Académique Documents
Professionnel Documents
Culture Documents
$9.95
www.TechWell.com
SQE TRAINING
www.sqetraining.com
>> Hansoft is an integrated solution for agile and lean development, collaborative scheduling, real-time reporting, bug tracking / QA, workload coordination, portfolio and document management, used by the most demanding software developers in Europe, Asia, Australia and North America. Hansoft does not only make team members and managers more productive in their everyday work, it also increases organizational productivity by enabling more efficient production methods and practices. Reduce your project risks with Hansoft, control your success. <<
14
C O N TENTS
features
14
COVER STORY
Adapting your software development tools, practices, and processes can be difficult, even overwhelming. Where do you start? Jonathan Kohl and David McFadzean have studied and applied game-like processes and behaviors to help provide structure to software development adaptation. They propose a process strategy called the software development game to help teams who are faced with change. by Jonathan Kohl and David McFadzean
20
20
24
24
in every issue
Mark Your Calendar Contributors Editor's Note
columns
9 TECHNICALLY SPEAKING
SURPRISE! by Lee Copeland When we are surprised, its because we were oblivious to events in our world and we failed to observe relevant information. How oblivious are you?
4 6 7
From One Expert to Another 10 Virtual Resource Shelf 11 Product Announcements 27 FAQ 35 Ad Index 37
Better Software magazineThe print companion to TechWell.com brings you the hands-on, knowledge-building information you need to run smarter projects and deliver better products that win in the marketplace and positively affect the bottom line. Subscribe today to get six issues. Visit www.BetterSoftware.com or call 800.450.7854.
12
CAREER DEVELOPMENT
DONT BURY THE SURVIVORS: THE VALUE OF CLEAR COMMUNICATION by Lanette Creamer Whether youre discussing software defects with your test team, analyzing requirements with your BA, or programming in your favorite new language, communication is essential. Lanette Creamer has some tips to help you communicate clearly with any audience.
36
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
SQE TRAINING
software tester certification
www.sqetraining.com/certification September 2527, 2012 Atlanta, GA Toronto, ON September 30October 2, 2012 Anaheim, CA October 911, 2012 Portland, OR St. Louis, MO October 1618, 2012 Austin, TX New York/New Jersey October 2224, 2012 Tampa, FL October 2325, 2012 Chicago, IL October 30November 1, 2012 Bethesda, MD Raleigh, NC Advanced Certification Training October 29November 2, 2012 Bethesda, MD
Publisher Software Quality Engineering, Inc. President/CEO Wayne Middleton Vice President of Communications Heather Buckman
training weeks
www.sqetraining.com/trainingweek Testing Training Weeks October 2226, 2012 Tampa, FL November 1216, 2012 San Francisco, CA Agile Software Development Training November 46, 2012 Orlando, FL
Publications Manager Heather Shanholtzer Editorial Managing Technical Editor Lee Copeland Online Editors Joseph McAllister Jonathan Vanian Community Manager David DeWald Production Coordinator Cheryl M. Burke
conferences
STARWEST 2012 www.sqe.com/StarWest September 30October 5, 2012 Disneyland Hotel Anaheim, CA Better Software Conference East 2012 www.sqe.com/BetterSoftwareEast November 49, 2012 Rosen Shingle Creek Orlando, FL Agile Development Conference East 2012 www.sqe.com/AgileDevelopmentEast November 49, 2012 Rosen Shingle Creek Orlando, FL STARCANADA 2013 www.sqe.com/StarCanada April 812, 2013 Delta Chelsea Toronto, ON STAREAST 2013 www.sqe.com/StarEast April 28May 3, 2013 Rosen Shingle Creek Orlando, FL Better Software Conference West 2013 www.sqe.com/BetterSoftwareWest June 27, 2013 Caesars Palace Las Vegas, NV Agile Development Conference West 2013 www.sqe.com/AgileDevelopmentWest June 27, 2013 Caesars Palace Las Vegas, NV
Design Creative Director Catherine J. Clinger Advertising Sales Consultants Daryll Paiva Kim Trott Production Coordinator Desiree Khouri
CONTACT US Editors: editors@bettersoftware.com Subscriber Services: info@bettersoftware.com Phone: 904.278.0524, 888.268.8770 Fax: 904.278.4380 Address: Better Software magazine Software Quality Engineering, Inc. 340 Corporate Way, Suite 300 Orange Park, FL 32073
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Test Studio
Test the reliability of your rich, interactive JavaScript apps with just a few clicks. Benefit from built-in translators for the new HTML5 controls, crossbrowser support, JavaScript event handling, and codeless test automation of multimedia elements.
www.telerik.com/html5-testing
Contributors
Scott RobeRt Aziz is director of software quality services for QA labs at UST Global. In software quality assurance for twenty-four years, Scott has ten years of experience working with companies that have adopted SOA and web services. His expertise is in the formulation of a holistic SOA QA strategy that optimizes quality across an entire software development lifecycle. Scott can be reached at Scott.Aziz@ust-global.com.
With more than thirty years of experience, Lee copeLAnd has worked as a programmer, development director, process improvement leader, and consultant. Based on his experience, Lee has developed and taught a number of training courses and is the managing technical editor for Better Software magazine, a regular columnist for StickyMinds.com, and the author of A Practitioner's Guide to Software Test Design. Contact Lee at lcopeland@sqe.com.
LAnette cReAmeR likes testing software even more than Diet Coke and cats. After working for a decade at Adobe, Lanette jumped into independent consulting. Throughout her career, she has evangelized advancement of real-time human thought over process solutions in software quality. Lanette believes collaboration is a powerful solution when facing complex technical challenges. Find Lanette on her well-known TestyRedhead blog, on Twitter, and occasionally in industry magazines and technical papers.
jonAthAn kohL is an internationally recognized consultant and technical leader, popular author, and speaker. Based in Calgary, Alberta, Canada, he is the founder and principal software consultant of Kohl Concepts, Inc. Jonathan helps companies define and implement their ideas into products, coaches practitioners as they develop software on teams, and works with leaders to help them define and implement their strategic vision. Read more of Jonathans work at www.kohl.ca or contact him at jonathan@ kohl.ca.
Based in Calgary, Alberta, Canada, dAvid mcFAdzeAn has more than twenty-five years experience and is passionate about building technology that increases intelligence by enabling better decisions. With an academic background in artificial intelligence, David has worked for several technology startups, including two he cofounded, taking on the roles of coder, UX designer, software architect, product owner, trainer, development manager, and executive. He is especially interested in helping technology startups transition to commercial ventures.
GRAhAm oAkeS helps people untangle complex technology, relationships, processes, and governance. Graham can be contacted through www.grahamoakes.co.uk or at graham@grahamoakes.co.uk. He is the author of the book Project Reviews, Assurance and Governance.
As director of engagement, RAjini pAdmAnAbAn leads the engagement and relationship management for some of QA InfoTech's largest and most strategic accounts. Rajini has more than ten years of professional experience, primarily in the software quality assurance space. She actively advocates software quality assurance through evangelistic activities including blogging on test trends, technologies, and best practices. Read Rajini's official blogs at: www.qainfotech.com/blog and reach her at rajini.padmanaban@qainfotech.net.
dALe peRRy has more than thirty-four years of experience in information technology as a programmer/analyst, database administrator, project manager, development manager, tester, and test manager. A professional instructor for more than twenty years, he has presented at numerous industry conferences on development and testing. With Software Quality Engineering for fifteen years, Dale has specialized in training and consulting on testing, inspections and reviews, and other testing and quality-related topics.
