Software Quality Insights

May 5, 2011  7:15 PM

Dawn Cannan: Bridging the gap between business and development

Melanie Luna Melanie Luna Profile: Melanie Luna

Software testing evangelist Dawn Cannan offered a half-day tutorial at this week’s STAREAST conference, focusing on the FitNesse and Selenium test tools. She explained how to translate requirements into executable commands.

Dawn is an expert at building teams that can truly collaborate to complete successful projects, integrating business, development and testing. She actively works in the open source community, presents at conferences and writes for various publications including her blog. Her STAREAST presence also included a lightning keynote.

May 5, 2011  1:36 AM

James Bach on critical thinking: Huh? Really? So?

Yvette Francino Yvette Francino Profile: Yvette Francino

I’m guessing James Bach has never been accused of being a “yes-man.” The outspoken test guru, well-known for his intolerance of step-by-step test scripts, is at STAREAST 2011 and delivered a full-day tutorial on May 3rd entitled, “Critical Thinking for Testers.” In this short video, Bach recommends three questions for critical thinkers: 1) Huh? (Do I really understand?)  2) Really?  (How do I know what you say is true?) and So? (Is that the only solution?)

Bach is one of many who has been denouncing “best practices.” At the recent SQuAD conference, Lee Copeland also reminded us of the dangers of proclaiming “best practices,” saying that what works well in one context does not necessarily work well in another context. Lloyd Roden in his concurrent session this morning challenged us to “ban the use of best practices.” Stepping through the Dreyfus Model for skills acquisition (novice, advanced beginner, competent, proficient and expert), Roden said that while best practices may be useful for the novice and advanced beginner, it would stifle the creativity for those who were skilled. “You don’t see a Jedi stopping to take out a rule book to find out how to use his light saber!” he quipped.

I admit to being guilty myself of writing a tip or two that had “best practices” in the title. In fact, I kid that even Bach’s suggestions for critical thinking sound a bit like “best practices.” While it’s certainly useful to learn from those who have more experience than we do, the message is that we must do more than blindly follow processes and rule books. Challenge the system. Question the rules. Look for ways to improve. Do this with three questions: Huh? Really? and So? You don’t want to use those questions? Good! Use your own! That’s thinking!

James and his brother, Jon Bach, will be “torturing the test lab” at STAREAST on Thursday, May 5, at 9:30 ET.

May 4, 2011  7:22 PM

STAREAST Test Lab allows users to get hands-on training

Melanie Luna Melanie Luna Profile: Melanie Luna

Wouldn’t it be nice if you could really conduct testing while at a test conference? That’s the question that prompted the creation of STAR Test Lab. Brain child of Bart Knaack and James Lindsey, Test Lab allows participants to get some hands-on testing experience. Its first implementation was at EuroSTAR 2009, and it has been tried at a few other conferences worldwide, but this is its inaugural year at STAREAST.

Tables are set up with handouts giving tools and test ideas and allowing for competitions as well. The Testlab menu includes everything from light assignments with little preparation required (starters) to sophistocated and in-depth exercises (high calorie desserts.)

Currently, Lisa Crispin is giving an introduction to test automation design using Selenium and Robot Framework.

Here’s the schedule for today and Thursday, with openings for additional sessions.


10:00 AM Usability testing: heuristic evaluation – B. Knaack/Julian Harty
11:00 AM How to set up maintainable automated testing – Lisa Crispin
11:45 AM Testing in pairs – Michael Bolton
1:30 PM How to use rapid reporter – Shmuel Gershon
2:30 PM Combinatorial Test Design Tool – Justin Hunter
4:00 PM Discussion group: How to manage agile testing? to be announced
6:30 PM Closure


9:30 AM Torturing the test lab – James and Jon Bach
11:30 AM Something exciting and new – Jacob Hooghiemstra
12:30 PM Testing with the gurus lunch
2:30 PM How to set up actionwords?

May 4, 2011  2:11 PM

STAREAST keynote: Win friends, influence people and deliver quality software

Yvette Francino Yvette Francino Profile: Yvette Francino

Dale Carnegie’s timeless classic, “How to Win Friends and Influence People,” may work well for sales and socializing, but will it work for testers? Carnegie’s first principle tells us, “Don’t criticize, condemn or complain.” Already testers are in trouble! How can they not be viewed as annoying when their role is to find and report on problems? At STAREAST, 2011, author and project management expert Andy Kaufman delivered a keynote, titled “How to Win Friends and Influence People – and Deliver Quality Software.” He showed us how the principles that Carnegie touted still apply today. To be successful, it has been shown that only 15% is due to professional knowledge and 85% is your ability to express ideas and to arouse enthusiasm among people.

