Saskatoon Parking Meter "Cheating Glitch" Too Expensive To Fix
http://www.thecarconnection.com/news/1066342_saskatoon-parking-meter-cheating-glitch-too-expensive-to-fix
http://www.thestarphoenix.com/technology/Park+free+downtown+users+exploit+card+glitch/5316815/story.html
This is the intersection of a real issue from the field, and the practical application of M. Bolton's test heuristic HICCUPPS. http://www.developsense.com/articles/2005-01-TestingWithoutAMap.pdf
Great quote: "I guess I was shocked actually that there was possibly a way to even do
that kind of thing. I don't know who figured it out in the first
place," he said in an interview Friday.
Some interesting questions:
a. I wonder what the organizational root causes were for this issue escaping were.
b. If the system was designed with roles or use cases, I wonder if there were any "cheater" roles/use cases.
c. It seems like such an obvious test, that I wonder if it was known before shipping the product - but not publicly disclosed.
d. I wonder how much the public embarrassment was worth in their mind, when they decided the fix was too expensive.
Do you test for malicious intent or use, or exploitation of your systems?
Does your organization test using the HICCUPPS heuristic, per Michael Bolton's article?
What parts of the HICCUPPS heuristic do you think are the strongest reasons to advocate for getting this issue fixed?
No comments:
Post a Comment