With a background in commercial engineering and cultural science, zeGeR vAn heSe started his professional career in the motion picture industry, switching to IT in 1999. A test manager at CTG Belgium, Zeger has a passion for exploratory testing, testing in agile projects, and, above all, continuous learning from different perspectives. He is the program chair of Eurostar 2012 in Amsterdam and co-founder of the Dutch Exploratory Workshop on Testing (DEWT). Zeger muses about testing on his Test Side Story blog, is co-author of CTGs STBoX Agile flavor, and regularly speaks at conferences worldwide.
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Editors Note
Im not one for video games, but I do enjoy a game of Boggle, dominos, or even badminton on occasion. Games can be relaxing, and they can also give you insight into the personality of your challenger. For example, Im a stickler for the rules and consider myself a good sport, but Ive played games with friends who think nothing of pushing the limits of legal play and others who have a very bad attitude about losing. Ive also played games with people who want to help everyone else do well, even to the detriment of their winning the game. Its fascinating to watch how competition and defined constraints affect people differently. There is a growing movement called the gamification of work that is becoming popular in many organizations. This method applies game-like activities to business situations to increase productivity and motivation. Much like I have experienced how different people behave while competing, researchers are examining how gamification can be used to improve business practices. Another area of study, game theory, is used to study decision-making strategies using mathematical models of cooperation and conflict. While game theory is normally applied to areas like economics, war, and even biology, when certain aspects of game theory are paired with gamification ideas and applied to software, the result is a strategy that Jonathan Kohl and David McFadzean call The Software Development Game. David has implemented this game on several projects with a lot of success. Their article explains the rules of the software development game and how you can apply it on your projects to manage decision making about processes, tools, and technology. Also in this issue, given the preponderance of apps in our daily lives, you shouldnt miss Scott Azizs exploration of some security testing tools in Practical Security Testing for Web Applications. And, finally, nothing screams red tape like the word governance. But what if you could refine your governance structures in a way that actually improves decision making instead of burying you under a pile of bureaucracy? Graham Oakes has a few ideas in his article, Whats Governance got to do with Effective Software Development? As always, I hope you enjoy this issue of Better Software magazine. Shoot me an email to let me know how you put the tools and techniques to work for you. Or look me up on Words With Friends.
Happy reading,
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
Mapping iT ouT
The Leading Conference on
S o f t wa r e t e S t i n g a n a lyS i S & r e v i e w
www.TechWell.com www.StickyMinds.com
Technically Speaking
Surprise!
Surprises are the worlds invitation to learn. Let your surprises trigger an investigation of your observation, meaning, and significance processes.
by Lee Copeland | lcopeland@sqe.com
Recently, when we were discussing the wonders of butterflies, fail to accurately map, we later may be surprised. In our mapmy three-year-old granddaughter, Kendra, said, Grandpa, ping, we may misinterpret by assigning to our observation when I was younger I was surprised to hear someone of the worst possible meaning, or the best possible meaning, or her advanced age reminisce about her past. a meaning based on our past, unresolved experiences rather The word surprise means to discover suddenly, unexthan the present context. Biases, agendas, pressures, and expectedly, and without warning; to become aware of somepectations can cloud our assignment of meaning. If we are thing not previously perceived. Surprise is a manifestation of a not careful, we may assume that the first meaning that we asdiscontinuity in our awareness. sign is the correctand onlymeaning. And this may not be In my software development manager days, I hated surtrue. Weinbergs Rule of ThreeIf you cant think of at least prises. Surprises were almost always bad news. Now that Im three different meanings of what you observed, you havent a lot older and a little wiser, I realize that surprise is often an thought enough about itis a vital tool to help our mapping indicator that discovery, learning, or even delight may be just of meaning. around the corner. The surprise itself After we assign meaning, we can be amusing, enlightening, befuddetermine significance. We may dling, disconcerting, or frightening, observed well and assigned When we are surprised, it may have proper meaning, but if we but surprise should not be the end the of the experience; it should be the dont understand the significance, be that we have simply been beginning. Analyze the surprise to we may later be surprised. We may learn why you didnt see it coming not assign the proper significance oblivious to events in and what you gain from that. for a number of reasons: We just When we are surprised, it may be dont know how important it is; our world. that we have simply been oblivious to it simply does not fit into our preevents in our world. As humans, we vious experience; we may be operfail to observe huge amounts of inating under rules that dont serve formation. Thats understandablethere is simply too much of us well; we may not be paying attention; or, like the story of it. However, some individuals and software organizations mainthe little boy who cried wolf, we have been previously conditain what Jerry Weinberg calls an oblivious culture. [1] They tioned to minimize its significance. (Why is it that my grandchoose not to systematically observe anything about their prodkids only complain of stomach aches on school day mornings ucts, people, or processes. A second type of person observes and just before piano practice?) but quickly filters outdata that does not match his view of the Surprises are the worlds invitation to learn. Let your surworld. (That continued quarterly decline in profits must be an prises trigger an investigation of your observation, meaning, anomaly.) A third type of observer, to prevent having to deal and significance processes. Look for gaps in your observawith the realities of the world, actually prohibits observing tional process. Which kind of oblivious are you? Do you assign generally when information gained through past observation meaning in an inquisitive and generative way, or do you follow caused conflict. I once worked for an organization that, each preconceived notions? Finally, consider how you assign signifiyear, changed the way it measured programmer productivity, cance to observations and meanings. Let your surprises trigger defects, and client satisfaction. The stated reason was to beyour learning. Youll be surprised at how useful it is. {end} come more accurate. The real reason was so that years could not be compared with other years. An accurate comparison Thanks to Michael Bolton, who always guides me well. would have shown that we were getting worse. When surprised, you might first consider whether your surprise came from a self-inflicted lack of awareness. For more on the following topics go to As we view the world around us, we map observations www.StickyMinds.com/bettersoftware. n References onto our context, knowledge, experience, and feelings. If we
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
Markus Grtner
Years in Industry: 6 Email: mgaertne@gmail.com Interviewed by: Zeger van Hese Email: zeger.vanhese@ctg.com
Jason Gorman announced the Software Craftsmanship conference in London back in December 2008 ... It was awesome, even for a tester like me. Starting from there, I tried to learn as much as possible about software craftsmanship as I couldnot from a technical point of view, but from a soft-skill point of view.
Long ago, I started digging into other topics than testing wisdomtopics like complexity science and psychologyand I found some pieces that are not very well known among testers. I see a lot of value in these fields, and I think we can learn a lot by combining these with our profession. I think in the years to come, testers will be very important to our field. We will teach testing to programmers, and we will have to seek testing skills in programmers, designers, and business experts and help them become better testers. My biggest challenge in teaching and mentoring testers right now is that I don't know what particularly I do that helps other testers grow ... I do some things that help other people while others refuse to listen to me. Of course, this is all right. I don't listen to anyone else on the street either.
I still think that testing is disrespected by others involved in software because there are too many out there who do a terrible job at it.
In the light of the new software development, we will have to find our spot. It will no longer be possible for a tester to hide behind test-case templates or foster following a test plan document only to find out that the product is unusable for everyone.
http://well.tc/FOETA14-5
10
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Author recommended books, blogs, gadgets, websites, and other tools for building better software
What are your favorite games to play with friends and family?
My favorite games to play with others are the team vs. team action and shooting genre, such as Halo and Call of Duty. They are a great release after a long day of developing QA and testing strategies and technical documentation. The competitiveness keeps everyone engaged and allows everyone to heckle each other in a friendly way, which provides for further entertainment.
