Software Quality Insights

February 3, 2011  4:59 PM

Automation in ALM

Yvette Francino Yvette Francino Profile: Yvette Francino

It’s a new month and with that, we have a new theme at Automation in ALM. Throughout the lifecycle, there are ways that project teams are automating their processes and their work to provide efficiency so they can focus on those tasks that require critical thinking.

I’m excited about our lineup for the month, starting with these three pieces we published this week about automation in ALM:

Test automation: When, how and how much
Test automation has often been touted as an important part of an organization’s quality strategy. However, it’s not a silver bullet. In this tip, consultant David Johnson describes important considerations in determining when to invest in test automation, how to implement the program, and how much of your application space should be automated.
UI Testing: Automated and Exploratory
Should user interface (UI) testing be automated or exploratory? In this tip, SSQ contributor Chris McMahon answers that both automated and exploratory testing can be used for UI testing, and what is most effective is using them together. McMahon explains when each type of testing is appropriate and how used together, they can complement one another to provide the most comprehensive UI test coverage.

Six Tips for Selecting Automated Test Tools for Agile Development
Software consultant Nari Kannan describes the differences between agile application lifecycle management tools and traditional lifecycle management software. Agile ALM tools are more tightly integrated, easier to use, support distributed teams and seamlessly integrate many of the traditional lifecycle management functions.

February 1, 2011  4:58 PM

Transitioning to Agile: Learn from the skeptics

Yvette Francino Yvette Francino Profile: Yvette Francino

Promoting Agile internally was the topic at last week’s Boulder Agile Software Meetup Group.

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

In this video, Matt Weir speaks about transitioning to Agile and how he learned the most from the skeptics. He found that by listening and working together to address concerns, the skeptics became his best allies in the transition.

Want to read more about the challenges of gaining buy-in when your team is transitioning to Agile and how those are being addressed? Check out Real world Agile: Gaining internal acceptance of Agile methodologies on

January 27, 2011  8:10 PM

Agile in the large: Five must-read tips

Yvette Francino Yvette Francino Profile: Yvette Francino

The January theme for SearchSoftwareQuality has been “Large-scale Agile.” It seems everyone is jumping on the Agile bandwagon, but is that bandwagon big enough to hold a very big team coding an enterprise application? Or will too many people weigh it down?

Thought leaders are studying issues associated with large-scale Agile and banding together to come up with solutions. Check out these five recent titles from expert SSQ contributors and find out how to address the challenges that come along with large-scale Agile.

Keys for Agile development: Planning and team collaboration on large or small projects

Lisa Crispin offers advice on planning for agile in both big and small team environments.


Managing large Agile application lifecycle projects

Chris McMahon addresses issues of work flow in your ALM tool set for large development efforts.


Agile testing on large-scale projects

David W. Johnson discusses ways to maximize your testing return on investment in agile environments.


Best practices for mixing Agile and outsourcing

Nari Kannan gives advice on how outsourcing can be best managed in a large agile environment.


Large-scale Agile: Making the transition to Scrum

Matt Heusser recommends a step-by-step approach to transitioning to Scrum.


January 21, 2011  7:51 PM

uTest releases new apps for the iPhone and iPad

Yvette Francino Yvette Francino Profile: Yvette Francino

Crowdsource test group uTest announced January 18th the release of a new mobile application for their customers and 30,000+ tester community. The application allows testers to use their iPhone or iPad to enter bugs, communicate with the uTest community and customers, accept invitations to projects, upload screenshots or videos and view their earnings.

As a member of the uTest community, I went ahead and downloaded the app to my iPhone, installed it, and in just a few short minutes was able to access my uTest account from my iPhone.

The new iOS apps were tested, of course, by the uTest community, the very group who had been asking for these apps. In this case, they had a vested interest in the application being user-friendly, as they were both testers and soon-to-be users.

