Remote work has been the norm in the translation industry for many years. With colleagues, service providers, and customers spead out across the entire globe, a natural decentralization is part of our industry’s DNA.
The current Coronavirus situation can be considered critical to dramatic in many respects. But the high degree of digitalization that many translation service providers have invested in is paying off right now.
Companies that work with Plunet can rely on the highest level of security in their daily work, whether in the office, in transit, or, as currently recommended, at home.
Over the next few months, we will present the main security aspects of Plunet BusinessManager in a blog series. Enjoy a little bit of security in these unpredictable times.
Part I: Quality assurance methods at Plunet
In the last few years, Plunet has made significant enhancements to its existing security structures and tools. As a result, the number of test cases has quadrupled since the testing department was restructured in early 2019. The original department for quality assurance was dissolved and the Plunet testers were assigned to the development teams. In this way, Plunet tests could already be performed during the development process. The goal of this new, agile quality assurance is to detect errors in the system as early as possible.
Down by the River, or when Plunet began to build canals...
The changes made to version control in 2019 also play a part in detecting errors as early as possible. Robert, QA Engineer at Plunet, compares the Plunet code with a river: “In the past, we didn’t deal with this river very well. We tested new features and functions by throwing them into the current like little rafts, to see if they floated (they work) or sank (they contain errors). Looking at it now, this was neither efficient nor sustainable. Eventually, there was a lot of debris in the Plunet river, dangerous code sandbanks piled up, and it became more and more difficult to navigate. We looked for solutions and ultimately chose a testing method in which you work with branches.” These branches are, to continue the river metaphor, like small canals that deviate from the main stream. You can test your raft in these smaller canals and, if necessary, make improvements before it joins the big river.
More security with penetration tests
Penetration tests are an essential part of the weak-point analysis of our business and translation management system. Plunet performs these tests together with an external security company. The continual security tests (OWASP TOP 10, among others) minimize the threat of hacker attacks for our users, for example. A comprehensive, manual penetration test is performed for every major Plunet release. In addition, an automated daily test is always performed for the current developer version.
Along with the penetration tests, extensive tests are performed by a partner company according to the OSSTMM method (www.osstmm.org) and the ISO/IEC27002 standard (https://www.iso.org/standard/54533.html)
Here are some other essential quality assurance measures that Plunet regularly carries out (just to make absolutely sure ?):
- Daily tests of database consistency
- Checking the quality and security of the source code via SonarQube and Checkstyle
- Regular audits with the tools PMD, FindBugs and Jdepend
- Testing the entire system by the internal quality management team
- OWASP dependency check to uncover known vulnerabilities in the dependencies used