Software Quality Insights

May 4, 2011  2:11 PM

STAREAST keynote: Win friends, influence people and deliver quality software

Yvette Francino Yvette Francino Profile: Yvette Francino

Dale Carnegie’s timeless classic, “How to Win Friends and Influence People,” may work well for sales and socializing, but will it work for testers? Carnegie’s first principle tells us, “Don’t criticize, condemn or complain.” Already testers are in trouble! How can they not be viewed as annoying when their role is to find and report on problems? At STAREAST, 2011, author and project management expert Andy Kaufman delivered a keynote, titled “How to Win Friends and Influence People – and Deliver Quality Software.” He showed us how the principles that Carnegie touted still apply today. To be successful, it has been shown that only 15% is due to professional knowledge and 85% is your ability to express ideas and to arouse enthusiasm among people.

Kaufman did a fantastic job of arousing enthusiasm amongst this crowd. Stay tuned as we cover additional sessions throughout the next two days!

May 2, 2011  5:10 PM

Are defect tracking systems really needed in Agile environments?

Yvette Francino Yvette Francino Profile: Yvette Francino

In every software development project I’ve ever worked on over the past 27 years, we used defect tracking tools to help us manage the bugs that were found in the system. Not only did these tools help us manage what we needed to work on, but they provided metrics so that we could look for quality trends. Defect tracking systems (DTS’s) were an integral part of our tool set. The first time I heard that some Agile teams were not using them, my immediate reaction was that Agile was not for me. I was all for collaboration, but somebody better be tracking and documenting the bugs!

Over time, as I became more familiar with Agile methodologies, I realized that there are alternative ways to track and manage defects. This week, Agile expert and SSQ contributor Lisa Crispin will be presenting at STAREAST 2011: Limbo Lower Now: An Agile Approach to Dealing with Defects. Crispin highlights her presentation in one of our STAREAST previews: Agile testing and defect tracking.

While there is no “rule” on how Agile teams track bugs, Crispin lists several alternatives including self-documenting automation tests:

Some Agile teams, especially those that embrace lean development, take a different approach to defects. Anytime a bug is identified, an automated test is written to reproduce it, the bug is fixed, and both the code fix and the test are checked in. The test documents the bug, and will alert the team in case that same problem occurs again. This enables teams to “fix and forget” bugs.

Crispin also talks about the use of wikis, story boards, and other techniques used by Agile teams to ensure defects are being addressed and documented. While defect tracking systems are still used by some Agile development teams, they are not the only means for tracking and managing bugs.

I’ll be meeting with Lisa Crispin and other industry experts this week at STAREAST 2011. For more conference interviews and conference coverage, check out STAREAST2011: News and interviews from

April 29, 2011  3:15 PM

Security testing in an Agile environment

Melanie Luna Melanie Luna Profile: Melanie Luna

Recently, has been examining the ongoing adoption of the Agile approach in small and large organizations. Our research shows that project success is highly dependent upon diligent requirements management processes and comprehensive security testing efforts.

It can be helpful to learn from others what has worked in the past and what hasn’t. While several aspects of Agile methodologies have changed since its inception a decade ago, some techniques translate into today’s projects. For more on implementing smaller projects, read QA expert professional Chris McMahon’s tip: Early days of Agile development: Lessons for small projects.

Security expert John Overbaugh addresses one of the top security vulnerabilities in Web applications: an injection attack, where the application is tricked into treating input as if it were code so that a hacker can infiltrate the application. For techniques on how to test for injection vulnerabilities, check out his tip: Application security: Testing for injection vulnerabilities.

In preparation for the STAREAST 2011 conference taking place May 1-6, Site Editor Yvette Francino and other SSQ contributors have been conducting interviews with presenters:

  • Learn about Test Centers of Excellence in this interview with quality advocate Tom Delmonte.
  • For information on testing for unexpected problems such as system faults or malicious attacks, read this interview about fuzzing and fault modeling with STAREAST presenter Shmuel Gershon.
  • How has Agile testing changed over the past 10 years, and what are the most important skills for an Agile tester? Find out in this interview between Lisa Crispin and Janet Gregory, co-authors of, “Agile Testing — A Practical Guide for Testers and Agile Teams.”

SearchSoftwareQuality editors and contributors will be in attendance at this important software testing event this week. Check back here for ongoing coverage, including more interviews, tips and blog posts.

April 14, 2011  4:22 PM

Both network and application security are important

Yvette Francino Yvette Francino Profile: Yvette Francino

When people think of security testing, they often think about the network layer — that area outside of the application. However, application security — security within your application — is important as well. John Overbaugh explains the difference in his two recent tips.

