Subscribe

Software testing is 'still inadequate`


Johannesburg, 29 Sep 2005

Due to tight deadlines, many developers still fail to test application software for bugs before it goes live, says a local software solutions and services provider.

With application software playing an increasingly strategic role in the success or failure of businesses, companies cannot afford to wait until the application goes live to test it, says Catherine De Klerk, Compuware SA automated software quality technical consultant.

However, many organisations do, she claims, as a recent global survey revealed it`s not unusual for a standard 50 000-line application to contain between 150 and 300 bugs, and 61% of developers admitted they experienced bugs related to their applications` error-handling code.

This trend, De Klerk says, is found among Microsoft and Java-based applications, irrespective of whether the application is desktop- or Internet-based.

"Today, more than ever before, the IT development community needs to extend its ability to detect and diagnose software quality errors during development to avoid unplanned application downtime, potential lost customer revenue, increased development costs and the risk of security vulnerabilities.

"Currently, an application`s error-handling capability is only tested in the live environment when it is faced with real errors and when, in the case of a security breach, it may be too late," she adds.

While developers are starting to recognise this trend as a problem, De Klerk says, the level of software testing still remains low.

"This is particularly true of the Microsoft .Net framework, which is being billed as the foundation of the next generation of Windows-based applications that are easier to build, deploy and integrate with other networked systems," she explains, adding that security vulnerabilities in .Net Web-based applications remain a concern.

Some 70% of security attacks on Web-based applications occur at the application layer, she says.

"High-quality and reliability of application error-handling code is notoriously difficult to test during an application`s development lifecycle, yet it is clear this is precisely what developers need if they will be able to quickly locate and fix security vulnerabilities in .Net applications," De Klerk claims.

"In fact, developers need to be able to quickly identify security vulnerabilities right to the line of source code and receive immediate expert advice on implementing a repair, reducing the overall mean time to resolution."

Share