Is this a serious issue? or not? your views are appreciated.

[Guest]

[Matty_R]

I think this is really just a prank which has gone wrong.We have all done something along these lines when growing up,sometimes it is human nature to do things like this.
I work on quite a lot of building sites and there are various pranks going on all the time(cling film on the bog,etc) but there is allways a line which most know should not be crossed.In this case given the type of program it is,i think that the line has been crossed,but lets not get to carried away.The person responsible has by the sound of it been given both barrells by Mike from OA and lets hope has learnt a valuable lesson.
We all make mistakes,its when we don`t learn from them that problems arise,i reckon QC at OA  will improve know and the staff will surely not make this kind of mistake again.

Regards Matty

Also this reminds me of bricklayers   they like putting messages on every wall they build 

[salmonela]

Serious code inspection should be taken before public appearance, it is not about what is it in the code (easter egg or something else), just not knowing by Mike whats happening is problem here, there is no quality assurance in Tall Emu I guess.
In such environment I can only imagine what would happen to code when somebody from developers have some disagreements or differences or even fight.
That simple "birthday PoC" can tell us much more than their software is not even in alpha phase...

[sded]

I guess I am surprised that anyone would try to wrap this prank into software QA issues.    With the degree of breakage in new releases, lack of regression testing that implies, lack of formal beta testing (at least any that the mods or users know about), the cavalier treatment of the bugreports, the outstanding major problems with the installer, the significant bugs with no known workoff and retest schedule, ...  Comodo certainly doesn't stand out for its QA program.  But this is also not really a QA issue.  Go read http://en.wikipedia.org/wiki/Software_quality_assurance for example.  Perhaps a breakdown in development process discipline that Mike has vowed to fix would be more appropriate.  And yes, I have worked for SEI level 3 and 4 companies and enforced software QA policies on them, not just read the article.

[Rafel]

I think you need spell check. Can you type it again so it makes sense. Sorry.

Melih knows about he is telling.

 Ho sent molt, però jo no parle anglés. I'm sorry, but i don't speak english.

[salmonela]

Ok, then software quality control

[Melih]

Ok, then software quality control

I think we are playing with semantics....

Salmonela has identified a good link that describes the issue. I think Salmonela has nailed the issue on the head!!

Here is what the above link goes to (for easier reading)
******
Software Quality Control (also known as Verification and Validation (software)) consists of a means of controlling the quality of software engineering products. It does this by means of tests of the software system. These tests can be unit tests, integration tests, or system tests. It also includes the formal proof of individual pieces of code, and the review of documents and code.

It is distinct from software quality assurance which includes audits of the quality management system against a standard. Whereas software quality control is a control of products, software quality assurance is a control of processes.
***********

I have marked the important bits in bold.

thanks

Melih

[sded]

When I use a word,' Humpty Dumpty said, in a rather scornful tone,' it means just what I choose it to mean, neither more nor less.' per Alice in Wonderland.
Quote from earlier reference:
"It (SQA) is distinct from software quality control which includes reviewing requirements documents, and software testing. SQA encompasses the entire software development process, which includes processes such as software design, coding, source code control, code reviews, change management, configuration management, and release management. Whereas software quality control is a control of products, software quality assurance is a control of processes."
You can decide whether you think OA wasn't tested against its requirements (QC problem) or you are claiming the processes are flawed (QA problem)-or perhaps there was a temporary breakdown in development process discipline as I suggested above.  But saying "Does not having enough QA to catch these kind of things from coders is a serious flaw in the development process especially for a "security product?" seems to try to imply that no one (especially Comodo) makes mistakes, and if one is made then the whole process is flawed (a very serious accusation).   And is meant to be inflammatory.

[Melih]

As to what it is "meant" to be is very subjective.
having seen basic mistakes over and over from OA team does certainly raise questions. Noone is implying that anyone is 100% fool proof. However there are certain expectation depending on your professional level. for example: if you are a world class football player I expect you to be able to kick the ball . As they say: Action speaks louder! The issue is not picking this single incident and dwelling on it as such but taking a look at a string of what could be considered to be basic mistakes that has surfaced over last few months and coming to one's own conclusion, thats all.

Melih

[Little Mac]

having seen basic mistakes over and over from OA team does certainly raise questions. Noone is implying that anyone is 100% fool proof. However there are certain expectation depending on your professional level.

But if we take that position, and look back at all the huff from the public release of various Comodo products, it might be quite easy for folks to reach the same/similar conclusions.  Not the same issues, no, but what could appear to be a decided lack of QA or QC (depending on the exact usage thereof).  That's not saying that the products are bad!  I wouldn't say that at all, but there have been significant issues well after final public release.

I honestly don't think it's fair to call OA on the public carpet for this as an example of bad coding, poor QA, QC, etc.  A programmer got a little carried away (wouldn't be the first!), OA has publicly owned it and stated categorically that it's been addressed and won't happen again.  That should, IMO, be enough and be the end of it.

Just my $.02 ~

LM

[panic]

 

Well said.

I'll see your $0.02 and raise it $0.02 

[Pedro*]

$0.06

I don't think there's any gain in all this.

[Melih]

But if we take that position, and look back at all the huff from the public release of various Comodo products, it might be quite easy for folks to reach the same/similar conclusions.  Not the same issues, no, but what could appear to be a decided lack of QA or QC (depending on the exact usage thereof).  That's not saying that the products are bad!  I wouldn't say that at all, but there have been significant issues well after final public release.

I honestly don't think it's fair to call OA on the public carpet for this as an example of bad coding, poor QA, QC, etc.  A programmer got a little carried away (wouldn't be the first!), OA has publicly owned it and stated categorically that it's been addressed and won't happen again.  That should, IMO, be enough and be the end of it.

Just my $.02 ~

LM

I appreciate your point of view, but once again, this example is not being singled out. My view was reached after seeing the following basic mistakes:

1)auto allow if alert is not answered
2)crashing the firewall in flooding
3)allowing rootkit installation
4)allowing ICMP attacks
5)birthday message from the coder
etc etc..

There is a big difference between V3 being such a powerful product and having compatibility issues on its launch on a brand new OS platform for 32 and 64 bit systems and making the above basic mistakes! Hope you can see that point of view..

Again to recap: Making basic mistakes about security over and over on a 2 year old product on a mature OS is totally different than a brand new product having bugs/compatibility issues on a Brand New OS with such huge integration with that particular OS for security...

So I will see and raise to $2

Melih

[panic]

So I will see and raise to $2

I call, but I'm still in.

[Pedro*]

My poker knowledge is so bad. If you call aren't you in anyway

[panic]

Making allowances for non-players. 

[Tags:]