Kaufman did a fantastic job of arousing enthusiasm amongst this crowd. Stay tuned as we cover additional sessions throughout the next two days!

May 2, 2011  5:10 PM

Are defect tracking systems really needed in Agile environments?

Yvette Francino Yvette Francino Profile: Yvette Francino

In every software development project I’ve ever worked on over the past 27 years, we used defect tracking tools to help us manage the bugs that were found in the system. Not only did these tools help us manage what we needed to work on, but they provided metrics so that we could look for quality trends. Defect tracking systems (DTS’s) were an integral part of our tool set. The first time I heard that some Agile teams were not using them, my immediate reaction was that Agile was not for me. I was all for collaboration, but somebody better be tracking and documenting the bugs!

Over time, as I became more familiar with Agile methodologies, I realized that there are alternative ways to track and manage defects. This week, Agile expert and SSQ contributor Lisa Crispin will be presenting at STAREAST 2011: Limbo Lower Now: An Agile Approach to Dealing with Defects. Crispin highlights her presentation in one of our STAREAST previews: Agile testing and defect tracking.

While there is no “rule” on how Agile teams track bugs, Crispin lists several alternatives including self-documenting automation tests:

Some Agile teams, especially those that embrace lean development, take a different approach to defects. Anytime a bug is identified, an automated test is written to reproduce it, the bug is fixed, and both the code fix and the test are checked in. The test documents the bug, and will alert the team in case that same problem occurs again. This enables teams to “fix and forget” bugs.

Crispin also talks about the use of wikis, story boards, and other techniques used by Agile teams to ensure defects are being addressed and documented. While defect tracking systems are still used by some Agile development teams, they are not the only means for tracking and managing bugs.

I’ll be meeting with Lisa Crispin and other industry experts this week at STAREAST 2011. For more conference interviews and conference coverage, check out STAREAST2011: News and interviews from

April 29, 2011  3:15 PM

Security testing in an Agile environment

Melanie Luna Melanie Luna Profile: Melanie Luna

Recently, has been examining the ongoing adoption of the Agile approach in small and large organizations. Our research shows that project success is highly dependent upon diligent requirements management processes and comprehensive security testing efforts.

It can be helpful to learn from others what has worked in the past and what hasn’t. While several aspects of Agile methodologies have changed since its inception a decade ago, some techniques translate into today’s projects. For more on implementing smaller projects, read QA expert professional Chris McMahon’s tip: Early days of Agile development: Lessons for small projects.

Security expert John Overbaugh addresses one of the top security vulnerabilities in Web applications: an injection attack, where the application is tricked into treating input as if it were code so that a hacker can infiltrate the application. For techniques on how to test for injection vulnerabilities, check out his tip: Application security: Testing for injection vulnerabilities.

In preparation for the STAREAST 2011 conference taking place May 1-6, Site Editor Yvette Francino and other SSQ contributors have been conducting interviews with presenters:

  • Learn about Test Centers of Excellence in this interview with quality advocate Tom Delmonte.
  • For information on testing for unexpected problems such as system faults or malicious attacks, read this interview about fuzzing and fault modeling with STAREAST presenter Shmuel Gershon.
  • How has Agile testing changed over the past 10 years, and what are the most important skills for an Agile tester? Find out in this interview between Lisa Crispin and Janet Gregory, co-authors of, “Agile Testing — A Practical Guide for Testers and Agile Teams.”

SearchSoftwareQuality editors and contributors will be in attendance at this important software testing event this week. Check back here for ongoing coverage, including more interviews, tips and blog posts.

April 14, 2011  4:22 PM

Both network and application security are important

Yvette Francino Yvette Francino Profile: Yvette Francino

When people think of security testing, they often think about the network layer — that area outside of the application. However, application security — security within your application — is important as well. John Overbaugh explains the difference in his two recent tips.

In Boost network security using firewalls, encryption and logging, he uses the protection of a home as an analogy:

To illustrate networking and application security, consider a private home with high-value targets. The access to the home (front gate, long driveway, wide lawns, and surveillance cameras) is a crucial element to protecting the home.

Overbaugh compares network security to breaking through the physical security that protects the house and application security to getting in the house and stealing the jewels. In this first tip, Overbaugh stresses the goals of network security, protecting network resources and the integrity of data traveling across the networks.