Having just spoken with Arxan about the importance of security on mobile devices, I was particularly interested in security and testing on mobile applications. I spoke with uTest’s Matt Johnston, who said:

[We needed to consider both] security of customer’s data and tester’s data. We took every available precaution in working with our outside provider on this app. And of course, uTest tested the app to make sure it held up. So absolutely security was baked in from the beginning, from conception, through development, through testing. The other [security consideration] is IP protection. Again, we made sure the IP was secure for uTest, but more importantly, we made sure it’s a secure and private experience for testers and customers.

I wondered if uTest was thinking of entering the tools market, but Johnston said that at this time the tools are focused on catering to the needs of the testers and customers of uTest, allowing them to work more productively by tying into the uTest platform. Though the primary objective has always been to address the needs of the uTest testers and customers, an added benefit has been the interest and addition of new testers for uTest’s ever-expanding tester community. Johnston explained:

It’s only been available for a couple of days, but we’re seeing upwards of 20 new testers a day who are signing up through the iPhone and iPad apps, finding it in the iTunes store or reading about it in an article and coming to us through those applications as opposed to signing up through the Web interface. So we’ve been very pleasantly surprised that it’s been such a good thing for tester recruiting so quickly.

In less than two days, it’s been downloaded more than 500 times (with an even split between iPhone and iPad users), which is quite high for a specialized B2B application. For those 500 downloads, the app store has shown a rating of 4.5 out of 5 stars. Johnston attributes this to the “in the wild” testing that was performed vs. lab testing. He elaborated:

In doing the four test cycles, we tested on four separate continents with a team varying between 10 and 20 people, and getting a lot of OS coverage and carrier coverage. It’s been battle tested as much as it can be, ahead of launch.

How does the uTest community like the new app? All reviews on the iPhone app were rated 4 or 5 stars with only positive comments. In looking at the comments on uTest’s blog, again, they were unanimously positive. If there was any dissatisfaction, it may be from those using other mobile platforms who are wondering when their favorite platform will be supported. However, even those who are without an iPhone or iPad are positive, sending kudos to uTest for their hard work.

January 20, 2011  10:51 PM

How secure are your mobile and embedded applications?

Yvette Francino Yvette Francino Profile: Yvette Francino

A wide array of security tools are available to handle threats that are prevalent over the desktop and server-centric code running in untrusted environments. But what about the newer mobile devices? Applications are being downloaded by the billions by consumers and these applications may be at risk from hackers who are able to pirate or reverse engineer your applications. Are tools available to protect your IP?

Last week, I spoke with Vince Arneja, vice president of product management at Arxan Technologies, about their product launch of EnsureIT for Apple iOS. This product is designed to protect applications running on Apple’s iPhone or iPad against reverse-engineering or tampering for unauthorized access, piracy and
insertion of exploits. He explained:

Our technology introduces itself right into the build process. Typically a customer will use our type of product to obfuscate the code that is written by the developer, so that code is inherently harder for a hacker to understand the logic of and subsequently be able to manipulate.

I asked whether obfuscation had the potential for causing performance problems.

Arneja answered:

Absolutely, it can. A lot of that is controllable by introducing it into the build process. The technology can have an adverse affect on performance, but it’s all managable. There’s a balancing act that needs to be assessed for any aspect of security. In the case of the application, [you’d ask the question] how much security do I want to introduce and still balance the performance that my customer expects? The tuning that can be accomplished is all part of what we call, ‘a guard specification style.’

Arneja went on to explain the configurations that can be done to create the appropriate balance of security and performance.

Curious about obfuscation tools and whether or not their use would grow as a means to protect mobile and embedded applications, I spoke with some analysts in the industry. In Application security hardening for mobile and embedded software, Bob Walder, Research Director at Gartner, said of code obfuscation:

Code obfuscation is the more widely adopted and more-mature method of protecting applications, but estimated adoption rates are still in the high single digits, because most organizations are unaware of its benefits until they directly experience the theft of IP or an attack from an application compromise. Furthermore, for application protection techniques that rely on the insertion of code, development organizations may be reluctant to allow the injection of new code into an application from a source other than a developer.

