John Chang, Head of Solution Design, CAST Software at QAI QUEST, 2016
Recently I had the pleasure of speaking at QAI QUEST 2016, which showcases the latest techniques for software quality measurement and testing. It was a content-rich program with more than three days of diving deep into issues like DevOps, Open Source, Security Mobile and more. But what struck me the most above all the event chatter is that even the brightest of companies are still having a difficult time identifying and fixing code quality errors.
During my keynote, I spoke about the perils of system-level defects and how these defects, when they go undetected, can completely ruin ingenious application development strategies. There are two key reason these bugs persist: decentralized development practices and a lack of automated code review standards.
We always hear about issues with systems, applications, or services caused by poor code quality or missed defects, but what happens when these problems become life threatening? Recently an article posted by npr discussed the early release of dangerous prisoners who are now being charged for murder. According to the article, Governor Jay Inslee of Washington State reported that more than 3,200 prisoners were released early due to a software defect.
This was not a result of good behavior, but rather an issue caused by a software glitch within the Department of Corrections. As reported by the governor’s general counsel, Nick Brown, approximately 3% of the occurrences since 2002 should not have been allowed. This software glitch has gone unnoticed for more than 10 years and as a result dangerous criminals have made their way back into society.
The banking industry has definitely had its share of ups and downs when it comes to service reliability. In the past year, there have been a number of instances where customers have been unable to gain access to funds, receive deposits, and pay bills. As reported in an article by theguardian, HSBC experienced a system failure at the end of August, which left thousands of their customers in a bind over a major banking holiday.
This “technology glitch”, as reported by HSBC, prevented customers from being paid their salaries. The reported system failure made it impossible for employers to access their business banking accounts. A staggering number of banks have experienced system failures and service issues like this one. This raises a question: Is poor code quality becoming a big problem for the banking industry?
With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.
As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.
As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.
What Was the Security Issue?
The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:
CAST recently sponsored the ASUG NJ Summer Chapter meeting, held on June 12th. ASUG is a renowned organization across US and Canada for SAP professionals and organizations working in the field of SAP. The conference was attended by more than 100 professionals from companies across various industries. The full day event featured many interesting presentations including a presentation of the latest CRASH report on SAP.