Welcome to the this week’s Quotes of the Week: Software needs more automation, another bug bounty programme and more.
Does Software Testing Needs More Automation?
“As software and hackers get more sophisticated, QA testing will gain importance. That will require more software QA engineers and more test automation.”
A opinion piece rather than a news story, Alexander Panchenko (head of web-application testing department at A1QA) argues that based on recent market research reports and new stories, the way forward for software testing is more automation as well as an increase in non-functional testing. Read More here.
Another Company Announces a Bug Bounty Programme
“In addition to hiring world-class experts, we believe it’s important to get all the help we can from the security research community, too”
Dropbox has become the latest company to announce a bug bounty programme. The company had up until now a Hall of Fame for anyone that found a bug in its software but now the company are offering financial awards as well. The company has already paid out over $10,000 to retrospective reported bugs. The bounties start at $216 with the biggest pay out so far being $4,913. THe company however have set no upper cap on payouts. Read More here.
“Zero-day” vulnerabilities in software and networks A coming reality
“A program that pays researchers for information on software vulnerabilities, the Internet Bug Bounty (IBB), will now also reward those who develop tools and techniques to spot bugs.”
Jeremy Kirk reports on the efforts by the Internet Bug Bounty to expand the range of tools organisations can use to find security flaws. Currently the market for security vulnerabilities is one that encourages bug hunters to sell their information rather than report it to company’s as the incentives are greater. IBB which is sponsored by the like of Facebook and Google want to encourage bug hunters to report bugs directly to companies. Read More here.
18 Year Old Un-Fixed Bug Comes Back to Haunt Microsoft
“SMB is a core component in Windows networking, and can be found – and is enabled by default – in all versions of the Windows OS, including Windows 10.”
Zelijka Zorz reports on how a bug that has existed in Windows for the past 18 years and has gone un-fixed has become relevant again thanks to a new technique that has come to light that allows hackers to exploit the 18-year-old bug in Windows Server Message Block (SMB), which would allow attackers to intercept user credentials. The new exploit was uncovered by Cylance researcher Brian Wallace recently.Brain hopes that the publication of this exploit will spur Microsoft to fix the bug. Read More Here.
2014’s most common bugs? Old ones
“None of the top 10 exploits took advantage of the zero-day bugs last year”
Art Gilliland, senior vice president and general manager of enterprise security products at HP comments on the release of the company’s annual cyber risk report which was released last week. The report also found that mobile malware and mobile bugs were increasing as a form of attack by hackers. Read More here.