What are your thoughts?



January 20, 2011  9:28 PM

Agile ALM with Michael Hüttermann

Yvette Francino Yvette Francino Profile: Yvette Francino

At, we have a lot of content about “agility” and about “application lifecycle management” (ALM). But often these terms are used in many different contexts. Some people refer to almost any tool that manages part of the development lifecycle as an “ALM tool,” and “agility” seems to be the buzzword of the year, referring to almost any process that promotes collaboration. What does “Agile ALM” really mean?

Well, I got the chance to talk to the expert, author of Agile ALM, Michael Hüttermann. Hüttermann’s book is jam-packed with information about building agility into your development lifecycle. Reading this, decision makers will be able to see the difference between the vendors who play buzzword bingo and those who really implement what’s most important in an ALM tool. I found his book a virtual goldmine of information.

In Agile ALM: Interview with author Michael Hüttermann – Part 1, I queried Hüttermann about software configuration management (SCM), “lightweight” tools, and the importance of integration of tools that manage different aspects of the lifecycle.

In Agile ALM tools: Q&A with author Michael Hüttermann – Part 2, we talk about attributes of agile ALM tools, automation, and tradeoffs between flexibility, configurability and complexity in tool sets.

Stay tuned as we have further interviews with Hüttermann and continue to explore this very timely topic.

Agile ALM by Michael Hüttermann is available through the MEAP (Manning Early Access Program) at Compliments of, there is a 41% discount on the MEAP, ebook and pbook of Agile ALM. Please use promotional code: agilealm41 in the Promotional Code Box at

January 13, 2011  3:12 PM

Distributed Agile development: Researchers use IBM Rational Team Concert for transcontinental project

Yvette Francino Melanie Webb Profile: Melanie Webb

When Pace University led a study involving five master’s students in computer science on three different continents, they knew selecting the appropriate tooling would be key to the students’ development process. The students on this unique distributed team worked on a mobile phone application called Target First Grade that helps instruct mathematics, reading, writing and geography to first graders in developing countries. The purpose of this project was to examine how well agile and Scrum practices support the work of distributed developers, as well as how important tooling is in supporting the developers when transitioning from a traditional to an agile application development approach.

After using traditional models in application development studies during the four previous years and cobbling together several different tools for the same needs, they adapted an agile approach in the fifth year of research. With the selection of IBM Rational Team Concert, they found that “the end-to-end tooling was a superior model,” according to Dan Griffin, Marketing Manager for IBM Rational.

The researchers chose IBM Rational Team Concert because it offers a collaborative development environment that’s built on Eclipse technology, which the students were already familiar with. RTC enabled the students to practice Scrum, to communicate synchronously or asynchronously, to pull diverse reports and to maintain transparency; this type of communication was particularly important as these students never met all in person in the same location. It was also helpful for tracking 45 user stories, conducting sprint planning, setting priorities and allowing for checks on real-time project status.

Innovative studies like this one are being used to pave the way for future software development projects that could make it easier for academics and software professionals to put their talents to work for other charitable and educational causes. For more information on this, check out what other bloggers from Software for a Cause have to say at

January 6, 2011  8:23 PM

Software development with embedded software on medical devices

Yvette Francino Yvette Francino Profile: Yvette Francino

How do you go about gathering requirements and testing to see if those requirements passed when you are talking about a medical device? Gathering requirements and testing traditional software seems somewhat straightforward in comparison. With medical devices, we are talking about actual humans who are dependent on that software.

Last month I spoke with software development manager Mace Volzing of IntraPace, who uses Jama Contour to manage requirements for the development of the abiliti device — a medical device implanted in obese patients to help control their eating. The device detects when food is eaten and helps the patient to feel a sense of fullness.

In Embedded software for medical devices: Differences to consider in the SDLC, Volzing says that a traditional methodology was used, although he has had success with using Scrum for his website applications. He is thinking about using a hybrid approach for embedded software development in the future.

