After suffering five failures of brand new electrical goods this year, after very few in previous decades, I’m beginning to get the impression that there are serious flaws in the design and manufacturing processes of contemporary products.
Faster product cycles and growing complexity are obvious contributing factors. A further one might be the introduction of lead-free solder. But there is no excuse for not applying quality, durability and usability tests at the design and production stages.
And the same holds for software testing, but with the added need to eliminate security weaknesses in both the design and code. There’s no excuse other than ignorance because it’s not expensive to conduct tests at each stage. And it’s certainly a lot cheaper than applying post production changes.
One security testing product that caught my eye at Infosecurity last week was Veracode’s binary testing service which is fast, affordable and rapidly pinpoints security flaws. If it does half of what it says it does, it would seem to be a mandatory tool for application developers and their customers.
And of course if it was claims tested by the CESG CCTM scheme, then we’d know that it does what they claim. In fact all prudent organisations should mandate both security and claims testing. There’s no excuse not to.