In his second tip, Application security: Protecting application availability, data confidentiality and integrity, Overbaugh addresses application security concerns. This effort involves keeping the data within an application safe.

Take a look at these two tips to understand more about both network and application security. Both efforts are crucial in keeping your application and data secure.

April 13, 2011  11:35 PM

How to make Agile stick: Howard Deiner at Mile High Agile

Yvette Francino Yvette Francino Profile: Yvette Francino

At the Mile High Agile conference held in Denver on April 7th, Howard Deiner of Deinersoft, Inc. gave a presentation about transitioning to Agile entitled, “How to make sure Agile sticks.”

Deiner’s presentation was filled with stories of Agile transitions and some of the pitfalls and traps that organizations can fall into. “A ‘smell’ is a problem that comes up, and you should raise an eyebrow,” said Deiner when talking about “smells” that warn him that there may be trouble with an Agile transition effort, and it may require further investigation. However, just like with expensive Gorgonzola cheese, Deiner says, you don’t want to toss everything with a suspicious smell.

Examples of “smells” to be leary of with Agile transition include:

  • Coach-lite: The matrixed organization, where a coach is spread across multiple teams.
  • Just fix the delivery team: Applying Agile only to the delivery team rather than the entire organization.
  • Buying tools before you have your processes down: Figure out your processes and buy tools that will fit your needs, rather than the other way around.
  • Closet command and controllers: Management must trust their staff and encourage collaboration.
  • Methodology polytheism: Mixing Agile and traditional methodologies can be wasteful and frustrating.

Deiner gave eight traction tips that would help in making Agile “stick” even when problems are encountered.

April 11, 2011  2:38 PM

Odyssey Software announces the release of Athena Configuration Manager v5.0

Melanie Luna Melanie Luna Profile: Melanie Luna

On April 11, Odyssey Software announced the release of Athena Configuration Manager v5.0, a remote mobile device management (MDM) solution that offers several functionalities, including security, asset inventory, remote assistance and software distribution.

SSQ spoke with Odyssey Software CEO Mark Gentile last week, who shared a couple of mind-boggling statistics: “A recent statistic says that every second there are two iPhones activated. Also, as of two months ago, there were a reported 300,000 Android activations per day.” With numbers like these, mobile security has become increasingly important.

In recent months the market for smartphones and tablets has been experiencing enormous growth. While in the past enterprise IT personnel were primarily focused on desktop and laptop management, there is a growing need to shift focus to phones and tablets due to the sheer number of these devices that employees now use.

Mobile devices often enable access to more than just corporate email, opening up a host of security issues. It’s important for enterprises whose employees use corporate devices remotely to look for solutions that support multiple platforms as well as scalability.

Athena offers several features, which Gentile explained in detail. Since Odyssey Software offers an add-in for Microsoft systems centers, IT staff can manage mobile devices from the same environment as the in-house servers and desktops, so they can control what is happening with all the company’s devices at the same time.

In addition, Athena works to secure all the hot platforms, including iOs and Android. Enterprises can monitor asset inventory and detailed data about each device such as signal strength and software installed. Users can also access remote assistance and other self-service functions.

April 8, 2011  12:24 AM

Jean Tabaka’s keynote at Mile High Agile: Lean in

Yvette Francino Yvette Francino Profile: Yvette Francino

The inaugural Mile High Agile Conference kicked off April 7th with a keynote from Agile Fellow, Jean Tabaka from Rally Software. Addressing the crowd of 500 (a sell-out), Tabaka spoke of the importance of community and working together to “elevate agility,” the conference’s theme in her presentation titled, “Elevating the Agile Community of Thinkers.”

Tabaka started by describing a meeting she’d had with fellow Agile enthusiasts, Liz Keogh and Eric Willeke, in which they forged the idea of creating a “community of thinkers,” — people who would demonstrate leadership behaviors and help promote agile thinking. She stressed the difference between community building and destructive bullying, speaking of the infighting that can happen amongst Agile enthusiasts who are determined to “win” or be “right” and make the other person “wrong.” Instead, Tabaka encourages people to “invite inquiry.” “Your organization is only as wise as the least vocal person,” she says, encouraging everyone to have a voice in discussions.

Throughout the keynote, Tabaka encouraged us to all “lean in” and take risks. “Be prepared to take the hard stuff and push yourself out of your comfort zone,” she encouraged.

Here’s a reaction from Wayne Wells who was at the conference:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: