The January theme for SearchSoftwareQuality has been “Large-scale Agile.” It seems everyone is jumping on the Agile bandwagon, but is that bandwagon big enough to hold a very big team coding an enterprise application? Or will too many people weigh it down?
Thought leaders are studying issues associated with large-scale Agile and banding together to come up with solutions. Check out these five recent titles from expert SSQ contributors and find out how to address the challenges that come along with large-scale Agile.
Lisa Crispin offers advice on planning for agile in both big and small team environments.
Chris McMahon addresses issues of work flow in your ALM tool set for large development efforts.
David W. Johnson discusses ways to maximize your testing return on investment in agile environments.
Nari Kannan gives advice on how outsourcing can be best managed in a large agile environment.
Matt Heusser recommends a step-by-step approach to transitioning to Scrum.
Crowdsource test group uTest announced January 18th the release of a new mobile application for their customers and 30,000+ tester community. The application allows testers to use their iPhone or iPad to enter bugs, communicate with the uTest community and customers, accept invitations to projects, upload screenshots or videos and view their earnings.
As a member of the uTest community, I went ahead and downloaded the app to my iPhone, installed it, and in just a few short minutes was able to access my uTest account from my iPhone.
The new iOS apps were tested, of course, by the uTest community, the very group who had been asking for these apps. In this case, they had a vested interest in the application being user-friendly, as they were both testers and soon-to-be users.
Having just spoken with Arxan about the importance of security on mobile devices, I was particularly interested in security and testing on mobile applications. I spoke with uTest’s Matt Johnston, who said:
[We needed to consider both] security of customer’s data and tester’s data. We took every available precaution in working with our outside provider on this app. And of course, uTest tested the app to make sure it held up. So absolutely security was baked in from the beginning, from conception, through development, through testing. The other [security consideration] is IP protection. Again, we made sure the IP was secure for uTest, but more importantly, we made sure it’s a secure and private experience for testers and customers.
I wondered if uTest was thinking of entering the tools market, but Johnston said that at this time the tools are focused on catering to the needs of the testers and customers of uTest, allowing them to work more productively by tying into the uTest platform. Though the primary objective has always been to address the needs of the uTest testers and customers, an added benefit has been the interest and addition of new testers for uTest’s ever-expanding tester community. Johnston explained:
It’s only been available for a couple of days, but we’re seeing upwards of 20 new testers a day who are signing up through the iPhone and iPad apps, finding it in the iTunes store or reading about it in an article and coming to us through those applications as opposed to signing up through the Web interface. So we’ve been very pleasantly surprised that it’s been such a good thing for tester recruiting so quickly.
In less than two days, it’s been downloaded more than 500 times (with an even split between iPhone and iPad users), which is quite high for a specialized B2B application. For those 500 downloads, the app store has shown a rating of 4.5 out of 5 stars. Johnston attributes this to the “in the wild” testing that was performed vs. lab testing. He elaborated:
In doing the four test cycles, we tested on four separate continents with a team varying between 10 and 20 people, and getting a lot of OS coverage and carrier coverage. It’s been battle tested as much as it can be, ahead of launch.
How does the uTest community like the new app? All reviews on the iPhone app were rated 4 or 5 stars with only positive comments. In looking at the comments on uTest’s blog, again, they were unanimously positive. If there was any dissatisfaction, it may be from those using other mobile platforms who are wondering when their favorite platform will be supported. However, even those who are without an iPhone or iPad are positive, sending kudos to uTest for their hard work.
A wide array of security tools are available to handle threats that are prevalent over the desktop and server-centric code running in untrusted environments. But what about the newer mobile devices? Applications are being downloaded by the billions by consumers and these applications may be at risk from hackers who are able to pirate or reverse engineer your applications. Are tools available to protect your IP?
Last week, I spoke with Vince Arneja, vice president of product management at Arxan Technologies, about their product launch of EnsureIT for Apple iOS. This product is designed to protect applications running on Apple’s iPhone or iPad against reverse-engineering or tampering for unauthorized access, piracy and
insertion of exploits. He explained:
Our technology introduces itself right into the build process. Typically a customer will use our type of product to obfuscate the code that is written by the developer, so that code is inherently harder for a hacker to understand the logic of and subsequently be able to manipulate.
I asked whether obfuscation had the potential for causing performance problems.
Absolutely, it can. A lot of that is controllable by introducing it into the build process. The technology can have an adverse affect on performance, but it’s all managable. There’s a balancing act that needs to be assessed for any aspect of security. In the case of the application, [you’d ask the question] how much security do I want to introduce and still balance the performance that my customer expects? The tuning that can be accomplished is all part of what we call, ‘a guard specification style.’
Arneja went on to explain the configurations that can be done to create the appropriate balance of security and performance.
Curious about obfuscation tools and whether or not their use would grow as a means to protect mobile and embedded applications, I spoke with some analysts in the industry. In Application security hardening for mobile and embedded software, Bob Walder, Research Director at Gartner, said of code obfuscation:
Code obfuscation is the more widely adopted and more-mature method of protecting applications, but estimated adoption rates are still in the high single digits, because most organizations are unaware of its benefits until they directly experience the theft of IP or an attack from an application compromise. Furthermore, for application protection techniques that rely on the insertion of code, development organizations may be reluctant to allow the injection of new code into an application from a source other than a developer.
What are your thoughts?
At SearchSoftwareQuality.com, we have a lot of content about “agility” and about “application lifecycle management” (ALM). But often these terms are used in many different contexts. Some people refer to almost any tool that manages part of the development lifecycle as an “ALM tool,” and “agility” seems to be the buzzword of the year, referring to almost any process that promotes collaboration. What does “Agile ALM” really mean?
Well, I got the chance to talk to the expert, author of Agile ALM, Michael Hüttermann. Hüttermann’s book is jam-packed with information about building agility into your development lifecycle. Reading this, decision makers will be able to see the difference between the vendors who play buzzword bingo and those who really implement what’s most important in an ALM tool. I found his book a virtual goldmine of information.
In Agile ALM: Interview with author Michael Hüttermann – Part 1, I queried Hüttermann about software configuration management (SCM), “lightweight” tools, and the importance of integration of tools that manage different aspects of the lifecycle.
In Agile ALM tools: Q&A with author Michael Hüttermann – Part 2, we talk about attributes of agile ALM tools, automation, and tradeoffs between flexibility, configurability and complexity in tool sets.
Stay tuned as we have further interviews with Hüttermann and continue to explore this very timely topic.
Agile ALM by Michael Hüttermann is available through the MEAP (Manning Early Access Program) at Manning.com. Compliments of Manning.com, there is a 41% discount on the MEAP, ebook and pbook of Agile ALM. Please use promotional code: agilealm41 in the Promotional Code Box at Manning.com.
Distributed Agile development: Researchers use IBM Rational Team Concert for transcontinental project
When Pace University led a study involving five master’s students in computer science on three different continents, they knew selecting the appropriate tooling would be key to the students’ development process. The students on this unique distributed team worked on a mobile phone application called Target First Grade that helps instruct mathematics, reading, writing and geography to first graders in developing countries. The purpose of this project was to examine how well agile and Scrum practices support the work of distributed developers, as well as how important tooling is in supporting the developers when transitioning from a traditional to an agile application development approach.
After using traditional models in application development studies during the four previous years and cobbling together several different tools for the same needs, they adapted an agile approach in the fifth year of research. With the selection of IBM Rational Team Concert, they found that “the end-to-end tooling was a superior model,” according to Dan Griffin, Marketing Manager for IBM Rational.
The researchers chose IBM Rational Team Concert because it offers a collaborative development environment that’s built on Eclipse technology, which the students were already familiar with. RTC enabled the students to practice Scrum, to communicate synchronously or asynchronously, to pull diverse reports and to maintain transparency; this type of communication was particularly important as these students never met all in person in the same location. It was also helpful for tracking 45 user stories, conducting sprint planning, setting priorities and allowing for checks on real-time project status.
Innovative studies like this one are being used to pave the way for future software development projects that could make it easier for academics and software professionals to put their talents to work for other charitable and educational causes. For more information on this, check out what other bloggers from Software for a Cause have to say at softwareforacause.org.
How do you go about gathering requirements and testing to see if those requirements passed when you are talking about a medical device? Gathering requirements and testing traditional software seems somewhat straightforward in comparison. With medical devices, we are talking about actual humans who are dependent on that software.
Last month I spoke with software development manager Mace Volzing of IntraPace, who uses Jama Contour to manage requirements for the development of the abiliti device — a medical device implanted in obese patients to help control their eating. The device detects when food is eaten and helps the patient to feel a sense of fullness.
In Embedded software for medical devices: Differences to consider in the SDLC, Volzing says that a traditional methodology was used, although he has had success with using Scrum for his website applications. He is thinking about using a hybrid approach for embedded software development in the future.
In Requirements management with embedded software: Interview with IntraPace, Volzing talks more about the requirements process and the increased importance of traceability when working with embedded software applications on medical devices.
Check out this informative and interesting interview!
