Kevin Beaver's Security Blog

Why uninterruptible power supplies have higher quality than Web apps

I recently purchased an APC uninterruptible power supply for my office and noticed something peculiar in the packaging. It was a small piece of paper that says “QUALITY ASSURANCE TEST”. It has the time, date, operator ID and other identifying information for the specific piece of hardware.

As you can see in the image, this QA test sheet has 33 unique tests that were performed on the unit presumably before it shipped. Everything from polarity checks to AC line calibration to beeper tests were performed on this system.

Then it occurred to me…do we actually demand better quality from uninterruptible power supplies like this than we do from the Web applications that power our businesses? I don’t know that we *demand* it but it sure is coming across that way!

Sure, there’s unit testing, functional testing, user acceptance testing and so on around any given Web application, but where’s the real quality when it comes to security and overall application robustness.

I know companies like APC wouldn’t dare let a low-quality uninterruptible power leave the building yet so many companies of similar size and visibility do this every single day with their software. Numerous studies are done each year on security being a missing component of software quality…yet the problem continues on as if it’s someone else’s problem. I see it in my work every day and we’re all impacted when data breaches occur.

Where are we failing ourselves here? Our priorities are misplaced to say the least.