Scott Aziz
My family has three different groups, each with its own unique culture. Craig and I love trivia, and we play Wordament together on his mobile phone, which means we never wait! We're learning new words together when we could be bored instead. My dad and stepmom like Rumikub and Mexican Train. I enjoy that those games are inclusive and allow for a good side conversation while playing them. My mom's side of the family is extroverted and very lively! We love to play Taboo, Cranium, and any game that is social, boisterous, and full of laughter. I like strategic games the best. I have fond memories of playing chess with my dad (a top-notch player) and learning that strategy could win out over experience and skill. I also played a lot of sports, so physical games can be a lot of fun with family because you have such a range of ages and skills.
Jonathan Kohl
Go Fishsometimes I can beat the grandkids.
Lee Copeland
My favorite game that I play quite often is a word-find game, where the player finds the word based on a limited set of clues that the other player provides. Although it calls for quick and deep thinking, I enjoy this because it makes you more agile and analytical, improving your problem-solving skills, so this a great game to hone ones testing skills in the process.
Lanette Creamer
I really enjoy playing massively multiplayer roleplaying games such as Lord of the Rings Online, Star Wars: The Old Republic, and Guild Wars 2. I've been a fan of role-playing games since the 80s because the story-telling aspect allows you to explore the moral dimension of your character's actions. The online versions allow me to play with the same group of friends even though we now live in different cities.
Rajini Padmanaban
David McFadzean
The game I and my family keep coming back to is Monopoly. It's a very social gamesimple rules with a lot of scope to negotiate local variations, make deals, etc. And there's a good balance between luck and strategy, between risk and reward.
Graham Oakes
www.TechWell.com
SEPTEMBER/OCTOBER 2012 BETTER SOFTWARE
11
Career Development
12
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Career Development
converted from an earlier version. The older version of the customer file had to go through a code path of forward conversion, which showed the bug. Once the file was saved, it no longer could reproduce the condition that was causing the unpredictable behavior. It appeared that my steps were very unreliable. The conversion issue was such a high priority that multiple developers would wait for the customer file to be posted and then convert and save it nearly instantly, making the problem we were trying to fix impossible to recreate. This not only cost us the ability to reproduce the issue but also caused confusion and damage to a customer relationship. Once I realized what had happened, I set up a locked copy that no one could accidentally edit. We then were able to reproduce the bug and figure out the cause. But, by the time we fixed the bug and deployed it out to customers, we had damaged so much trust due to miscommunication and invalid assumptions. Few professional publications would go to print without an editor, yet we still have many in software who question the need for professional testing. Many executives have had the bright idea to use cheap interns as editors in an attempt to save money, but they didnt expect to get the same result at the end. Ultimately, the value that you provide is only realized when you can communicate it in a way that reaches your audience. Even genius work becomes invisible when insufficiently communicated. What can a technical practitioner do to communicate clearly? One useful skill is to observe more carefully which communication styles work with different people. Which messages get through to the most important targets? Do they understand better after seeing a visual example? How much detail do they need? Consider the audience with whom you are communicating. Use words that are inclusive to beginners when they are part of the group receiving your message. Make your purpose clear and your writing concise, and address more advanced questions separately to avoid losing beginners in the details. Being sincere is absolutely essential, as smart people are generally perceptive about tone, body language, and sarcasm. Stretch the limits of your own style in order to be better understood. For some people, this kind of real-time style adaptation is a natural talent. The rest of us can improve through practice. As professional testers, we have opportunities to practice both on the job and in daily life. Some of the ways to practice testing are to run exploratory testing charters, brainstorm test ideas in a mind map, write a small script to get a new view of existing data, take a class on one aspect of testing, or explore new tools, blogs, tweets, or tutorials. Any of us can get out to a user group, a peer conference, or even an online presentation to keep our skills sharp. The same is true for communicating! Writing a blog is one way you can practice getting your point across with style and get feedback from others. Try asking your readers for peer
feedback. Have you read any of the testing books written in the past three years? Have you peer reviewed an article? If you want to start writing, there are a few established groups of writers in software you could join. And, if you are attending the 2012 Better Software Conference East or Agile Development Conference East, join us at the From Practitioner to Published Author bonus session to discuss communicating clearly on the written page. {end}
References
Software Quality Engineering Is Looking for Great Communicators If you are interested in writing or curating for one of our publications: Better Software magazine, StickyMinds.com, Agile Journal, CM Crossroads, or TechWell, we want to hear from you.
For more information, email Heather Shanholtzer at hshanholtzer@sqe.com and see our Call for Curators on page 19 of this issue.
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
13
ISTOCKPHOTO
14
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
any teams struggle to choose or adapt a software development process. Weve developed a process strategy called the software development game (SDG) for managing the mix of process, tools, and technology on
software development teams. SDG lets you pick a processany processand, using gaming concepts, helps you adapt it to your own needs.
How can serious software development be treated like a game? While you may play games for fun in your spare time, games are also serious business. Sports have professional leagues that support entire industries around their games. The military uses war games to test strategies and train soldiers. The SDG has been influenced by both game theory [1] (although we arent using any formal mathematical modeling) and a more recent concept called gamification [2]. Game theory is a mathematical discipline used for modeling areas as diverse as economics, war, business, artificial intelligence, and biological evolution. At its core, game theory views every situation involving cooperation and conflict as a game. Some games have a defined time limit of play and a clear winner and loser, while others are experience based and ongoinglike a quest. Recently, a movement called the gamification of work has become popular. Gamification involves imposing a game-like structure on certain aspects of professional situations to aid in productivity and motivation. Gamification can be as simple as offering rewards for completing certain tasks, or as complex as transforming an entire business practice into a game-like system. Because we can be so productive while performing repetitive tasks within social or gaming situations, researchers are trying to figure out how to tap into that potential to motivate within the workplace. (Gamification of work and game theory are not necessarily related, but there is an overlap. Understanding game theory can help gamification efforts, and gamification ideas can enhance game theory implementation.) On software development teams, the team vision, purpose, rules of conduct, and informal practices are often created and enforced informally. This can result in confusion about the mission and purpose of the development team within the organization. At best, this informality leads to misunderstandings and communication breakdown; at worst, it results in a poor alignment to leaderships goals for the organization. Either way, both the team members and the organizations lose out when there is wasted effort that isnt contributing to value creation. While formal game theory involves the use of mathematical models, analyzing gaming behavior is also effective. We have studied one aspect of game theory that looks at how people optimize their decision processes. In the SDG, we use game-like processes to help teams align with goals, provide clarity and coherence on issues, and offer visibility into the decision-making process. The SDG provides structure and accountability on a process that is frequently ad hoc, political, and unclear to team members. By gamifying decision making, the SDG helps software development teams determine and record their internal practices and their mix of technology, process, and tools. It can also serve as a framework to adapt existing policy and practices or to implement suggested changes for improvement after a team retrospective. While both of us have been influenced by game theory concepts when leading software development efforts, it was David who decided to create a software development game framework based on the game Nomic by Peter Suber [3]. Nomic is a game about decision making where players agree on an initial rule set to govern game play, then they raise and vote on proposals to change the rules. So, changing the rules of the game is considered a valid move. Nomic is frequently played online, and games adapt over time as the players incorporate new ideas and changes. This is a great fit for dynamic software development teams that are frequently confronted with changing environments.
