Economic Risks of Not Testing Networked Applications
Is this latest bump in the economy a resurgence or just another
corner? How can you learn to plan for the unexpected and unknown?
Broad topic but very applicable to the growing number of leading network operators and their vendors using Mu to more completely test their networked applications and product development processes (software development life cycle, or SDLC).
Last month the Test Lab Automation (TesLA) Alliance customer advisory board got together to discuss progress on its all-inclusive testing vision. All of the TesLA Customer Advisory Board members - Verizon, BT, HP and F5 -- are also among the growing number of Mu customers
who have first-hand knowledge on why proactively managing unexpected
application and product behavior is so very important. As TesLA's Vice Chair of Membership and Marketing I also spoke out on this important need. HP and Mu recently launched TesLA's new ongoing webinar series discussing this same topic.
Saving staff developers "fire fighting time," reducing
time-to-deployment for product selection or remediation and even making
sure product fixes operationally deliver as promised are among every
operator's and developer's wish list. With today's economic focus on
bottom lines so strong, quality applications free of unexpected
behavior and good security metrics have never been more important.
Another Mu customer, Alcatel's Genesys group, is also now baselining their Call Center VoIP reliability above competitors using Mu's solution. Smart, this will help them beat competitors on the reliability
message while ensuring the elimination of most unexpected weaknesses
that would otherwise drain engineering and support resources due to
fire-fighting. In a related Mu customer ecosystem, Industrial Control, customers including ABB, Honeywell and SEL are improving their safety and cyber security using Mu. Several of these customers are also actively working within the ISA Security Compliance Institute (ISCI) to create the Embedded Controller Security Assurance (ECSA)
test specification.
A vendor-neutral test regime -- a real industry
standard that is rapidly deployable -- is the goal (moving quickly now
in draft format, btw). Mu is on the record as strongly supporting this effort, we believe the industry has a lot to gain from a non-proprietary certification.
Experience with a vendor-neutral certification regime for embedded
controllers will inform the development of ISA99 as it works to
complete its security standard within its WG4 group. Any proprietary specification that is not compatible with ECSA
is a relic of the earliest attempts at robustness testing for embedded
controllers. The industry needs broad consensus and Mu is committed to
help this move forward. ISCI's ECSA effort is building that consensus.
Leveraging Mu's underlying protocol fuzzing engine to root out security
weaknesses as well as reliability issues is quite important to all customer ecosystems - Alcatel, ABB,
Juniper, Cox, Verizon and their peers. All of these vendors and
operators are part of Mu's customer ecosystem. Speaking of a diverse
customer base, a long-known testing ecosystem member are security
researchers who gained often short-lived notoriety by holding vendors
ransom over 0-day vulnerabilities. Of course, by using
Mu consistently many vendor customers are finding far more security or reliability weaknesses before these issues became production 0-days for the security researchers to ransom.
Vendors are quickly adopting Mu robustness testing as a best practice
(and smart business) to spend time/money to find and fix bugs as early
as possible in the development process rather than at least 10x more
costly than fixing bugs during a field remediation fire drill - according to NIST.
Since the economy is tough on all aspects of the operator/vendor ecosystem, a few researchers are now putting up for-profit only
signs when it comes to 0-days. While embodying admirable
entrepreneurial spirit, a more methodical solution of testing for the
unexpected using a solution like Mu is more economical in both the long
term and short term -- Mu's ROI online calculator even proves out the case.
Another new and growing Mu online offering is the pcapr site with more than 200 protocols - beyond the 60+ Mu already offers - as well as 850+ users and 1,400+ pcaps.
This is a great resource for obtaining packets and is already helping
operators and vendors build more reliable and robust products or
service offerings free of unexpected weaknesses.
Higher quality products and services is the end game here: Quality = Revenue = Success!
Comments:
Write a comment
- Required fields are marked with *.
|
