Welcome to the this week’s Quotes of the Week. In this week’s software testing news: The dangers of Open Source software, bounty hunters have a good day, Google expose Microsoft vulnerabilities and more.
The Dangers of Open Souse software
“There is a myth that open source is secure because everyone can review it; more eyes reviewing it making all bugs shallow”
Jake Kouns, CISO of Risk Based Security comments on the number of security issues that came to the fore in 2014. An issue for both developers and software testing; the use of open source software means that software being built already has software vulnerabilities. Read More here.
Bounty Hunters gets $50,000 from Google
A team of security hackers received a $50,000 payment from Google for hacking Google cloud and exposing security issues. The bounty-hunting for bugs has become quite popular in recent years with Google paying out the largest amounts to users highlighting vulnerabilities. Read More here.
Extreme Software Testing
CNET journalist Wayne Cunningham tries out the new BMW i3 and fails to crash the car despite his best efforts.
Microsoft was Not Under Attack
“In reality all the Microsoft sites, including search engine Bing and MSN.com, were knocked briefly offline Friday after bad code was rolled out”
A news report by TechWorm explain the reason why Microsoft’s websites and search engine were knocked out on Friday 2nd January. Rather than the disappearance of the websites being the responsibility of cyber attacks from North Korea which many Twitter users cited, the reason was in face bad code. The reasons the website was down was because it took the company’s engineers a lot longer to roll back to a working version of the code than was expected. Read the full story here.
Google gets the hop on Microsoft
“By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner”
A Google statement explains why the company made public a Windows 8 vulnerability that could affect millions of users. The company’s division that tracks and reports software flaws to vendors (Project Zero) gives company’s 90 days to fix the flaws before making them public. In this case, Microsoft have not released a patch for the software bug that Google reported within those 90 days. Read More about the story here.