Rules of Play
To implement an SDG instance, a software development team starts with a minimal set of rules and an initial goal to create a learning organizationa group of people who continually enhance their capabilities to create what they want to create [4]. Where the game evolves from there is entirely up to the players (team members), but if it goes well, they become more productive and efficient and make better decisions as the game progresses. The SDG can start at any levelexecutive, management, teams, or individuals. Later, the game can expand to include more players and teams as it proves its usefulness. David started as the facilitator. He created the game concept and educated team members on the process and the goals of the game. Once David had management buy in and the team agreed to try it out, he explained the initial rule set to govern game play and set up a meeting to see if all team members agreed to the rule set. A game page was created on the development team wiki describing the initial rule set.
Explanation of rulEs:
Rule 1: The initial goal of the game is to create a learning organization that enables the players to make high-quality choices and decisions. This rule should likely be refined to integrate the mission of the organization playing the game, as we specified above.
SEPTEMBER/OCTOBER 2012 BETTER SOFTWARE
www.TechWell.com
15
If a proposal is vague, team members will offer up ideas and alternatives, and proposal clarification is a natural outcome. A proposal can become more concrete through discussion and debate.
Rule 2: All players must unanimously agree to all rule changes. The voting rule initially specifies unanimity to pass any proposal. Most games amend this early on to specify some sort of majority vote in order to avoid stalemates, but the initial rule errs on the side of caution so that the foundations can be laid out carefully. Rule 3: Proposals may add, amend, or repeal a rule. This describes the initial set of moves that can be made in the gameintroducing a new rule, changing an existing rule, or removing an existing rule. The game will usually evolve more sophisticated rules, such as giving certain classes of players the right to veto vote under some conditions; creating a category of immutable rules that cannot be amended (unless they are removed from that category); and introducing new types of acts such as resolutions, goals, standards, and guidelines. Rule 4: All rules should be logically self-consistent. Ensuring that rules are logically self-consistent helps encourage fair play and motivates the players to keep the rule set sane. Whenever an inconsistency is introduced (accidentally or by design), the players will be motivated to resolve the inconsistency by amendment or repeal. David then guided the team through initial game play. After agreeing on the initial rule set, the team set to work on solving a difficult issue: determining C++ coding standards for the team. Choosing coding standards can be one of the most contentious issues any development team can face. (Those of you who code for a living understand how difficult this can be; those of you who dont, imagine trying to find compromise between opposing political parties or religions.) A proposal for a coding standard was put forward and voted in with a majority. After the vote and resolution, meeting details and the coding standard resolution were recorded on the development team wiki. By bringing the coding standards into the game, they now became rules of the game itself. By bringing software development policy and practices into the game, the team created a mechanism to follow and govern changes. For example, if a team member was complaining to colleagues about a lack of standards around builds, David would ask that person if the issue was important enough to be solved by the team. If it was, then he encouraged the team member to bring a proposal to the team so they could vote on it. A proposal could be as simple as: Broken builds are a serious productivity issue. Some of us are spending hours trying to fix the build instead of completing tasks. We need to agree to fix the build problem and come up with ideas to address the problem. While that might seem like a simple proposition to pass because its easy to agree to solve a problem, the hard part is actually doing something about it. If a proposal is vague, team members will offer up ideas and alternatives, and proposal clarification is a natural outcome. A proposal can become more concrete through discussion and debate. Ideally, the team will generate proposals with ownership and responsibility assigned to team members. From our prior example, a more specific proposal that would be actionable is: Broken builds must be fixed before any new code is committed to the version control system. Thinking up solutions for problems can take time and can cause a face-to-face meeting to drag out. Furthermore, some personality types think better outside of a group and may approach team members after a face-to-face meeting. The team agreed to use technology to make the process more efficientproposals and votes on them could be initiated and executed electronically. If a proposal required more information than could be conveyed in email or was of a serious nature, the facilitator could initiate a face-to-face meeting to hear the proposal and hold a vote. Now, imagine that you are the DevOps team member who has come up with a proposal to fix the build problem. Youre the team member who feels the broken build pain the most, and your potential solution works well. Youve tested it out and your findings are positive. You explain your proposal to adopt a solution within the SDG, but you fail to get a majority vote. You are disappointed, and no other alternatives received a majority vote. You know this is the right way to go, so what do you do? If you want the vote, you will need to do what people in politics do and lobby for support. Educate team members on the merits of your proposal. Try to get key, influential people on your side to vote for the proposal. Appeal to the skeptics: How about a proposal to identify measurable outcomes and do periodic checks on the system to see if it is solving problems or not? Make a formal proposal and vote.
16
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Hope your lobbying efforts pay off and the proposal passes. Once team members are comfortable with the process, it doesnt take long for them to realize that any proposal can be brought forwardeven the most self-serving ones. If there is team consensus to implement a change, the motivation behind it doesnt matter. It might be as simple as one team member becoming bored with the current technology and wanting to move to something new. It might seem selfish to say, I dont want to work on Java web apps that much anymore. Id love to work on mobile projects. But if it is brought up in a forum, youd be surprised how many others on the team feel the same way, including managers and product managers. Management may feel the organization needs to move to new technology to not fall behind, and product managers may be researching what competitors are doing, but neither group wants to bother the busy development team about it right now. Without a forum to raise an issue openly and honestly, this kind of idea goes underground. In the worst case, it festers as a frustrated team member complains to others or attempts to use subversive or manipulative methods to try out a new technology platform. Once the right stakeholders are informed and they buy in to a proposal, it can be a powerful technique to introduce change, even with self-serving motivations. Once Davids team had proposed and voted on a number of resolutions, the rule set expanded. This required categorization. Two potential categories are rules that govern the game itself, and rules that govern software development activities. In addition to the initial SDG rules, rules were added to govern rule changes, proposals (create or withdraw proposals), voting rules (what constitutes majority), and multivotes (tie breakers, etc.). For the software development activities, rules were grouped according to team policies (vision statement, processes to follow) and development standards (coding standards, code reviews, and build and testing activities). As the rule set expanded, roles were added so that team players could have ownership in certain areas of the game based on their expertise and interest level. For example, roles can involve facilitating game play itself, overseeing technical components of the software development system, and guiding product direction. Roles were expanded to include managers and other stakeholders when their participation was needed. The SDG evolved further to include gamification aspects for repeated tasks. Achievements for repeated tasks that might not be that pleasant were added as quests in the game. For example, business travel can be difficult and tiring, so the team decided to reward the top travelers on the team by giving them a shout out on the team wiki. There also were humorous booby prizes awarded to the last person who set off the building alarm or to the person who broke the build the most frequently. This particular SDG instance has evolved to incorporate more and more of the daily life of the development team, while providing structure around communicating issues and making decisions on how to move forward.
Why It Works
This isnt a one-team, one-time success story. David has implemented several SDG instances on different teams at different companies over the past few years. We have found that making the problem-solving and decision-making processes visible helps improve communication and reduces confusion. Much misunderstanding on development teams stems from differing expectations about what the team or individuals should accomplish and a lack of alignment toward organizational goals. Since decisions are democraticanyone can table an issue, the team votes on all changes, and decisions are bindingteam members feel included and valued as integral parts of the process. The SDG provides a framework for raising concerns and changing existing practices and tools in a way that helps teams cope with the changes in their external environment by adapting their internal practices as needed. Furthermore, if the team finds that the game framework itself isnt working for them anymore, they change the rules to improve it. Using game-like concepts in the workplace is a way to harness the natural behavioral dynamics that occur within groups. Since the game itself can be adapted, teams dont find themselves stuck with a rigid process that isnt appropriate for their new circumstances. Rules can be amended or even repealed if they no longer add value. Management and other leaders might be nervous about the SDG at first. It should be clear for both management and team members that the game only applies to areas over which the development team has ownership. The team shouldnt
1. Start off with simple game play rules (feel free to use our example). 2. Use a facilitator to guide game play, manage meetings, tally scores, and record and update rules. 3. Start simple, and let the game evolve. Dont try to do too much. Develop team policy and alignment to organizational goals. Consider using the game to help implement retrospective ideas. 4. Use the game to discover what your existing processes are, record and ratify them, and make them visible to all team members. 5. Dont let the rules become unwieldy: Try to keep rules brief and lightweight. If rules are too numerous, work on scaling them back. 6. As the game expands, introduce additional roles to help with administration.
