsfeld never spoke or wrote about software (as far as I know), his quip about unknown unknowns during the early months of the Iraq war is well known. No matter what you think of Rumsfeld, his classification applies nicely to software and teaches us a lesson or two about building good software. Some things you can test for right away. Some things you can anticipate and set aside to test for later. But the stuff in the top right in red is impossible to test for and not easy to plan for either. How an application and its environment will change is quite uncertain. … Read More