With autumn now upon us, it becomes time to train our eyes towards the latest software industry news to see if any interesting stories provide meaningful insights on how your team builds applications. If you want to check out last month’s stories, simply click on the following link. Stories on the use of AI to improve continuous delivery, and a new DevOps metrics tool await you.
CCleaner Malware Attack places renewed Onus on “Cybersecure” Development
One of the last month’s biggest stories in the technology world involved the malware attack on CCleaner, a cybersecurity application from Avast, one of the most well known anti-virus companies in the industry. Hackers were able to infect the development team at Avast, interjecting malware into versions of the deployed application – both CCleaner and CCleaner Cloud.
Ultimately, the over two-million users who installed the application on their own systems effectively provided cyber criminals with a gateway into their computer. End-users feeling they are taking the right steps to protect their desktops ended up getting burned by a cybersecurity company unknowingly serving as the middleman for hackers. News and analysis of this insidious cyber attack was published on eWEEK, as well as many other sources.
Avast acquired the original developer for CCleaner – Piriform – in July. The attack took place some time in August, with all versions of the application installed from August 15 to September 12 affected by the malware. Since the CCleaner install had a legitimate digital signature from a respected antivirus company, effectively all users installed the program unaware of the hacked code within.
The places the onus on software engineering teams to secure all computers and digital signatures involved in the development process, a point echoed by Craig Williams, a senior technical lead with Cisco. “The fact of the matter is, when it comes down to supply chain attacks, if the attacker is in your build system already, you’ve lost. Once the attacker has all the certificates and all the keys and all the passwords, there is not a lot you can do,” said Williams.
Artificial Intelligence changing Software Quality Assurance
AI continues to influence many aspects of the software engineering process, so it isn’t surprising quality assurance is also taking advantage of machine learning routines to improve its efficacy. A variety of companies specializing in QA services – Infostretch, Appdiff, and dinCloud – are now including AI-based functionality in some of their testing products. News about the inroads artificial intelligence is making in the QA world was published this month in Tech Target.
Infostretch’s new service is called Predictive and Prescriptive QA. It relies on data analysis and machine learning to quickly give software testers the information they need to find defects. The other two companies’ products essentially are testing bots aimed at software development organizations already taking advantage of automated QA as part of their DevOps implementation.
The introduction of AI and robotic testers doesn’t mean QA engineer jobs are at risk. Instead, these tools only help them become more productive and ultimately better at finding software defects.
Keep returning to the Betica Blog for additional news and insights from the world of software development and QA. As always, thanks for reading!