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
17
contradict existing corporate policies or try to overturn decisions made by leadership. For example, team members cant just go and vote themselves raises and bonuses or decide on their own to scrap the existing product line. For areas that are governed by other stakeholders, the team can bring issues to their attention, but the existing organizational structure and policies should remain intact. (If leaders want to add the game to other areas, that is fine, but dont try to use the game to undermine them.) Leaders will find that the game can create clarity and coherence of their vision of the company and their product and service mix. Team alignment on actions and goals may increase, and the transparency on decisions means
its
management can review when and why certain technical directions were taken when proposals were voted in. An SDG helps teams make decisions, particularly if the teams are self-organizing. It also helps build team cohesion and encourages diversity of opinion and healthy dissent. If there are serious problems, an SDG can provide a framework to help a team change course on projects and tasks to reach organizational goals. A fabulous place to start using an SDG is to help implement changes after a retrospective. How many times do we have a great meeting after a release, outlining problems we encountered and possible solutions, only to forget about them until the next retrospective? In the meantime, we didnt do anything; we were too busy working on tasks. We had great intentions, but without a system to help us decide on courses of action and to measure progress, we forgot about our solution ideas. With an SDG, retrospective ideas can be implemented through the game, rather than forgotten until next time.
Conclusion
Software development processes can be difficult concepts to apply broadly. What worked for one team in its unique context may not work for your team. Adaptation is important in cases when a team tries out a process and finds that some practices dont work or that key components are completely absent. When processes fail, a convenient response is You need to do what works for you and your team. That makes sense, but what specific, concrete practices do you use to find out what process works for you? Weve had good success figuring that out for our teams by using the software development game. {end}
Test Process Improvement: Certification, IV&V, Test Metrics, and Testing to CMMI & ISO Standards
jonathan@kohl.ca davidmc@gmail.com
Since 1993, ALPI has empowered clients with innovative solutions delivered by our staff of flexible and creative professionals. Trainings are held at our state-of-the-art facility, located just outside of the Nations Capital, or onsite at your company location.
Contact training@alpi.com or 301.654.9200 ext. 403 for additional information and registration details
www.alpi.com
18
BETTER SOFTWARE SEPTEMBER/OCTOBER 2012
www.TechWell.com
So,
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
19
I
ISTOCKPHOTO
t seems like every week the press has yet another story about security breaches or stolen data at some of the worlds largest companies or government agencies. Sometimes the responsibility for ensuring thorough security resides with an IT security group, and other times it gets outsourced altogether. The responsibility seldom falls to testing teams. However, this is changing. Having trained and experienced testers hunt for security bugs will make web applications safer from hackers and will further protect consumers, corporate assets, and brands. Security testing techniques are not well known to many traditional functional testing teams because there are relatively few opportunities to learn them compared to learning functional testing. And, security testing is more difficult to perform than functional testing for reasons including: vague security requirements for many applications; low-level, technically challenging testing approaches; and security testing tools that are difficult to set up and configure. A major consideration for any security testing strategy is that every architectural layer of an application is vulnerable in different wayssome are more easily penetrated and
20
BETTER SOFTWARE SEPTEMBER/OCTOBER 2012
exploited than others. These layers are known as the attack surface and will be different for different web applications because of the varying architecture, frameworks, and languages in use to develop them. Hackers trying to penetrate your web applications must know as much as possible about your applications attack surface. The attackers methods are numerous and constantly evolving, so testers need to think in similar ways when approaching security testing. Approaching testing in a progressive and creative manner is perhaps one of the greatest challenges for security testers. To keep up with the efforts of hackers, testers must utilize not only traditional and time-tested tools but also the newest tools available. This can be a daunting task because of the nature, variety, and number of tools available for security testing. This article covers a few of the basic freeware tools available for web application security testing. These tools can stand alone or serve as a foundation for the adoption of more mature tools within your organization. Building upon this small set of tools over time will ensure the widest possible set of protective mechanisms for your security testing certification processthe rigor that must be executed and passed prior to release.
www.TechWell.com
Just as with other types of testing, it is important to know that you cannot prove the nonexistence of security defects. Exhaustive security testing is impossible, due to the diverse nature of the attack surface and the number of possible variables that can be manipulated across that surface. However, there are categories of attacks that tend to be more popular due to their effectiveness. Two specific web application vulnerabilities that you should be aware of are SQL injection and cross-site scripting (XSS). An excellent primer to these vulnerabilities can be found at the Open Web Application Security Project (OWASP) [1]. The OWASP testing guide [2] is one of the best resources available on web application security and vulnerability testing. It is several hundred pages long, so do not expect to master every testing mechanism right away. Preparing for an effective security testing strategy includes getting familiar with a few core tools, such as the Firefox browseryes, the same Firefox browser you use to verify the functional behavior of web applications. This browser is perhaps the best all-around beginners tool that can be used to test the security of a web application. This is largely due to an ecosystem of browser plug-ins specifically built for security
testing tasks, including two free Firefox add-ons that every security tester hunting for web-based vulnerabilities must have: SQL Inject Me and XSS Me. SQL Inject Me allows you to test for SQL injection vulnerabilities that hackers can use to hijack your data and modify the contents of a database. Some of these vulnerabilities will even allow an attacker to execute administrative operations on the database, which is disastrous. Typically, the web applications that are the most vulnerable to SQL Injection are those written in PHP or ASP, but this vulnerability affects other languages as well. The XSS Me tool will check for XSS vulnerabilities that can allow a hacker to gain elevated privileges within your web application or within other applications connected to your web application. These two tools alone will not allow you to test for every type of SQL injection and XSS vulnerability, but they will allow you to establish foundational testing practices for both categories of vulnerabilities. Once you have mastered the functionality of these tools, you can adopt tools that expand this functionality, such as Metasploit and Nexpose, both of which have freeware versions available. Once you have prepared a tool to perform SQL injection
SEPTEMBER/OCTOBER 2012 BETTER SOFTWARE
www.TechWell.com
21
testing, you need to determine how best to formulate attack strings that you can feed through the tool. Some tools already have a library of such strings that the tools automatically feed into your application under test. For the tools that do not, you must prepare your own SQL language attacks. This is not a trivial task, as there are many types of SQL injection attacks. The SQL injection attack is a form of a code injection attack, which means that rogue or malicious code is injected into the database layer through the client application. There are many resources on the web for advice on how to test for SQL injection vulnerabilities. (ITSecTeam.com has a very good paper on it [3]). The testing of XSS involves checking whether a malicious
GET A TESTING
RESULT YOUR
