Welcome to our weekly software testing Quotes of the Week and testing news where we bring you all the latest headlines related to software testing. This week a Japanese satellite is bricked, Canada deals with Zero day vulnerabilities, new Ruby on Rails bug hunting tool and more.
New MIT Tool Finds Hidden Web Vulnerabilities
“Even if you wrote a small program, it sits atop a vast edifice of libraries and plug-ins and frameworks. So when you look at something like a Web application written in language like Ruby on Rails, if you try to do a conventional static analysis, you typically find yourself mired in this huge bog. And this makes it really infeasible in practice.”
MIT Professor of Computer Science and Engineering Daniel Jackson explains how his team of researchers addressed how their tool could work quickly on finding vulnerabilities in applications written in Ruby on Rails. The automated programme called SPACE, can debug most programmes in under 60 seconds. Read More here
Japan’s Satellite “Bricked”
“JAXA expresses the deepest regret for the fact that we had to discontinue the operations of ASTRO-H and extends our most sincere apologies to everyone who has supported ASTRO-H believing in the excellent results ASTRO-H would bring”
The Japan Aerospace Exploration Agency (JAXA) released a statement recently explaining the reasons why their ASTRO-H space telescope, renamed Hitomi after its launch, has been lost after a series of software errors. A number of errors that happened in quick succession meant that the probe lost it’s solar power and its batteries have died. Read More here
How does Canada deal with Zero Day Vulnerabilities?
“To my knowledge, there’s no formal process by which law enforcement regularly communicates with software manufacturers to flag vulnerabilities that they’ve come across in their own testing, to the extent that there’s testing going on.”
Matthew Braga investigates what legislation and practice occurs in Canada when a government employee, for example a police officer, finds a major security bug. Read More here
Making a $100,000 a year finding bugs
“That was a very exciting time. We were 19 and 20 years old. And we were making roughly US$10,000 a week just the two of us. For two college kids, that was a very large amount of money.”
The story of Jobert Abma, the 25 year old security hacker who’s own hacking abilities has helped him get through college and start a business with his fellow hacker Michiel Prins. Read More here
An old SAP vulnerability comes back to haunt them
“All SAP applications released since then are free of this vulnerability”
SAP respond to reports that older versions of its software has a vulnerability that would allows a user to take control of SAP programmes. This week the The U.S. Department of Homeland Security’s Computer Emergency Response Team (US-CERT) issued an alert for companies running SAP software older than seven years about the potential problems they could face. Read More here
Images: Skyandtelescope.com, SAP