In Requirements management with embedded software: Interview with IntraPace, Volzing talks more about the requirements process and the increased importance of traceability when working with embedded software applications on medical devices.

Check out this informative and interesting interview!

December 30, 2010  5:51 PM

The new year will bring more ALM, Agile and embedded content

Yvette Francino Yvette Francino Profile: Yvette Francino
I started at TechTarget in January, 2010, so I am coming up on my first anniversary as site editor for I have learned more in this year about software quality than I did in the 27 previous years working at big corporations. I feel so lucky to be on the cutting edge of the latest tools, technologies and trends, as well as having the opportunities to interview authors and experts in the industry.
SSQ’s new assistant editor, Melanie Webb, highlights our top ten tips of 2010 in her recent post on the Software Quality Insights blog. Another highlight for me has been covering the conferences I’ve been able to attend, including Agile 2010, and the great leaders I’ve met at them. I’ve been especially interested in exploring distributed agile. Just last week we heard from SSQ contributor Chris McMahon on his experience working on a 100% distributed agile team.
As we prepare for the new year, I’m excited to see what we have in the works. We will be bringing you additional content about ALM, agile development, and embedded software quality, specifically addressing issues around large-scale application development.  I hope you’ll join me in learning about these topics and more at

December 29, 2010  8:57 PM

Top ten software quality tips of 2010

Yvette Francino Melanie Webb Profile: Melanie Webb

Many informative tips were published on in 2010. Here is a countdown of the most popular tips of the year:

10. Tutorial: Installing and running Selenium-RC in Perl

Used in conjunction with Selenium’s online tutorials, this tip provides additional guidance on how to start out with Selenium RC in Perl regardless of your platform or server. Once you have Selenium set up, learn how to create and run your first test.

9. Tutorial: Introducing Selenium IDE, an open source automation testing tool

Selenium, an open source automation testing tool, offers an Integrated Development Environment (IDE) plug-in that unifies the tool with desirable Web browser-based test features. Using Selenium IDE provides easy-to-use record and play back features, giving even those with no programming expertise, the capability to create simple scripts.

8.Security best practices for today’s Web 2.0 applications

Web 2.0 and Rich Internet applications, though great functionality-wise. can place many complications in the way of Web security. In this tip, a Web security expert explains where problems can occur and what free tools are available to avoid issues.

7. Testing Web services’ performance with soapUI

Learn how to write load tests, TestCases and run them with soapUI in this expert tutorial. SoapUI is great for tracking test criteria statistics and locating problem areas are.

6. Seven quick tips for better performance requirements

An expert tester explains seven useful tips for determining appropriate performance requirements that can be tested throughout the development cycle. Knowing the right conversations to have with stakeholders and project team members will lead to high-quality, quantifiable performance requirements.

5. Why use POST vs. GET to keep applications secure

Although POST and GET HTTP requests essentially perform the same command on a Web server, a security expert says there are inherent dangers in using one over the other. Learn why one type of processing request provides more security for your Web application in this expert tip.

4. Daily Scrum meetings: Must we really stand up?

Often called the daily stand-up, must everyone at the Daily Scrum meeting literally stand? Which rules are inflexible? How are the rules enforced? Find out the objectives of the Daily Scrum and how agile teams are operating to meet these objectives.

3. Agile software testing strategies for managers

How will agile testing methods be determined? What are the best testing tools? Learn what agile project managers need to know to assure high quality in their tests.

2. Waterfall or Agile? – Differences between predictive and adaptive software methodologies

Is your organization trying to decide whether to use a predictive methodology such as waterfall or an adaptive methodology such as scrum? Senior consultant David Johnson describes the history of software methodologies and the differences between these two models of software development. A hybrid approach combining aspects of both models may be a viable alternative as well.

1. What is a test case? What is a requirement?

After exploring the definition of a test case by surveying test experts, authors and students, consultant Robin Goldsmith learns that interpretations remain ambiguous and varied. Similarly, the level of detail thought to be needed to define requirements can vary and can often drive the level of detail of the test efforts.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: