Writing a slick iPhone app is exciting. Building a communication tool that changes how people communicate is stimulating. Hacking1 into a bank’s security system to pull of a heist is the stuff of Hollywood. “Liberating” information from classified sources can lead one to be hailed a hero. Writing test cases for code is sexy. Wait… what?
Testing software is often seen as a chore. The people writing the “real” code get the glory while the geek-chic hackers in movies get the gals. What do the people that write test cases get? No respect. But why? When you get down to it, testing and hacking are just opposite sides of the same coin. Testers and hackers do the same thing: they find instances where a program isn’t designed or doesn’t behave like it ought to. That is, they both look for bugs. Bad testers testing their own code go about it in the wrong way: they assume their program is fine and test situations that they thought about while writing the original code. Better testers will approach the task with the mindset that the software *may* be correct and that it’s their job to find bugs. Hackers are pessimists and assume that there are bugs.
Most people don’t understand what it is hackers do but elevate them as performing some difficult task. What, then, does a hacker do? First, a hacker needs to identify a flaw. Then, the hacker needs to come up with a creative way to exploit that flaw (at least in order to do things like you see in the movies). If the hacker can’t figure out how to exploit this bug, it’s no big deal. Just move on and find another bug.
Testers, however, face a Herculean challenge. Their task is to find all the needles in a giant haystack without knowing how many needles there are. Each one they miss empowers hackers. They need to anticipate every avenue that their adversary may take. Leaving a small bug unfound might not lead to harm, but with enough unplugged holes, it can be death by a thousand cuts (can he resist a reference to Toronto? No, he cannot).
So take it from a once-upon-a-time hacker: Doing a good job of testing is more challenging than hacking. The real difference between an excellent tester and hacker isn’t what you see in the movies. It’s not that tester can’t bring a large corporation to its knees; it’s that a tester won’t.
- cracking [↩]