The outsourced software testing market is expected to grow over ten percent by 2016, according to a study done by Technavio, a leading tech research firm. While this growth presents an opportunity for IT professionals to expand their business, it also means small-business owners in IT fields need to be aware of the risks of this emerging industry.
But before we get into software risk issues, let's go over the basics of software testing.
Methods for Testing Software Defects
There are many ways to test software security, performance, and reliability, and while we can't go over all of them, we'll take a look at some of the common types of software tests.
- White box testing (also called glass box testing). In this type of security test, software testers use their knowledge of the program's construction and source code to try to find security weaknesses.
- Black box testing (sometimes called zero-knowledge testing). Unlike white box testing, security consultants have no knowledge of the code "inside" the program while they perform black box testing. They approach the program as a user would, attempting to see whether the software achieves the results it’s supposed to achieve.
- Gray box testing. As you would expect, gray box testing combines the techniques of white and black box testing.
- Load and stress testing. By piling on more users, resource demands, and processing requests, load testing increases the demands on the software to find its maximum threshold. Stress testing goes one step further. After pushing software past its breaking point, stress tests look to what data is recoverable and what is exposed to security risks after the software "breaks."
- Unit testing. Individual parts of software are tested piece by piece to make sure they work.
- Logic testing (or validation). Logic testing checks that the programming logic makes sense. By checking that If / Then statements are complete and validating other logical issues, testers check to make sure the basic elements of the code are written correctly.
This is by no means a complete list of software testing practices: it's a basic outline. For a full, comprehensive explanation of software testing methodology, read the (ISC)2's report "Assuring Software Security Through Testing."
Software Risk Management: Liability Issues for Software Testers
Can software testers be sued for failing to identify bugs and security weaknesses in client software? Yes, this a major area of professional liability as a software tester. (To get an idea of the scope of professional liabilities software testers and other IT professionals face, check out the blog post, “Why E&O Insurance Is More Important for Tech Firms than Others.”)
Professional negligence is when a business fails to take adequate steps to prevent something bad from happening or does work shoddily so that the final product does not perform as well as intended or promised. Software testers can be sued for professional negligence when they don't test software thoroughly, overlook an error in their testing, or make other mistakes.
Of note: You don’t have to be the author of software code to be held liable for errors. If you played a role in testing the software and didn’t catch a problem, you could be held liable for damages the problem caused (i.e., be held responsible for financially compensating affected parties).
As you know, it can be nearly impossible to find every software defect or security hole in a piece of software. Software giants like Microsoft are frequently updating their programs after they become aware of new security threats (in fact, just last week Microsoft updated MS Word and Windows after it learned of a new vulnerability). While you can't expect to find every flaw, you can practice smart software risk management by protecting your company with IT business insurance.
As you prepare to meet the growing demand for software testing, remember liability comes hand in hand with opportunity. Errors and Omissions Insurance can protect you from lawsuits when clients allege you failed to test their software properly. All it takes is for one client to claim you were negligent. You could be innocent, but still end up in a lawsuit that costs you thousands of dollars.
If you'd like to learn about the cost of business insurance, look at this sample E&O Insurance quote for tech businesses.