script can be injected into the parameter of a web request, such as an HTTP GET request. Initially, this attack is typically performed right in the browsers URL bar, which allows a hacker to determine quickly if your application is susceptible or not. There are actually two types of XSS attacks, reflected and stored. A reflected attack means that the injected code is reflected off of the web server and back to the user, typically via an email link that the user clicks. A stored attack means that the injected code is already sitting in a database or some other repository and the user inadvertently retrieves it when he fetches data from the database. The XSS Me tool will only help you test for reflected attacks. It will not help with stored attacks, so keep that in mind when planning your security testing strategy as you will want to adopt some other tool or penetration testing method to check for stored attacks. When you are ready to adopt some advanced security testing tools, you should take advantage of another freeware tool called WebScarab. This tool is part of OWASP and has multiple features that will allow you to test for various categories of vulnerabilities. Its non-intuitive user interface is somewhat difficult to use, but it is a popular tool among the web application security testing community. The main benefit is that it allows for the interception and manipulation of HTTP traffic. This class of testing falls under the Your CEO will love you when you show them category of fault injection, which simply how you can achieve an outstanding testing means that you are manually injecting ROI with ISTQB Software Tester Certication. carefully crafted faults into a request or a data stream. While WebScarab offers With the average cost of a software defect in the range many diverse features for security testing, [1] of $4,000 $5,000 , if ISTQB Certication helps your be aware that it will take some time to tester eliminate even just one defect, the result is get familiar with and understand many of nothing less than, well, loveable: an ROI of up to 2000%. the features. ISTQB Software Tester Certication is the most widely Many of these tools have features recognized and fastest-growing software tester that need to be studied and understood certication in both the U.S. and the world. Discover before trying to utilize them. There is no how ISTQB certication can pay for itself in a matter sense trying to apply an advanced testing of days: Thats a testing result any CEO will love. mechanism without knowing how to interpret the testing results on your particular application. It is best to start slow Want an even better ROI? Learn more and master one or two testing features at Take advantage of our new now at a time before moving on. Volume Purchase Program. Another free OWASP tool is Mantra, www.astqb.org an open source, browser-based framework for penetration testing. Mantra offers a large number of plug-ins that can be used for various categories of testing, such as information gathering and application auditing. Both SQL Inject Me and XSS Me plug into the Mantra framework as well. In addition, Mantra offers tools [1] Capers Jones, A Short History Of The Cost Per Defect Metric, Randall Rice, that can interrogate network and proxy The Value of ISTQB Certication
BETTER SOFTWARE SEPTEMBER/OCTOBER 2012
22
www.TechWell.com
information. There are approximately fifty tools available as plug-ins to the Mantra framework. The best part about Mantra is that OWASP provides some very good documentation supporting the proper usage of each tool, which is valuable for beginning and intermediate testers alike. Additionally, there are a number of free web application vulnerability scanners, such as Websecurify, Netsparker Community Edition, and w3af. These scanners allow you to identify common vulnerabilities through a scanning mechanism, interpret the results, and perform some deeper tests to further explore the vulnerabilities discovered. There are varying features across these tools and, again, it will take the beginner a while to come up to speed. Do the proper due diligence around each category of vulnerability that each tool helps identify so that you understand the severity and the risks. Thorough security testing is a complicated and technical undertaking, but with some incremental first steps, testers can begin to master some critically important techniques and tools that increase the security of web applications and make it more difficult for hackers to gain access. Over time, your organization can develop a secure testing methodology that is complemented by a set of tools that act as a line of defense for your applications prior to release to production. As with many other aspects of testing, security testing is most effective when done by different individuals who specialize in certain types of testing methods. This allows for the development of a diverse set of tests from a diverse set of testers. The main
objective for those taking on a security testing role is to develop a set of comprehensive security regression tests that can be iterated on and expanded over time to further protect your users and corporate brand from the risks of insecure software. Security testing is a comprehensive discipline that requires a great deal of study and experimentation to master and, as noted above, there are literally hundreds of tools available to help. While you can achieve a foundational level of effectiveness by using the tools presented here, you will need to supplement them with a more comprehensive strategy. This could include outsourcing some security testing tasks to an expert testing organization or through your internal corporate IT security group. Learning a new testing discipline is a journey. Once you become familiar with some of the foundational techniques of security testing and the right tools, your testing organization will be well on its way to providing another safety net protecting your organizations consumers and corporate assets. {end}
scott.aziz@ust-global.com
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
23
hat springs to mind when you hear the word governance? For many people, its bureaucracy. They see a thick manual of policies and checklists, a central committee that delays decisions, or an endless round of audits and compliance checks. The next thing that comes to mind is skunkworkshow do we go underground to avoid the governance police? It doesnt have to be like that. Governance isnt about compliance. Its about making good decisions in an efficient way.
What Is Governance?
My preferred definition comes from the Institute on Governance [1]. Theyve defined governance as the process whereby societies or organizations make important decisions, determine whom they involve and how they render account. This identifies four key aspects to governance: 1. Defining which decisions are importantSome decisions have a large impact on whether we achieve our goals. Most dont. Good governance ensures we focus our energy on the important decisions.
24
BETTER SOFTWARE SEPTEMBER/OCTOBER 2012
2. Defining who makes these decisionsHow much time have you seen wasted on demarcation disputes? How many decisions have you seen fall through the cracks because no one took responsibility for them? Good governance ensures that lines of authority are clear. 3. Defining due processIf the decision-making process is clear, we dont need to spend time making it up as we go along. We can focus our energy on analyzing our options and balancing trade-offs. If people can see that weve followed the agreed process, then theyre less likely to challenge the resulting decision and we wont waste time revisiting old decisions. 4. Accounting for outcomesAccountability is not the same as blame. Good governance builds in feedback loops. It ensures that we track the outcomes of decisions and, hence, refine those decisions as we learn more. Equally, it ensures that we monitor and refine the decision-making process itself. Software development is knowledge work. Its all about decisionswhich features to prioritize and which to delay,
ISTOCKPHOTO
www.TechWell.com
which design trade-offs to emphasize, where to allocate our effort, and so on. Good governance ensures that we make these decisions as effectively as possible. We involve the right people in the right way, and we learn and refine as we go along. Conversely, poor governance leads to poor decision making. We waste time on trivial decisions. We involve people who lack the necessary expertise and understanding. We define bespoke processes for every decision. We get bogged down in politicking and infighting as people argue about decision rights. And, at the end of all this, were left with decisions that dont stick, either because they lack legitimacy in the eyes of key stakeholders or because they arent grounded in solid evidence and analysis. The sad fact is that organizations that dont address governance end up spending a lot of time on it. They discuss it afresh for each decision as they design the decision-making process and argue about decision rights. Theyre then left with little time to gather data, analyze options, and make the decision, so they make bad decisions.
Central or Devolved?
