Thursday, 27 August 2009

Successful testing = Successful reputation

Following a number of fascinating comments made by nFocus’s clients on how vitally important software-testing was to maintaining their professional reputation, nFocus embarked upon a search of articles and white papers to see what other evidence it could find on the subject.

A number of articles emerged; none more so than one written by Jack Danahy, CTO of Ounce Labs, entitled, “Your company’s reputation: Critical but fragile” dated 7 April 2009. His article concentrates on a software breach at Heartland Payment Systems back in January 2009 and explores the implications on its reputation following negative media in the press.

We found that this article supported our own research and so we have written a brief commentary containing the fundamental take-away points.

First, how do you define reputation? And how tangible is it? Jack provides an interesting criterion for judging this whilst investigating the aftermath of the breach three months on. The criterion was a simple Google search that highlighted a great deal of negative media about the company, which most likely will have been read by clients, prospects and employees alike and so caused immeasurable damage to the business.

In Jack's own words, the Google search for Heartland Payment Systems is pretty illuminating and he says, “As one would expect, the first natural topic is the corporate website. Beyond this, it goes downhill pretty fast. Of the remaining nine items in the natural search list, with the exception of a pointer to a secondary company site and the company’s Hoovers listing, everything relates to the breach. That’s a pretty high percentage.”

He continues, “...querying for a vendor and having the second item have “breach” in the URL would likely be a warning flag to someone trying to learn about Heartland....[suggesting] that reputation is a critical, yet fragile thing. Building it and defending it are not small tasks, and a fall from favor can be swift and absolute.”

With that in mind, what is the cost of a damaged reputation? Jack’s view is that there is no simple or short-term solution. He says, “Rebuilding a tarnished reputation after a breach will require effort... and is always much more difficult than creating it in the first place, because breaches result in headlines that are free, interesting, popular media, while fixes and cleanup result in little beyond whitepapers, which are costly and unpopular media”

This dramatic security breach highlights the critical - but often underestimated - role that quality software testing plays on the day-to-day running of many businesses. Mistakes can be very costly indeed and can even put the future of some businesses in jeopardy.

If you would like to learn more about how high-calibre software testing could help to preserve the reputation of your company (and your own reputation too!) then please call us anytime.

You can click here to read Jack’s original article and to learn more about Jack Danahy’s insights into security, visit Jack's bio, suitablesecurity.blogspot.com or http://www.ouncelabs.com/.

No comments: