Bloggo back to the blog
Annihilate the trust-->
Annihilation of trust is good way to build the trust to application. When I start to test new application, my initial attitude is negative. “This software must be bad.” Usually during testing it gets proven. Every new bug is reducing my trust to application. If there is any security related requirements, the final hit to the trust is more or less major security bug. At that point the trust to application is totally annihilated.
After many bug reports developers start to rebuild my trust to application. Bugs are crushed one by one. Every new crushed and killed bug is dragging me to trust more to the application. The fixes (hopefully) don’t add new major issues. Every fix usually adds a bit more trust until I start to trust to the application.
Look at this blog application and content management. I don’t have much trust to it. Part of its security is handled by filters instead of real fixes. (Try to put <i> to comment or search and you’ll see what I mean, then try to add space between < and i and you’ll see different behavior. The correct solution would be to replace < with < at source level.)
If I didn’t find the bugs at all, I would definitely not trust to neither application nor myself and start wondering what I’ve done wrong.