Ran Bar-zik is a great tester. Well, he isn’t really a tester, but he is. A programmer and a (cool) blogger, he is great with finding those trivial-unattended security problems – all those that are the result of the negligence of companies.
And it’s always the same cycle: Bar-Zik contacts the company, reports the vulnerability, and only then – after the company has had time to fix it, he publishes the story in his blog or as a newspaper article (he seems to be writing well, and not just code. Note that the link is to an article in Hebrew, as most of his posts and articles).
What we found interesting is that in some cases, instead of just thanking Bar-Zik, and taking care of the stupid-but-important problem – quickly, companies prefer to attack back at him, threatening him not to publish anything, even pointing blame fingers back at him.
That’s funny. That companies still do such a mistake, not learning that we’re in a new era. Transparency is an obvious requirement these days, since anything will be exposed anyway. So better to lead and turn it in your favor, rather than trying to hide it and be exposed to both the problem found and to criticism regarding the hiding attempt.
And of course, threatening bloggers and journalists does not prevent the publishing of any story, it just adds another angle of the company’s stupidity…
Since we are always thinking software testing, we had additional conclusions from these stories:
- Open up. Mainly to learning from others.
- It isn’t a good idea to let your ego guide you, and it is even more so when testing.
- It is important to have the ability to quickly overcome problems and sort out issues.
- Keep yourself up to date with new technologies, but also with development and testing news – no need to repeat mistakes others did and shared their experiences on how to avoid and how to fix.
- Learn from the crowd. Use the wisdom of your community. It can be your software users, your developers and testers and sometimes even anyone with Internet access.
We try to apply these on our daily work. How about you? Share your story.