Static and Dynamic Testing Described


    In a February 2005 COTS Journal article on automated testing, co-authors Bob Fleck and John Viega, who are executives of Secure Software,, discuss the pros and cons of dynamic and static testing (they recommend a combination), but, notably for sourcingmag readers, warn about the risks of dynamic testing:

    For instance, a part of the U.S. government (which can’t be named here) once deployed a critical piece of software after dynamically testing it for many months, over which time they concluded that it only accessed a particular set of resources on the Internet. After the testing was finished, they found out by looking at their firewall logs that the application occasionally “called home” to a web site outside of the country, reporting back information. Had there been a firewall that had a more liberal policy on outbound traffic, this incident could have revealed some important data, even if the offshore developer didn’t have malicious employees inserting backdoors.


    Please enter your comment!
    Please enter your name here