LAMP, an open-source Web development platform based on Linux, Apache, MySQL, and PHP, is getting some added protection from attacks thanks to Metaforic.
Metaforic, a provider of anti-tamper solutions, announced that upon request it will provide free versions of secured Apache and MySQL to enterprises. Utilizing a lightweight version of MetaFortress, Metaforic will provide anti-tamper protection and continuous integrity checking for critical parts of the LAMP stack to help defend against multi-vector attacks designed to discover and exploit the weakest point of an organization’s server infrastructure.
The move is important because as more enterprises deploy open-source technology, cybercriminals will target the security vulnerabilities within that infrastructure. And those criminals are looking for any weak spot, whether it’s the operating system, Web server, database system, or the application layer.
MetaFortress Open is specifically targeted at network infrastructure applications. Like the flagship MetaFortress, Open is an anti-tamper solution that inserts security and integrity checks into an application’s source code to prevent against hacking and unauthorized usage.
With the recession weighing down on all of us, I’ve heard a few people talk about not letting this crisis go to waste. Ryan Martens in his column last week said now is the time for companies to take a close look at their development processes and make changes that will reduce costs now as well as in the future.
HP Software is also talking about taking advantage of the crisis. Mark Sarbiewski, director of product marketing at HP Software, said the company recommends leveraging the crisis to do three things:
- Get control of IT spending — Determine priorities and eliminate low-priority things.
- Put solutions in place now that allow you to centralize, eliminate redundancy, and maximize your experts
- Drive through process change and automation — Standardize on best practices and automate, focusing on the development process and operations.
To help companies accomplish those things, HP Software today announced two significant products: HP Quality Center 10.0 and HP Universal Configuration Management Database (UCMDB) 8.0.
“We look at Quality Center 10.0 as the heart of how you can change the software development life cycle,” Sarbiewski said. “It includes requirements management, test management, and defect management all in one place.”
At any time you can see how you’re doing against the software requirements. Additionally, HP has improved the ability to share things between projects.
“In Quality Center 10.0 we’ve expanded beyond the simple project model and can promote processes to all projects and share things with all projects throughout the entire cycle,” Sarbiewski said.
Quality Center 10.0 also integrates with HP’s other testing solutions.
To help on the operations side, HP Universal Configuration Management Database (UCMDB) 8.0 can help organizations continually track how everything connects and manage change across all the tiers.
“We’ve now integrated this dependency map into all those systems. I’m monitoring the parts of the biz service and all the pieces support it. I can automatically notify if I see something going wrong in any piece,” Sarbiewski said. “We’re moving from being reactive to being predictive.”
A few weeks ago I wrote about how many programmers don’t consider unit testing a priority. Reasons given:
- They don’t know about it
- Good unit tests are hard to write
- It’s a waste of time and productivity
- Writing the tests would take too long (especially if they’re doing frequent iterations)
- Regression testing is more effective
Since writing that editorial, a few people have spoken up in favor of unit testing, saying it must be a priority.
Ralph Perry wrote, “Without an effective unit and integration test process, my experience is QA/system test becomes a dumping ground, code/build/dump with frequent loads just to get to a stable testable product.”
While Jaideep Khanduja wrote, “A lot of flaws or shortcomings of the product can only be tracked only through unit testing.”
This past week Kevlin Henney, an independent consultant and trainer based in the UK and a frequent contributor to SearchSoftwareQuality.com, added to the discussion with his article, “Making unit testing a priority.” Henney says there is an expectation that programmers do some sort of testing of their own code. The key is that they must write good unit tests, and doing so takes practice and skill. Bad unit tests “can be worse for a project than no unit tests at all,” he said.
But saying you won’t run unit tests because it’s hard to do well is “a curious and somewhat dubious justification,” he said. Instead, make an effort to improve your skills. Your projects will be better off for it.
iRise Connect for IBM Rational Requirements Composer will soon be available. This integration, built on IBM’s open Jazz technology platform will make high-fidelity iRise visualizations instantly accessible from within IBM Rational Requirements Composer.
This integration is designed to eliminate wasteful cost overruns and delays by ensuring IT organizations are documenting and tracking the right business needs the first time.
