I recently purchased an APC uninterruptible power supply for my office and noticed something peculiar in the packaging. It was a small piece of paper that says “QUALITY ASSURANCE TEST”. It has the time, date, operator ID and other identifying information for the specific piece of hardware.
As you can see in the image, this QA test sheet has 33 unique tests that were performed on the unit presumably before it shipped. Everything from polarity checks to AC line calibration to beeper tests were performed on this system.
Then it occurred to me…do we actually demand better quality from uninterruptible power supplies like this than we do from the Web applications that power our businesses? I don’t know that we *demand* it but it sure is coming across that way!
Sure, there’s unit testing, functional testing, user acceptance testing and so on around any given Web application, but where’s the real quality when it comes to security and overall application robustness.
I know companies like APC wouldn’t dare let a low-quality uninterruptible power leave the building yet so many companies of similar size and visibility do this every single day with their software. Numerous studies are done each year on security being a missing component of software quality…yet the problem continues on as if it’s someone else’s problem. I see it in my work every day and we’re all impacted when data breaches occur.
Where are we failing ourselves here? Our priorities are misplaced to say the least.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”