Bug hunting has become a big business in the software development community. Google has long utilized a bug bounty program, leaning on outside help to improve the quality of products. As of August 2013, the tech giant had doled out more than $2 million in rewards to individuals for identifying and reporting harmful errors over the course of the past three years, according to PCWorld contributor Ian Paul. By paying bug hunters based on the number and quality of flaws found, businesses may be able to avoid financing an ineffective internal team.
TMMi Foundation Chair Klaus Olsen recently spoke to InfoQ about the benefits of bug hunting and how the method can be leveraged effectively. Perhaps the most notable advantage to conducting external bug searches is the amount of time that can be freed up for internal teams. By offloading some of the responsibility for identifying software issues, internal programmers can spend more time polishing their code and ensuring that their product is of the highest quality possible.
Bug hunting as a warning sign
According to Olsen, a well-crafted bug hunting expedition can also demonstrate how secure and stable a piece of software has become. If no errors are found, company officials can reasonably presume that the program in question is functioning properly. A bug hunt that digs up numerous flaws, however, may indicate that far more work needs to be done on the software code.
"It works very well as an effective smoke test, when you receive software from another company and your company will plan and execute acceptance testing," Olsen said. "Then a bug hunt prior to the acceptance test can work as a quality check ensuring to see if it's good enough for you to involve your business people to help execute test cases during the acceptance testing."
Bug hunting may not be a viable solution for every organization, however. Some business leaders may be understandably reticent to simply hand over proprietary code or still-in-development commercial products to agents outside of the company. In these circumstances, it would still be beneficial for software developers to have access to resources that will aid their quality assurance efforts. For instance, static analysis allows teams to run scans on their code without interrupting the development process. These tools will identify flaws in a piece of software and automatically fix them without requiring programmers to many make the changes themselves. This way, team members can spend more time improving the functionality and performance of a given product without worrying about addressing pervasive flaws in the code.