In Boost network security using firewalls, encryption and logging, he uses the protection of a home as an analogy:

To illustrate networking and application security, consider a private home with high-value targets. The access to the home (front gate, long driveway, wide lawns, and surveillance cameras) is a crucial element to protecting the home.

Overbaugh compares network security to breaking through the physical security that protects the house and application security to getting in the house and stealing the jewels. In this first tip, Overbaugh stresses the goals of network security, protecting network resources and the integrity of data traveling across the networks.

In his second tip, Application security: Protecting application availability, data confidentiality and integrity, Overbaugh addresses application security concerns. This effort involves keeping the data within an application safe.

Take a look at these two tips to understand more about both network and application security. Both efforts are crucial in keeping your application and data secure.

April 13, 2011  11:35 PM

How to make Agile stick: Howard Deiner at Mile High Agile

Yvette Francino Yvette Francino Profile: Yvette Francino

At the Mile High Agile conference held in Denver on April 7th, Howard Deiner of Deinersoft, Inc. gave a presentation about transitioning to Agile entitled, “How to make sure Agile sticks.”

Deiner’s presentation was filled with stories of Agile transitions and some of the pitfalls and traps that organizations can fall into. “A ‘smell’ is a problem that comes up, and you should raise an eyebrow,” said Deiner when talking about “smells” that warn him that there may be trouble with an Agile transition effort, and it may require further investigation. However, just like with expensive Gorgonzola cheese, Deiner says, you don’t want to toss everything with a suspicious smell.

Examples of “smells” to be leary of with Agile transition include:

  • Coach-lite: The matrixed organization, where a coach is spread across multiple teams.
  • Just fix the delivery team: Applying Agile only to the delivery team rather than the entire organization.
  • Buying tools before you have your processes down: Figure out your processes and buy tools that will fit your needs, rather than the other way around.
  • Closet command and controllers: Management must trust their staff and encourage collaboration.
  • Methodology polytheism: Mixing Agile and traditional methodologies can be wasteful and frustrating.

Deiner gave eight traction tips that would help in making Agile “stick” even when problems are encountered.

April 11, 2011  2:38 PM

Odyssey Software announces the release of Athena Configuration Manager v5.0

Melanie Luna Melanie Luna Profile: Melanie Luna

On April 11, Odyssey Software announced the release of Athena Configuration Manager v5.0, a remote mobile device management (MDM) solution that offers several functionalities, including security, asset inventory, remote assistance and software distribution.

SSQ spoke with Odyssey Software CEO Mark Gentile last week, who shared a couple of mind-boggling statistics: “A recent statistic says that every second there are two iPhones activated. Also, as of two months ago, there were a reported 300,000 Android activations per day.” With numbers like these, mobile security has become increasingly important.

In recent months the market for smartphones and tablets has been experiencing enormous growth. While in the past enterprise IT personnel were primarily focused on desktop and laptop management, there is a growing need to shift focus to phones and tablets due to the sheer number of these devices that employees now use.

Mobile devices often enable access to more than just corporate email, opening up a host of security issues. It’s important for enterprises whose employees use corporate devices remotely to look for solutions that support multiple platforms as well as scalability.

Athena offers several features, which Gentile explained in detail. Since Odyssey Software offers an add-in for Microsoft systems centers, IT staff can manage mobile devices from the same environment as the in-house servers and desktops, so they can control what is happening with all the company’s devices at the same time.

In addition, Athena works to secure all the hot platforms, including iOs and Android. Enterprises can monitor asset inventory and detailed data about each device such as signal strength and software installed. Users can also access remote assistance and other self-service functions.

April 8, 2011  12:24 AM

Jean Tabaka’s keynote at Mile High Agile: Lean in

Yvette Francino Yvette Francino Profile: Yvette Francino

The inaugural Mile High Agile Conference kicked off April 7th with a keynote from Agile Fellow, Jean Tabaka from Rally Software. Addressing the crowd of 500 (a sell-out), Tabaka spoke of the importance of community and working together to “elevate agility,” the conference’s theme in her presentation titled, “Elevating the Agile Community of Thinkers.”

Tabaka started by describing a meeting she’d had with fellow Agile enthusiasts, Liz Keogh and Eric Willeke, in which they forged the idea of creating a “community of thinkers,” — people who would demonstrate leadership behaviors and help promote agile thinking. She stressed the difference between community building and destructive bullying, speaking of the infighting that can happen amongst Agile enthusiasts who are determined to “win” or be “right” and make the other person “wrong.” Instead, Tabaka encourages people to “invite inquiry.” “Your organization is only as wise as the least vocal person,” she says, encouraging everyone to have a voice in discussions.

