1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Mitch wouldn't?

Collapse
X
1 to 2 of 2 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 2 of 2 Previous template Next
    #1

    Mitch wouldn't?

    Crowdsourced flaw-finding cheaper than in-house bug hunters ? The Register

    A study into the once-controversial practice of vulnerability rewards programs (VPRs) – paying researchers bug bounties for reporting security flaws – has found that for browser builders, the practice is not only more effective at spotting problems that hiring code-checkers, it's also much better value for the money.

    ---------------
    So Mitch have you seen this done(close up)? What are the issues?
    Always forgive your enemies; nothing annoys them so much.
    Tags: None
    #2
    Originally posted by vetran View Post
    Crowdsourced flaw-finding cheaper than in-house bug hunters ? The Register

    A study into the once-controversial practice of vulnerability rewards programs (VPRs) – paying researchers bug bounties for reporting security flaws – has found that for browser builders, the practice is not only more effective at spotting problems that hiring code-checkers, it's also much better value for the money.

    ---------------
    So Mitch have you seen this done(close up)? What are the issues?
    Yep, I've seen a lot of crowd testing. It has advantages in being cheap and quick and in gathering information about the real use of an application. However, it also exposes your bugs to the world for the competition or for dishonest people to know about, and the coverage achieved by crowd testers can't be meaured. That's OK if it's a simple app that isn't critical and with continuous delivery you fix the bugs quickly anyway. But once the application is more critical and subject to legal or hard security requirements it's a different matter. Would you want security critical stuff like airport baggage scanners or emergency services systems (the kind of stuff I work on) to be 'crowd tested'? Do you trust the crowd to report the bugs they find instead of abusing the knowledge they gain? Can the crowd also help repair the bugs or even prevent many of them being created?

    Crowd testing is a good thing where it's sensible to apply it and it has a big future, but unfortunately some managers seem to think it's a silver bullet. Good for quick delivery of simple apps that can make money but are not critical, but not a good idea for stuff that people really have to rely on for their lives.
    Last edited by Mich the Tester; 11 July 2013, 08:48.
    And what exactly is wrong with an "ad hominem" argument? Dodgy Agent, 16-5-2014

    Comment

    Reply to Thread
    1 to 2 of 2 Previous template Next

    Advertisers

    1. Contracting
      1. General
        1. Brexit
      2. Business / Contracts
        1. Coronavirus Assistance
      3. Accounting / Legal
        1. Umbrella Companies
        2. HMRC Scheme Enquiries
        3. The Future of Contracting
        4. IR35 Reform
      4. Technical
      5. Welcome / FAQs
    2. Social
      1. Light Relief
      2. Social / Events
    Working...
    X