With Apple’s confirmation on Meltdown and Spectre, the two major CPU security bugs, causing the slowdown in Mac and all iOS devices, one ponders the impact on users, especially considering more than a billion of iPhones that are already in use. With such a number, the issues accorded to the performance of devices amplifies the need of testing and of ensuring that the bugs are thoroughly accounted for, since the probability of more bugs in an already infested system increases ever so.
Therefore, a proper approach to report bugs followed by the right technique of testing becomes imperative. One may have although, found a bug and fixed it, but that also points out to the possibility of many more around it, whether it be in the same area or a different platform altogether. This can be done from a functional standpoint through regression testing as well as via exploratory testing wherein the tester would probe bug-infested areas by instinct. Being sagacious enough, a tester can chalk out these vulnerabilities and perform an end-to-end test effort to eliminate as many bugs as possible. The aforementioned case with Meltdown and Spectre also directs to the fact that security testing needs to go hand-in-hand whilst detecting these bugs. As Apple too, pointed out to the requisite of a malicious app to be present in impacting the security of all the devices and to download apps from trusted sources itself, this clearly calls out for a thorough network pen-test effort to map and exploit these vulnerabilities from the get go to prevent attackers in gaining unauthorized access to a system or an application.
And to eliminate the possibility of any vulnerability from the very beginning itself, DevSecOps is another way that one can traverse into by amalgamating the efforts of the DevTeam and testers in finding bugs in the build of the software itself that are potential threats to the security of a system or an application. This becomes significant as the patches needed after the release of the product, as is the case with the Apple devices, would cause performance slowdowns, thus impacting a myriad of users. Therefore, to keep in mind these issues is to help in preventing the bugs bite.