Many informative tips were published on SearchSoftwareQuality.com in 2010. Here is a countdown of the most popular tips of the year:
Used in conjunction with Selenium’s online tutorials, this tip provides additional guidance on how to start out with Selenium RC in Perl regardless of your platform or server. Once you have Selenium set up, learn how to create and run your first test.
Selenium, an open source automation testing tool, offers an Integrated Development Environment (IDE) plug-in that unifies the tool with desirable Web browser-based test features. Using Selenium IDE provides easy-to-use record and play back features, giving even those with no programming expertise, the capability to create simple scripts.
Web 2.0 and Rich Internet applications, though great functionality-wise. can place many complications in the way of Web security. In this tip, a Web security expert explains where problems can occur and what free tools are available to avoid issues.
Learn how to write load tests, TestCases and run them with soapUI in this expert tutorial. SoapUI is great for tracking test criteria statistics and locating problem areas are.
An expert tester explains seven useful tips for determining appropriate performance requirements that can be tested throughout the development cycle. Knowing the right conversations to have with stakeholders and project team members will lead to high-quality, quantifiable performance requirements.
Although POST and GET HTTP requests essentially perform the same command on a Web server, a security expert says there are inherent dangers in using one over the other. Learn why one type of processing request provides more security for your Web application in this expert tip.
Often called the daily stand-up, must everyone at the Daily Scrum meeting literally stand? Which rules are inflexible? How are the rules enforced? Find out the objectives of the Daily Scrum and how agile teams are operating to meet these objectives.
How will agile testing methods be determined? What are the best testing tools? Learn what agile project managers need to know to assure high quality in their tests.
Is your organization trying to decide whether to use a predictive methodology such as waterfall or an adaptive methodology such as scrum? Senior consultant David Johnson describes the history of software methodologies and the differences between these two models of software development. A hybrid approach combining aspects of both models may be a viable alternative as well.
After exploring the definition of a test case by surveying test experts, authors and students, consultant Robin Goldsmith learns that interpretations remain ambiguous and varied. Similarly, the level of detail thought to be needed to define requirements can vary and can often drive the level of detail of the test efforts.
This week on SearchSoftwareQuality.com, we explore two characteristics of ALM that are above and beyond what is talked about when discussing SDLC: extending the lifecycle to DevOps and collaboration.
In Extending ALM to deployment, Colleen Frye describes how ALM is now extending to release management, deployment and operations, areas often not associated with the traditional software development lifecycle. She quotes Forrester Research analyst Dave West as saying:
While traditionally ALM has focused on automating the software development lifecycle (SDLC), “increasingly we’re thinking ALM is a broader category that includes delivering the software, the ‘last mile’ of software. The point is information needs to be available to make effective [deployment] decisions.”
Similarly, SSQ contributor Chris McMahon also talks about the trend to extend the lifecycle to include “DevOps” in his tip, DevOps: Fostering collaboration in software development. McMahon notes the importance of collaboration between development and operations, a common theme in both ALM and agile methodologies.
In my tip, Collaboration tools: Communication trends in ALM, I talk about the prevalence of collaboration features in ALM tools allowing teams to communicate more effectively throughout the lifecycle.
Last week, software requirements management vendor Jama added collaboration features to their Contour product. Jama CEO Eric Winquest says Contour 3.0 adds features which will allow teams to stay more connected, be informed of changes and communicate more effectively. Winquest talked about the growing complexity of software and the many tools and processes that are available. However, he stressed the importance of the communication of the project team.
“At the end of the day, it’s not really the tools and methodologies that get projects done, it’s really the people. We believe it’s the human interactions that are missing from enterprise software tools.”
In my recent tip, Collaboration tools: Communication trends in ALM, I write about how collaboration in ALM tools is a growing trend in the industry. With distributed teams, collaborative features allow teams to have stronger communication, better change management, and better ability to store and archive all kinds of data and documentation and keep that documentation up-to-date.
Mace Volzing, software development manager at IntraPace, used Contour to help manage the requirements for IntraPace’s abiliti device– a medical device with embedded sofware used to help obese patients manage their eating habits. Volzing found the tracability features of Contour invaluable and necessary when doing development for a medical device.
“Each project has documents that are interrelated. All of them link together through Contour, which is incredible when you go to do any kind of maintenance later or any kind of change request later on.”
IntraPace used a waterfall methodology to develop the firmware for the abiliti device. However, web software is also under development that will allow for social networking among the patients using the device. For this, Interpace is using a Scrum methodology with success. Volzing believes that for the next release of firmware, they may use a hybrid approach. However, regardless of methodology, they’ve found that Contour is easy to use, providing the needed functionality to document and track their requirements throughout the lifecycle.
Volzing said they are looking forward to the upgrade to Contour and having the additional collaboration features in place.