How is it that governance often turns into bureaucracy? This tends to happen when people equate governance with centralized control. They reason that centrally enforced policies, priorities, and standards make it easier to ensure that everyone acts in a way that aligns to corporate goals. Further, they reckon that centralization builds consistency, making it easier to coordinate distributed teams and move work or people between teams. Theres some truth in this, but there are also countervailing pressures. For example, devolving decision making to individuals and teams ensures that decisions will be more closely attuned to local circumstances. It also shortens the chain of command, allowing people to make decisions more rapidly. Such speed and situational awareness are often key requirements for good decision making. Many executives find devolved decision making scary. Things move quickly and not always in the direction they expect, but this may just reflect the realities of software development. Local nuances can have a large impact on the effectiveness of a team or the validity of a solution. In such cirSEPTEMBER/OCTOBER 2012 BETTER SOFTWARE
www.TechWell.com
25
cumstances, centralization merely gives the illusion of control. Defining appropriate governance structures, then, is about balance. We need to balance the benefits of centralized and devolved control. Here are some factors to consider when doing this: ConsistencyIs it important to make consistent decisions across multiple teams? Centralized governance mechanisms make this easier. For example, a central body might set standards for user interface design. AlignmentDo you want to ensure that everyone is focused on common priorities and objectives? Again, centralized decision making can make this easier. So, you might set up a central portfolio management office to decide which projects to prioritize. ExpertiseDo you need specialist expertise to make certain decisions or to carry them out? If that expertise is rare, then you might put people into a central pool where you can manage their utilization carefully. This is common for groups like legal teams and things like specialist equipment and tools. SpeedIf decisions need to be made quickly, then you want to reduce the length of the chain of command. So, devolved governance mechanisms make a lot of sense. Situational awarenessMany decisions are influenced by contextdifferent customers need different types of support, different teams have different strengths and weaknesses, etc. People who are close to the situation are better able to weigh the factors and make appropriate decisions. This favors devolved governance. Scope for consultation and guidanceIt doesnt have to be all or nothing, central or devolved. You can create intermediate structures by centralizing some aspects of a decision and devolving others. For example, people may make decisions locally but use centrally defined guidelines. Or, an organization might decide centrally after consulting with teams and individuals locally. The balance point will vary from organization to organization, as factors such as culture, market environment, and the mix of products and technologies come into play. It will also vary from decision to decision within a single organization. Good governance builds a range of decision-making mechanisms, each tuned to different circumstances. The balance point might also be dynamic. For example, if youre experimenting with a new technology, then it probably makes sense to devolve decisions initially while teams learn how to handle it. But, as understanding grows, you might want to centralize some decisions in order to ensure consistent application of your newfound knowledge. It can even make sense to rotate between the two poles. This can help transfer knowledge. People bring local knowledge from the field and share it more widely when they centralize. They then build specialist skills to take back into the field when they next decentralize. I havent seen many organizations that are smart enough to do this consciously, but it might be the main benefit they get from their regular reorganizations.
26
BETTER SOFTWARE SEPTEMBER/OCTOBER 2012
graham@grahamoakes.co.uk
References
www.TechWell.com
Product Announcements
TeamForge ALM
CollabNet, an enterprise cloud development and agile ALM products and services company, announced a new release of its TeamForge ALM platform. The new version incorporates new tools and functionality to help IT organizations better manage, collaborate, and drive value using hybrid development processes and environments. TeamForge now offers the industrys only combined platform for Git and Subversion usage and management. Other new features include integrated code review and search, and enterprise planning and reporting to help orchestrate hybrid development processes and DevOps both on-premise or across any cloudprivate, public, or internal. Using TeamForge, enterprise IT organizations can leverage a mix of technology processes, commercial and open source tools, and deployment applications through both onpremise deployments or as an offering within its CloudForge enterprise cloud platform. TeamForge now natively embeds a number of newly added open source tools, including Git, Gerrit, and ReviewBoard, commercial partner tools, including Black Duck Code Sight(TM), as well as enhancing its Jenkins/Hudson integration. These newly added tools work completely within the TeamForge platform to orchestrate and integrate cloud services, such as build, test, and code sharing, into a teams development processesfrom public or private clouds, such as Amazon EC2 and CloudForge. recovery policies and processes for dynamic management of deployment failures.
www.acunote.com/plans-and-prices
www.collab.net/products ElectricDeploy
Electric Cloud, a DevOps automation company, announced ElectricDeploy(TM), a solution that automates application deployments with built-in fail-safe capabilities, helping customers deploy applications faster and with higher quality. ElectricDeploy is built and tightly integrated to Electric Clouds ElectricCommander platform providing end-to-end application delivery automation. The new product automates and standardizes application deployments across all environmentsDev, QA, pre-production, and production by modeling applications, related environments, and processes that deploy and recover applications. This model-driven approach reduces the variability of deployments across multiple environments, enabling teams to reliably and more rapidly deploy applications. ElectricDeploy also provides centralized visibility and control of deployments, allowing teams to manage and track release processes across the application delivery lifecycle. Additionally, ElectricDeploy reduces the occurrences and impacts of deployment failures in production environments through its fail-safe features by refining deployment processes throughout the application delivery pipeline from development to operations. These fail-safe features integrate three distinct capabilities: Code-Safe offers run-time debugging capabilities to interactively refine deployment processes; RunSafe lets teams define success and failure thresholds for application deployments so that deployments can account for real-world solutions; Recover-Safe enables teams to define
www.accurev.com | info@accurev.com
SCM
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
27
Product Announcements
Kendo UI Complete
Kendo UI, a new product from developer tools and solutions provider Telerik, unveiled its next major release of Kendo UI Complete, a collection of Web, DataViz and management tools for professional software developers. With this release, Kendo UI adds support for tablet UIs and debuts server-side wrappers for ASP.NET MVC in order to extend and simplify development of HTML5 and JavaScript mobile apps and sites. This new release also adds server-side helpers for ASP. NET MVC, enabling developers to incorporate and configure Kendo UI via familiar server-side programming, while still producing apps that benefit from the client-side power of Kendo UI and HTML5. While Kendo UI works with any server-side technology, some developers are less comfortable in JavaScript and CSS, but feel very capable when working inside of a server-side language. These wrappers ensure that developers who prefer to build apps from their own server-side language, can do so quickly. Developers using the new ASP. NET MVC wrappers can take full advantage of server-side framework features and coding conveniences, while targeting both desktop and mobile devices using the cross-platform power of modern HTML5, CSS3 and JavaScript. Kendo UI Complete for ASP.NET MVC is the first of what the company plans to be a collection of server-side helpers for different
platforms, including Java and PHP, all designed to maximize developer productivity with HTML5.
et Agile w. G o aining N Tr
CollabNet has an unparalleled track record of success helping enterprises successfully adopt Agile. Our trainers and coaches, internationally recognized as leading experts in the Agile community, have trained more Certified ScrumMasters than anyone in the industry. Agile Process Scrum Certification Private Agile Coaching View our free agile training: www.collab.net/getagilevideos
www.bredexsw.com Terraform
UrbanCode, an enterprise build, deploy, and release automation company, announced the launch of Terraform. The open source software, made available under the Apache 2.0 license, allows for one-click provisioning of environments for IT teams. Terraform lets teams slash environment provisioning times from weeks to minutes by automating time-consuming operations. Terraform currently works on top of Amazon EC2 and VMWarevSphere, with integrations for additional providers planned for future releases. Terraform exposes provisioning of an environment as a self-service. By reducing the time needed to provision environments, teams are now able to test scenarios faster. saving money by detecting issues sooner, and delivering more often. Terraform also lets users track changes easier and promote topology changes just like code changes. Other features include: open source, free software; the ability to works on top of Amazon EC2 and VMWarevSphere, with additional pro-
28
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
Product Announcements
viders on the way; configuration management via integrations with Puppet and Chef; and virtual environment provisioning with the push of a button.
dashboards that are specifically designed for application lifecycle management (ALM) and IT Service Management (ITSM) processes. With this release, customers now have an enterprise dashboard tying together all Serena technologies, including performance metrics of both mainframe and distributed systems. The new Serena IT Dashboard offers built-in best practices, along with easily configurable views, so IT executives can avoid the let-down of BI initiatives, and instead quickly deploy an enterprise IT intelligence solution that easily adapts to their changing environment. Integrating with the mainframe, and now also available on tablets, smartphones and laptops, Serena IT Dashboard delivers IT intelligence with BYOD (bring-your-own-device) efficiency.
www.rallydev.com MonkeyTalk
Gorilla Logic, an enterprise application development and testing company, released its latest version of MonkeyTalk, which provides open source application testing. MonkeyTalk Beta 5 features comprehensive script recording and playback support for testing any HTML-based browser application,and any Adobe Flex application. This new version of MonkeyTalk now makes it possible for QA analysts and developers to perform functional tests of their apps for iOS, Android, HTML5, and Adobe Flex with one tool. Released in March of this year, MonkeyTalk has been downloaded more than 10,000 times and is being used to automate application testing and ensure the quality of iOS, Android, and mobile web applications that businesses depend on to make great impressions on their customers. MonkeyTalk records and plays back all user interactions on iOS, Android, and now desktop-browser apps.
