Every second counts in the event of an emergency. However, a software bug in the system that manages alert sirens in Fort Worth, Texas, caused officials to shut off automated functionality until the issue could be resolved. NBC-DFW reporter Mark Schnyder noted that the issue first manifested when 59 of the 153 sirens in the city of Juan Ortiz went off unexpectedly.
Officials put the system in sleep mode, which prevents sirens from going off automatically, Schnyder reported. Although emergency workers can still initiate an alert manually, this process adds approximately 20 seconds to response time. As this incident underscores, software development practices for emergency systems could benefit from an improved code review process.
It’s important to keep in mind that a change in software development paradigms doesn’t necessarily mean a complete disruption of the organization. According to Michael Howard, principal security program manager for Microsoft, implementing tools such as code review software could improve development practices significantly. Writing for Emergency Management, he emphasized that the implementation of these programs should be complemented with comprehensive coding policies and employee awareness.
“A little education goes a long way,” Howard wrote. “Get all your engineers trained on the security issues. What they are, how to defend against them, and how to design code and test it securely. It’s not just about the code; it’s about system design too.”
As these comments suggest, raising awareness across the board will likely showcase the value of adopting improved code review procedures. However, it is important to showcase value of potential tools to staff throughout an organization before purchasing – otherwise, supporters may face staunch resistance. Few developers want to hear criticism of their work, so it is important to showcase how tools such as static analysis can reduce the number of mistakes from the beginning to save time in the long run.
As Howard noted, it is also important to get buy-in from risk management teams. This side of the business typically wants to know how much money could be saved by adopting a particular technology. This may be difficult to estimate, but software buyers may benefit from coming up with realistic use cases (e.g. a software bug in this product will cause a large-scale recall) and present estimated costs based on those scenarios.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.
About the Author: Chris Bubinas
With over a decade spent in web process analysis and optimization I now manage the web presence and online marketing channels for Klocwork. I love to follow technology, privacy and security issues online and am a technology geek at heart. I will try to post interesting news and developments in the software security industry. Dovahkiin! Related Posts
-
Does a password tool’s encryption weakness highlight the need for more code review?
A guessing technique that leverages a design flaw in the popular 1Password password manager tool has sparked widespread... -
What software security lessons can companies learn from open source projects?
Open source software projects have long been celebrated for their role in driving innovation, their low cost to users, their... -
Three peer code review practices to build better software
A technique such as peer code review or even collaborative, paired coding can be an effective way to meet goals that are...