The iRise solution gives business analysts and project managers the ability to build working simulations of software before development begins. (Read “Simulation software a cure for hospital’s requirements validation ills” to learn how one customer uses the product.)
IBM Rational Requirements Composer is a collaborative toolset that provides the ability to visually capture requirements information as process sketches, storyboards, user-interface sketches, and rich text to better articulate and communicate the context of requirements.
The combination of the two products gives requirements professionals the ability to embed live, high-fidelity software visualizations directly into the Requirements Composer product by leveraging iRise SmartView. Business analysts, business stakeholders, developers, projects managers, and other IBM users can interact with “live” visualizations and fully experience simulated pages, scenarios, and masters directly within the Requirements Composer environment.
The visualization assets are then published in real time from iRise to the Requirements Composer repository and can be linked into the web of requirements artifacts.
For more information, visit iRise’s website.
Following up on its June announcement to release 20 products for its Jazz platform, IBM last week announced two new products — Rational Quality Manager and Rational Test Lab Manager.
Rational Quality Manager is a collaboration hub that includes involvement from the business side down through development and testing. “It streamlines the development process to make sure requirements are met and that they’re quality requirements,” said Scott Hebner, vice president of offerings for IBM Rational.
By ensuring all relevant members of the workforce are in sync and have access to data in real-time, a company can more easily make informed decisions, better assign and utilize their resources, and react quickly to changes in the marketplace at a lower cost, IBM said.
“It provides a more defined process for how people work together and produce software,” Hebner said.
You determine everyone’s roles and the process you have to go through, and then decide the policies, procedures, and who can make decisions. You don’t move on in the process until the policies are met, he said.
Additionally, any communication between people and documentation that results is stored and becomes part of the workflow. That data is updated in real-time as changes are made.
“It provides more real-time updates and data,” Hebner said. “It will significantly lower the cost and risk of shipping poor quality software.”
Another new tool is Rational Test Lab Manager. Feeding off of the Quality Manager, it automates configuration of all the test machines. “This will help improve test lab scheduling and help them better utilize their resources,” Hebner said.
In economic times such as these, when companies are looking to cut costs and inefficiencies, Hebner said tools such as these will help. They will become more efficient and will reduce risk.
“As customers look at cost reductions, they’ll see inefficiencies in their IT department and will need to improve that,” he said. “These products are the kinds of offerings they’ll hopefully turn to in order to reduce costs and become more efficient.”
In related news, IBM is launching several other new releases of products within its Quality Management Portfolio, including IBM Rational Application Performance Analyzer, IBM Rational Functional Tester, IBM Rational Quality Manager Express, IBM Rational Performance Tester, IBM Rational Service Tester for SOA Quality, IBM Rational Test RealTime, IBM Rational AppScan Tester Edition, IBM Rational RequisitePro, IBM Rational Measured Capability Improvement Framework Assessments, Telelogic Rhapsody TestConductor, and IBM Rational Requirements Composer which is expected later this year.
Like software projects that use other development methodologies, agile projects can fail. They fail when agile development practices aren’t understood and/or aren’t followed. And they fail when organizations don’t realize that doing agile development requires a significant cultural change. Agile is not a tool you can simply install and expect to turn out perfect software.
An interesting dialog is taking place on James Shore’s blog stemming from his post “The decline and fall of agile.” Shore, an agile consultant and trainer, says more companies now call him for help with their flailing projects than to learn about agile. They’re struggling, he said, because they’re misapplying agile practices and because they don’t want to put in the time and effort to truly change.
Some companies, as other agile experts have advocated, have selected only a few agile practices to implement. The problem, Shore said, is that they’re not selecting the ones that make agile work.
Doing agile development requires a commitment. You need to take time to learn what it involves and make a plan to implement it. Agile is not “cowboy” as some people have said; it is highly disciplined, and it requires focus.
As the U.S. kicks off the holiday season with Thanksgiving on Thursday, it’s harder this year to find the hope and joy the season traditionally offers. Each day we hear about companies failing, industries needing government assistance, retailers struggling, increased joblessness, housing foreclosures, and more.
