The Daily WTF (a must-read if you're in a technology job) today described how poor testing caused 2,000 ballots to be thrown out in a 2014 election in Brussels:
It wasn’t enough to sway any one election, but the media had already caught wind of the potential voter fraud. Adrien’s company was hired for an independent code review of Delacroy Europe’s voting program to determine if anything criminal had transpired.
He noticed something strange in the UI selection functions, triggered when the user selects a candidate on the viewscreen.
He found two commented lines, dated June 28, 2013, a year before election day. A developer, looking at Card_Unselect()
, realized that by unselecting a candidate, it also unselected everyone in that candidate’s list. They commented out two lines, thinking they had fixed the error. However, the unselection algorithm never decremented the check counter, which kept track of how many candidates had been chosen. If a user checked a candidate on one list, changed their mind, and picked another from a separate list, then both votes would be counted.
It hadn’t been a case of fraud, but some poorly-placed comments.
It also could have been prevented—or at least discovered immediately—through automated unit testing.
"Never ascribe to malice what can be adequately explained by incompetence."