This week, Google announced that it was expanding its "bug-bounty" software testing program to its Android platform. Like many other large software companies, Google offers cash "bounties" to security experts and white hat hackers who find bugs and security flaws in its products.
Google, of course, performs its own software testing, but it also pays anyone who discovers bugs and coding errors in its main programs. That's because software testing is a vital part of preventing errors and omissions lawsuits and data breaches. Google knows it’s far cheaper to pay a reward to proactive “good guys” to keep its products safe than it would be to pay a penalty or a ransom to “bad guys” who discovered security flaws and exploited them for financial gain.
Here’s a look at how you can up the ante with your own software testing efforts to avoid E&O charges, even if you don’t have enough cash on hands to reward those who might want to help you.
Preventing E&O Lawsuits: Three Key Areas of Software Testing
Let's go over some key areas of software testing and how they can help you secure your code from hackers and root out potential errors.
- Functional requirements. By carrying out this aspect of software testing, you verify that each part of the software performs its desired function. This testing is often done piecemeal. One function of the code is tested at a time to determine if the user can perform each individual function.
- Nonfunctional requirements. These requirements are no less important than the "functional" ones. Nonfunctional refers to important features like security, maintainability, usability, testability, performance, scalability, and others that don't test whether the software works, but rather how well it works and how secure it is.
- Requirement gaps. An error of omission. Requirement gaps occur when a programmer fails to fulfill a requirement. This can occur when the programmer didn't know a requirement or simply failed to test thoroughly. For instance, a programmer could fail to add a feature to encrypt data files moving between servers. If the program were used at a medical business, this security "gap" would expose the programmer to a lawsuit for failing to follow HIPAA and HITECH guidelines, which determine legal security requirements for medical data.
Software testing is much more complicated than just these three categories. There are all sorts of ways to check software for bugs, possible data leaks, and requirement gaps (we've outlined more of these techniques in "Software Testing: A Growing Market for IT Professionals").
Can Software Testing Lower the Cost of Insurance?
Given the many different aspects of software testing, understanding its intricacies is important for IT firms that not only want to reduce their risk of lawsuits, but also hope to lower cost of business insurance.
E&O Insurance policies become more expensive whenever you're sued for software errors. In that way, debugging, finding requirement gaps, and fixing errors in your code is a vital part of managing the cost of insurance. If you don't, you could see your premiums skyrocket and some insurers might even refuse to renew your policy.
If you'd like to get an estimate on Errors and Omissions Insurance, contact an agent, or check out this sample quote for E&O insurance coverage.