It’s times like these that make you really appreciate what you have — things large and small. With that in mind, I thought I’d take a look at things software testers can be thankful for. A few of these may be wish-list items for some of you, but if you’re fortunate to have them, you are very thankful indeed. (My thanks to the software testers who contributed to this list.)
Here they are — in reverse order — 10 things testers can be thankful for:
10. A product that has testability features built in
9. Coffee (or your caffeinated drink of choice) — Testing has a lot of late nights
8. Agile software development and early and frequent feedback
7. A manager who understands the benefits of training and lets you take courses and attend conferences
6. Microsoft Excel — The tester’s Swiss Army knife
5. Open source tools — As we know, testers don’t get big budgets
4. A programming team that actively solicits feedback from testing and appreciates the value of testers
3. A talented and committed test team
2. Successful application releases
And topping the list …
1. A schedule that allows enough time for testing
What are you thankful for?
When you think about application or software security, you usually think about the bad guys outside your company trying to get in. But just as often, if not more, the danger comes from within with employees accessing personal data.
The issue of protecting data comes up when testing applications. Testers need production-like data to ensure applications work correctly, but you don’t want to give them live data. To help with that, companies are employing data masking technologies.
DataGuise is one company that provides a data masking tool. This week the company announced the industry’s first masking in place (MIP) solution for multi-database environments, the DataGuise dgSolution suite. Company officials say the suite solves two of the biggest concerns for building non-production test environments: time-to-deployment and production data leakage.
The suite includes dgDiscover, which helps locate sensitive data across various databases, and dgMasker, which masks the data in non-production environments.
dgMasker comes with 15 masking options out of the box, including options for Social Security numbers, credit card numbers, addresses, etc. And because it runs across multiple databases, if you make a change on one database it will also be changed on the others. You get consistent test data.
Erik Jarlstrom, vice president of customer advocacy at DataGuise, said they tried to make it a high-performance suite. “We really tried to make it as fast as possible so you aren’t releasing unmasked data to development,” he said.
Say the word “agile” and people immediately have a reaction. Those in favor of it see it as an efficient way to create software that users actually want. Those against it see it as “cowboy” or rogue — developers doing whatever they want.
If you work at a company where people like the processes they have for developing software and push back against new ideas, needless to say it can be difficult implementing agile development practices. But it can be done if you make subtle changes and don’t even mention the word agile until you have to.
David Christiansen explained in his recent Webcast “How to introduce agile in a waterfall environment” how he used guerrilla-style tactics to introduce agile practices on his projects. Little by little he changed things until it was obvious that they were doing agile development, and then he had to admit he was using those techniques. But at that point, he could show management that agile development worked. He could show them proven success.
David said that usually it’s IT that pushes back when talking about agile — managers, testers, and sometimes developers. It isn’t the users or stakeholders. They don’t care what you do as long as you give them software that works the way they want it to, he said.
You need to be careful when following David’s secret strategy, as you don’t want to be fired for disobeying your boss. If you ask if you can do agile development and you’re told no, you probably shouldn’t go ahead and do it. But if you can show them first how agile practices work, then you’re likely to get more support. As David said, “Sometimes it’s better to ask for forgiveness later than to ask for permission first.”
As the year starts to wind down, we at SearchSoftwareQuality.com are looking back at what took place during 2008. One thing that we’re focusing on is the tools and solutions that were released. In an effort to help our readers understand what tools are available to help them, we are creating a guide to tools released in 2008 to be published in January.
In order for us to do that, we need your help identifying tools that were released. The tool categories we’re focusing on:
- Software testing
- Test management
- Code quality
- Application security
- Software requirements
- Agile development
- Project management
- Application lifecycle management
- Application performance monitoring & management
Please send us information about tools released between Jan. 1, 2008, and Oct. 31, 2008, that you’d like us to consider for the guide. The tools must be new products or significant upgrades. And you must include the following information:
- Product name and version/model number
- Company name
- URL for the product
- Product or company logo
- Date product was released
- Tool category (see above)
- Product description
- If it’s an upgrade, features that were added
- What makes it innovative?
- Details about how it performs
- Details about its ease of use and manageability
Send your product submissions to Editor@SearchSoftwareQuality.com by Friday, Dec. 12.