Data Leaks through Test Procedures
I was hard pressed not to read an article in SD Times entitled "A World Half-Full of Data Boneheads". I thought this would be one of those over critical pieces that doesn't have the depth to warrant such a harsh title. I still think the tone of the title is harsh but Edward J. Correia makes good points about poor testing practices that leave companies vulnerable to data leaks.
According to the survey’s nearly 900 respondents, 49 percent of companies that outsource development and/or testing said they share their live data with those service organizations. In a separate question, fully 50 percent said they would be unable to detect the unintentional use of live data during application testing.
Testers need good data. Generated data is fine for preliminary testing but nothing beats real world data for the inconsistencies, integrity violations and other problems that come with the real stuff. Anonymizing data is the first step but even that has limitations (see Bruce Schneier's post on the problems with anonymizing Netflix data).
Old data, anonymizing data, and generated data can all help with the problem. At the end of the day though you will still depend on the quality of the controls your testing services use. Correia notes companies aren't covering their bases on that matter either:
Among the most surprising statistics to me was the uncertainty among organizations as to the specific guidelines in place to safeguard data and who’s responsible for enforcing them.
Of all the problems with testing and data leaks, knowing guidelines ought to be one of the easiest to fix.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
