Return of the Guru

Wanted Dead or Alive: Software Bugs

Ara Trembly
Insurance Experts' Forum, August 30, 2010

As just about every software developer knows, there simply isn’t enough time or manpower in most cases to iron out every bug in a new software product—or even an existing one. 

So no one is surprised when even popular applications like Microsoft Windows 7 turn up with bugs and security flaws that need to be patched and fixed along the way.  The problem, however, is that finding bugs generally requires the application of that time and manpower—not to mention money—that I referenced above.  To be sure, software vendors get complaints and act on them, but usually not until the company has checked out the flaw itself.  Again, that means an outlay of time and money.  

But what if vendors could utilize the bug sniffing abilities of their customers to find bugs, instead of dedicating their own resources to that very important effort?  Apparently it cam be done.  Reuters reports that Deutsche Post, the successor to the German federal postal service, will offer bounties for bugs that researchers find in its E-Postbrief secure message service, the company announced this week.

The firm, which also operates the DHL overnight delivery service, will kick off a contest in October after it pre-approves research teams that apply for what it's calling the Deutsche Post Security Cup, says Reuters. Each team will be seeded with $3,800, but must use their own tools and agree to not touch any private data they come across during their work.  Teams must also keep quiet about any vulnerabilities they find until December, when Deutsche Post will award prizes and reveal the bugs it's patched.

Bounties of $6,400 and $1,300 will be paid for major and minor bugs, respectively, with a four-member jury classifying the reported vulnerabilities.

What a marvelous idea.  It occurs to me that with some 60 policy administration software vendors in our industry alone, such low-cost bug sniffing would be a tremendous boon.  While we would have to wait for hard numbers, it seems likely that the cost of the bounties and administration of such a program would be far less than trying to respond to complaints or—even worse—to deal with a major security breach brought on by vulnerabilities in one’s PAS. 

It seems obvious that, at least in the case of PAS, the primary reporters of problems would be the customers.  So why not financially motivate those customers to serve as your quality testing force in the field?  In addition to saving time and money on software testing, such a program would actually reward those customers and others who find legitimate flaws, a major public relations advantage.  Instead of a customer complaint being an occasion for customer anger and vendor annoyance, the whole process becomes one of “you help find my flaws and I will reward you.” 

In fact, my recommendation would be that vendors offer this as an ongoing program over the first two years or so of a product’s life, rather than running it as a discrete, one-time contest.  Such an arrangement automatically makes vendors and their customers partners in the perfection of the software product.  The benefits seem obvious. 

Software vendors, are you listening? 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

 

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Trends in P&C and L/H/A Policy Administration Systems

Novarica research shows that nearly 40 percent of P&C and life/health/annuity carriers are currently replacing or planning to replace a policy administration system.

Product Configurators: Moving Insurers toward Self-Sufficiency

Insurers may like a vendorís full service model for updating policy content rules, but they donít want to be held captive if the vendor doesnít offer fast speed-to-market.

How Quote Data Can Deliver Powerful Business Insights

Quote data often is disregarded due to its volume, but properly managed can offer insights into product and pricing strategy, expense control, cross selling and upselling.

Insurers: Let's Be The Best

I donít like when insurance companies are hectored by people inside or outside of the industry about how they arenít innovative. Many insurers are leading the way in gleaning real results from emerging technology disciplines, including big data, analytics, mobile technology, and telematics.

6 Crucial Guidelines for Digital Insurers

Going digital isnít just something that can be accomplished by decree. It takes finesse to keep everything in sync.

Top Stories in Property/Casualty

Novarica Commentaries are available to clients only, but weíve posted direct links to some of the most important stories below.