By Sanjay Zalavadia, VP, Client Services, Zephyr.
Developing high-quality software requires collaboration, from pair programming all the way through testing. Quality assurance teams have taken up agile in part to respond in unison to changing business and technical conditions and better serve end users without damaging the code base. Tools such as test management systems enable developers to be on the same page, even if they are running multiple projects in parallel.
More specifically, the increased use of automation testing, as well as the utilization of testing throughout an application's lifecycle rather than exclusively at the end of it, has put organizations in an excellent position to refactor frequently and also catch bugs early and often. That said, issues still crop up from time to time, even in mainstream commercial software.
Sometimes, theses issues are innocuous. For example, virtually every update to Google's first-party Android apps list "bug fixes" in the release notes, indicating that minor annoyances such as music playback issues via Bluetooth have been addressed. On the other hand, some flaws have wider-reaching implications, especially if they involve security mechanisms, underscoring the stakes of performing diligent, continuous testing.
Microsoft issues emergency patch for Internet Explorer
A recently discovered exploit in Microsoft Internet Explorer fits into the latter category. Basically, this flaw allows a remote attacker to gain the same permissions on a target system as the currently logged-in user. Such a takeover is engineered by directing individuals to specially crafted websites that contain embedded malicious Adobe Flash files.
In-the-wild attacks have been specific to Internet Explorer versions 9, 10 and 11, although the underlying vulnerability is present in all versions of the browser, as well as all editions of Windows except Server Core. The issue is with how Internet Explorer accesses objects in memory that have been deleted or not properly allocated.
A few workarounds were suggested by Microsoft after the flaw's discovery, but some observers realized that a full patch (or switching to another browser such as Mozilla Firefox) would likely be needed to stave off further complications.
"Implementing Microsoft's recommendations will be tough," NTT Com Security executive Chris Camejo told USA Today. He added, Given the complexity and impact of Microsoft's workarounds, I suspect many organizations are just going to wait until the patch gets released and hope they don't get breached in the meantime."
To address this significant problem (Internet Explorer accounts for half the world's browser share), Microsoft has had to go back and create a patch for virtually every version of Windows, including the obscure Windows RT and, despite its retirement from official support in early April 2014, Windows XP. While analysts expect that this exploit won't significantly impact Internet Explorer's market position, the need to sink significant company time into devising fixes for a 13-year-old operating system shows what can happen when a defect slips through the cracks during testing.
Use test management solutions to avoid costly patching
Fortunately, organizations can reduce exposure to these scenarios by using test management solutions. Doing so gives them a comprehensive view of the testing process, including a centralized repository that enables easy commits and collaborations.
Having stronger technical tools is imperative at a time when software development is becoming increasingly complex, with projects often divided between teams. A test management solution lets QA analysts create testcases with less manual effort, creating additional time for thorough testing of software. Such processes help enterprises avoid costly patch development and issuance.
"In the long run, testing a product relentlessly actually saves money," said testing expert Ulf Eriksson for Virtual-Strategy Magazine. "It is less likely that the team will have to spend long hours providing customer support or rolling out patches and fixes once the product is on the market, provided it's been well tested."