Throughout the keynote, Tabaka encouraged us to all “lean in” and take risks. “Be prepared to take the hard stuff and push yourself out of your comfort zone,” she encouraged.

Here’s a reaction from Wayne Wells who was at the conference:

April 6, 2011  2:55 PM

Daptiv combines traditional and Agile in PPM solution

Yvette Francino Yvette Francino Profile: Yvette Francino

On April 5th, Daptiv announced the integration of Rally Software with their PPM solution. Project portfolio management (PPM) tracks an organization’s projects so that executives are able to make decisions about company goals, strategies and spending. However, many companies have a variety of software projects using different methodologies and different project management tools and metrics. It can be a challenge to merge those metrics to obtain an overall report of organizational health.

I spoke with Ian Knox, VP of Marketing at Daptiv, about the announcement. He described five primary metrics that all software development projects should track, regardless of methodology being used:

* Scheduled finish date
* Percentage complete
* Scope change
* Cost vs. budget
* Project health

The issue, of course, is that traditional teams track these metrics differently than Agile teams. “The unit of progress in Agile is a story point, whereas with a traditional waterfall it’s reaching a milestone or how many task hours you have completed. The underlying metrics are very different,” said Knox describing one example.

Because many PPM tools don’t have the ability to combine metrics from Agile projects, those projects may be lacking in visibility at the executive level. “When you have a certain number of Agile projects, it makes sense to integrate into a single source of truth for executive portfolio reporting,” said Knox.

Knox stressed that the integration would not impact developers working with Rally. They would continue to do so with no changes required to their Agile practices. “The development team needs to be left alone. Problems happen when project managers try to impose traditional project management reporting on an Agile team and it totally breaks the culture. Our goal with this is to allow the development team to run exactly as they want to with their Agile culture and Agile methodology and then the data is pulled data out of Rally to allow for executive visibility.”

Forrester analyst Dave West says of the announcement:

“We do see a trend of PPM vendors either integrating with ALM tools or building out functionality to support more the management of development projects. The fundamental issue is that planning and management reporting benefits from real development information that ALM tools collect. By injecting the planning information into the development space, it is possible to consistently work within the projects. With the advent of Agile practices, it is clear that planning and development must have a tighter relationship, as planning happens more frequently and status reporting needs to include real time information. It is great that Daptiv is working with a leading Agile tool such as Rally.”

April 5, 2011  1:40 PM

Replay Solutions announces DevOps survey results

Melanie Luna Melanie Luna Profile: Melanie Luna

Tuesday Replay Solutions released the results of a survey conducted in collaboration with HP this January on the evolution of DevOps trends during the past year. Over 1,000 respondents provided feedback on the role of DevOps in their organizations, answering questions about personnel, tools, drivers and advantages.

Jonathan Lindo, Co-Founder and VP of Products & Technologies for Replay Solutions, a company that has been closely involved in the DevOps community, discussed the survey and the results with SearchSoftwareQuality last week, highlighting the correlation between DevOps adoption and the use of Agile development methodologies.

The survey found that DevOps is particularly helpful in facilitating a faster, more iterative software release, increasing speed-to-market and turnaround times due to faster response times. Respondents also cited overall improved communication as a major benefit of this structure.

For more in-depth discussion of the survey results, check out this story on Survey Results: No longer an emerging trend, DevOps is here to stay.

April 4, 2011  2:05 PM

Gorilla Logic announces automation test tool for iOS

Yvette Francino Yvette Francino Profile: Yvette Francino

Today Gorilla Logic announced the release of a new open source automation test tool, FoneMonkey 5, for testing iPhone and iPad applications.

I spoke with president and CEO of Gorilla Logic, Stu Stern, who was one of the founders of Gorilla Logic in 2002. A former Sun Microsystems exec, Stern says Gorilla Logic, primarily an Agile development consulting firm, brings an executive perspective with rigorous process to their clients.

“One of the challenges was finding good testing tools for rich applications,” says Stern when talking about the creation of FlexMonkey, their first open source automated test tool for Flex applications.

Now they are following that up with FoneMonkey which is a robust script recording and playback tool, similar to the popular open-source tool, Selenium. Working on both simulators and real devices, FoneMonkey includes code generation options, generating test scripts in Objective-C that can be run under OCUnit, or JavaScript that can be run with Apple’s UI Automation tools.

For more information on mobile application testing, check out these recent SearchSoftwareQuality articles: Tips for application testing on mobile devices and Defining a strategy for testing mobile devices.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: