12 Best Practices for Information Security Software Localization

Ready to localize your Information Security software for a global market?  After working on eSecurity applications for decades, SimulTrans has developed this list of best practices to avoid pitfalls and ensure a successful international release.

1. Translate eSecurity Terminology Correctly

Terminology can be tricky particularly when taken out of context in software strings.  Your application may provide a "vault" that isn't a big steel installation in a bank, may rely on a certificate from a "registration authority," or may refer to a "jamming" attack that is translated completely differently than the frustrating experience you had trying to get labels to feed through your printer.

To ensure terminology is accurate in the translation, follow these important steps:

1.1. Develop a glossary of key product terms with their definitions and translations.  

Have this glossary translated first.  If you have internal reviewers who will examine the translation, get their approval on the glossary first before beginning the translation.

1.2. Select translators with Information Security experience.  

Generalist translators or even basic software translators cannot usually handle the unique eSecurity terminology with aplomb.  They need to be familiar with the Information Security industry and have a thorough understanding of terms in both source and target languages.  Translators who have done a large volume of eSecurity translations are usually best suited to these projects.

1.3. Expect translators to research terms in each target market.  

Terminology is always evolving so it is necessary to check current industry norms by examining existing documents in each target language.  A quick scan of websites, Information Security publications, standards organizations, and industry groups can reveal appropriate terminology.

1.4. Provide translators with software context.  

When translating software strings that are out of context is it easy for translators to make incorrect assumptions about meaning.  For example, a string might include "OU," causing a translator to assume it refers to an an organizational unit (such as in a digital certificate hierarchy), while it is actually an abbreviation for an organizational user granted network access.  To avoid these incorrect assumptions, it is helpful to provide translators with access to the running application or screen captures showing strings in context.  After translation, linguistic testing can reveal strings that were mistranslated.

2. Test Localized Applications

After the translation has been completed it is essential to undertake thorough localization testing to run and examine the application in each target language.  This testing should be completed by people who have a thorough understanding of the application in addition to being native speakers of their respective target languages.

2.1. Outline test scripts to expose key user interface elements.  

Some screens are difficult to reach for testers, requiring specific settings to be selected, data to be entered, or error conditions to be forced.  Including detailed instructions in test scripts will help ensure testers find everything.

2.2. Look for non-linguistic errors.  

Security software often has text length restrictions, with little space for translations in longer languages.  During testing it is important to look for truncated strings and controls that have automatically expanded into neighboring screen elements.  Other internationalization issues can also be found, such as character encoding, sort order, time and date formats, and number formatting.

2.3. Consider context of terms.  

As explained above, terms can be mistranslated when in strings that are provided to translators without context.  During the testing phase, these errors can be easily spotted and rectified.

2.4. Provide complete environment.

Information Security applications often have unique testing requirements since they depend on specific hardware and network configurations. If these elements cannot be easily replicated by your localization testing partner you may want to consider inviting linguistic testers to work onsite at your facility.  Alternatively, you can have internal employees create screen captures of the localized user interface and send them to your localization partner for review in context.

3. Protect Software Security

It is particularly critical to ensure the security of your eSecurity applications being localized. You need to guarantee that no malware is inserted into the localized files and maintain the confidentiality of your application architecture.

3.1. Limit access to raw files.

Your localization provider should have tools to parse the files you provide for translation in order to provide translators with access to the text to be translated online or in segmented file while protecting the remainder of the code and markup.  Translators should not receive raw files to translate.

3.2. Ensure translators have signed strict non-disclosure agreements.

By emphasizing the importance of confidentiality, you and your localization partner communicate to translators the need to refrain from discussing or sharing their work on your application.

3.3. Work with full-time professional translators consistently from one project to the next.

Instead of hiring individual contractors who translate in their spare time, and may even work for your competitors during the day, choose a translation partner that relies on full-time professional translators.  

3.4. Require final file integrity checks.

After the translation has been completed it is important to programmatically verify that the only differences in localized files are user-facing text.  No surrounding code or markup elements should vary between the source- and target-language files. In addition to maintaining application security, this step will also facilitate builds by providing clean files free of discrepancies in spacing, line breaks, byte order markers, and encoding.

These are just a few of the important best practices to follow when localizing your Information Security applications.  SimulTrans would be happy to work with you to identify more specific steps you can take to localize your software efficiently.

One helpful initial step when embarking on a global release effort is to complete a pseudo translation to ensure all strings are externalized, your application can accommodate text expansion that occurs in many languages, and character encoding settings allow correct display of characters from your target languages.  We would be happy to provide a pseudo translation you can use for this testing at no charge.