|

Third-Party Software Risks

View comments: newest first | oldest first | threaded
electronics862
User Rank
Stock Keeper
Third Party software risks..
electronics862   11/30/2011 8:31:45 PM
NO RATINGS

Third-Party software will definitely reduce the price will it will lead to a delay in product response time. I should suggest rigorous testing will definetely will lead to management of risk levels and in better controlling. 

HM
User Rank
Stock Keeper
Re: Self certification by the third party may reduce the risk
HM   7/20/2011 11:41:17 AM
NO RATINGS

There are always cases where original product company/owner wont be able to even test the third party software. For example take the case of the new phones that support third party apps. People install third party softwares and that can reduce the performance or battery life of the phone! Just did a search and see what I saw.

"Google blames third-party app developers for Android phones’ terrible battery life"

 

ProcurementGDL
User Rank
Stock Keeper
Re: Self certification by the third party may reduce the risk
ProcurementGDL   7/20/2011 11:10:36 AM
NO RATINGS

I totally agree prabhakar_deosthali !  Companies should have a formal and rigorous code goverance policy and prCcess.   That process should be adaptable to external developers and be included in the SOW and contract.   The FDA already has s/w code governance for medical devices as failure can result in loss of life.  Ideally any company with a s/w interest should have the same mindset. 

I'm not thrilled with EBN providing Coverity free advertising for their s/w dev services. However, the article has merit if it reminds us code goverance is vital in order to prevent catastrophe.  

eemom
User Rank
Supply Network Guru
re:
eemom   7/20/2011 11:10:35 AM
NO RATINGS

I would suggest that it is the responsibility of the management team that selected the third party software to test and ensure that said software will not cause problems after the fact.  The "lets not test and take our chances" approach can be too costly, why would they adopt such a mind set?

HM
User Rank
Stock Keeper
re:
HM   7/20/2011 11:07:05 AM
NO RATINGS

Third party softwares usually makes into the final product without rigorous testing that we expect to happen. The sense of responsibility kind of disappears when software is taken from third party. The attitude becomes like 'Arent they supposed to test it?' . And when things fail in the field then the engineering and testing team kind of blames the senior management for out sourcing! And guess what happens to the senior manager who selected the third party!!

 

eemom
User Rank
Supply Network Guru
re:
eemom   7/20/2011 9:09:20 AM
NO RATINGS

This doesn't make sense to me.  Why wouldn't third party code be subjected to rigorous testing?  Even if the company providing the code certifies it, the ones incorporating the code in their systems are the ones who are responsible for it.  Do they perform rigorous testing once the code is incorporated in their system? 

jbond
User Rank
Supply Network Guru
re:
jbond   7/20/2011 7:05:25 AM
NO RATINGS

I am amazed at how many companies employing third party software aren't too concerned about integrity and standards. Not only does this make them susceptible to viruses and malware but this could also seriously damage their reputations. I think there should be an across the board standard that all parties need to meet. 

Jacob
User Rank
Supply Network Guru
Re: Self certification by the third party may reduce the risk
Jacob   7/20/2011 3:07:31 AM
NO RATINGS
1 saves

Andy, you are right. There could be a chance of threat through third party software. I know certain equipments may exhibit a strange response in critical application, where malware is functioning at bank end. In most cases, the malware is embedding in hardware for spying and data retrieval purposes. In such cases, procuring software through reputed and trusted vendors are the only solutions. Since these malwares have time bound responses, most of the security software may fail to detect them at initial stages.

prabhakar_deosthali
User Rank
Supply Network Guru
Self certification by the third party may reduce the risk
prabhakar_deosthali   7/20/2011 2:09:19 AM
NO RATINGS

Normally the purpose of getting a third party to develop part of your software is to reduce that much burden on the internal team. If you select a third party which has its own internal stadards of testing their developed code before they deliver it to you then the duplication of the testing of that code can be avoided. The vendor should self-certify such code and also provide the test vectors and the assciated results. Such kind of self certification is required when you are getting the third part code to integrate into your product. 



More Blogs from Andy Chou
Software codes are proliferating in the medical device supply chain, and mitigating risks in the system is now a priority for OEMs.
What are the best practices and guidelines for managing a company's internal software supply chain?
Software are now seen as a part of the OEM's brand, so it's important that quality verification be conducted through automated code testing
Incorporating open-source components isnít as free or as effortless as it might seem
Twitter Feed
EBN Online Twitter Feed
EBN Dialogue / LIVE CHAT
EBN Dialogue enables you to participate in live chats with notable leaders and luminaries. Open to the entire EBN community of electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!
Archived Dialogues
Live Chat 01/15: CPOs Re-Shape Their Business Roles
Increasingly chief procurement officers (CPOs) are re-shaping their organizational role to focus on creating results far beyond cost controls. A new IBM survey explores how.
Live Chat 11/12: Examining the Cyberthreat to Supply Chains
The number of cyberattacks is on the rise and hackers are targeting the supply chain. Drew Smith, founder and CEO of InfoArmor, will be on hand to discuss the reality of today's threat landscape and what to do about it.