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
29
Product Announcements
consumed and dynamically configured by end-users at run time. Cloud Integration Templates are a key component of the Informatica Cloud Developer Edition, and will be made available along with other productivity assets on the new Cloud Integration Developer site. This release also increases the number of native cloud connectors and broadens support for the Informatica Cloud Data Loader Service. Informatica Cloud Summer 2012 introduces new enhancements to the Cloud Connector Toolkit for building and delivering high-performance native connectivity to cloud or onpremise business and social applications. Customers, ISVs, and SIs can now take advantage of new connectors for Eloqua, Workday, Netsuite, and Web Services. The Cloud Connector Toolkit also supports new advanced hierarchical data modeling, which allows applications with complex object relationships to make use of new data integration scenarios.
With CloudForge, developers and operations teams alike can migrate their projects and data to the cloud, and deploy to their PaaS or datacenter. For the first time, development teams can instantly provision and integrate their tool stack of choice, including hosted tools like Apache Subversion (SVN), Git, Trac and TeamForge, and integrated applications like Atlassian JIRA, Basecamp and Rally Software. Administrators gain a single-pane view of cloud resource consumption, activity and project progress, and critical data needed to manage team-based development.
www.cloudforge.com OpenStack
Rackspace, a cloud computing company, announced the availability of cloud databases and cloud servers powered by OpenStack, along with a new control panel. Customers can now select from private, public, or hybrid offerings and can deploy their solutions in a Rackspace data center or another data center of their choice. All of Rackspaces open cloud products can be accessed through the new control panel. The control panel allows customers to manage both existing and new cloud products as they emerge. In addition, customers now have the ability to use the open Rackspace cloud in hybrid or private cloud instances. Customers can choose the best platform for their applications by realizing the power of hybrid computing through RackConnect. This solution allows the flexibility and elasticity of the open cloud, as well as the enhanced security and performance characteristics of traditional hosting on dedicated hardware. RackConnect provides integration between public and private clouds within Rackspace and the open cloud provides open standards to help customers use hybrid hosting between clouds located anywhere.
www.informatica.com/us CloudForge
CollabNet, an enterprise cloud development and agile ALM products and services company, launched the commercial version of its CloudForge development-Platform-as-a-Service (dPaaS). The new CloudForge interface combines a consumerlike user experience with the security and management needed to bring cloud development to the enterprise.
www.klocwork.com/products/insight
30
BETTER SOFTWARE
SEPTEMBER/OCTOBER 2012
www.TechWell.com
DUO
DYNAMIC
www.sqe.com/betteragileeast
PMI members can earn PDUs at both events
JULY/AUGUST 2012 BETTER SOFTWARE
save Up TO $200
The Larger The group The More You Save
www.TechWell.com
31
Conference schedule
Build your own conferencemulti-day training classes, tutorials, keynotes, conference classes, Summit sessions, and morepacked with information covering the latest technologies, trends, and practices in agile methods and software development.
sunday
Software Tester CertificationFoundation Level Training (3 days) Certified ScrumMaster Training (CSM) + PMI-ACP (2 days) Product Owner Certification (2 days) Agile Testing Practices (2 days) Fundamentals of Agile Certification (2 days) Bonus session: From Practitioner to Published Author: A Workshop About Writing About Software
MondayTuesday
36 In-depth half- and full-day Tutorials Multi-day training classes continue
wednesdayThursday
4 Keynotes 48 Conference Classes Networking EXPO Special Events and More!
The eXpO
Visit top industry providers Offering the latest in software solutions
www.sqe.com/betteragileeast RegisteR eaRly and save up to $200! 32 BETTER SOFTWARE JULY/AUGUST 2012 www.TechWell.com
From beginner to expert there was something for everyone. From beginner to expert there was something for everyone.
Pollyanna Pixton
Program Chair
www.sqe.com/betteragileeast www.TechWell.com
33
Ways save
Register for either conference, remit payment on or before October 5, 2012, and save up to $200 off your registration fees (depending on conference package selected). Call the Client Support Group at 888.268.8770 or 904.278.0524, email them at sqeinfo@sqe.com, or register now online.
Training + Conference
Attend any of the training courses + the conference and save $300 (already reflected in conference pricing).
Group savings
Please Note: We will always provide the highest possible discount and allow you to use the two largest discounts that apply to your registration.
Silver Sponsors:
RegisteR eaRly and save up to $200! www.sqe.com/betteragileeast 34 BETTER SOFTWARE SEPTEMBER/OCTOBER 2012 www.TechWell.com
by Dale Perry
dperry@sqe.com
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
35
www.TechWell.com
plate (VPAT) is a great resource for the entire product development team, especially the test team. Developed in 2009 and owned by the Information Technology Industry Council, the VPAT lists the requirements for Section 508 to accommodate for accessibility in the product under development. The tester should ensure this template is discussed up front with the business, design, and development teams so everyone is on the same page about incorporating the requirements in the product. When included in your accessibility test efforts, VPAT is almost like a certification for your products compliance with Section 508. Consider Collaboration: To elicit valuable feedback, you can work with organizations that support people with accessibility issues. At our company, we work with the Blind Relief Association in India to engage the visually challenged in our accessibility test efforts. This has helped us not only evaluate a products accessibility by the visually impaired but also provided equal employment opportunities for the disabled. As a side benefit, such collaborations have gone a long way in encouraging our employees to actively participate in our corporate social responsibility mission. As you read about accessibility testing, it is important to understand and differentiate accessibility from usability, at
least at a high level. Accessibility is about promoting access to a product and its contents to a group of people who might otherwise be deprived of the same. On the other hand, usability is about promoting a products user experience and intuitiveness. It is really difficult to say that one is more important than another. What is important is to understand the underlying differences and work toward building a product that is both accessible and usable. Take a moment to ponder the points listed above. Some are pure science on specific disabilities that need to be accommodated, some are pure art in terms of working with end-users to elicit feedback, and some are a combination of art and science with your hands-on accessibility testing efforts. When you arrive at the right balance in your overall accessibility test efforts and collaborate with your product development team and end-users, you are in a position to create a product that is accessible to one and allleaving no one behind! {end}
index to advertisers
AccuRev Agile Development Conference East 2012 Alp International ASTQB Better Software Conference East 2012 CollabNet Hansoft Hewlett-Packard Polarion SQESTAR Canada 2012 SQE TrainingLive Virtual TechExcel Telerik VaraLogix Wipro www.accurev.com www.sqe.com/AgileDevPracticesEast www.alpi.com www.astqb.org www.sqe.com/BetterSoftwareEast www.collab.net/getagilevideos www.hansoft.se www.hp.com/go/cloudservices www.polarion.com/qa www.sqe.com/StarCanada www.sqetraining.com/VirtualTraining www.techexcel.com www.telerik.com/html5-testing www.varalogix.com www.wipro.com 27 3134 18 22 3134 28 1 Back Cover 29 8 Inside Front Cover 2 5 30 23
www.TechWell.com
SEPTEMBER/OCTOBER 2012
BETTER SOFTWARE
37
Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. 38 BETTER SOFTWARE JULY/AUGUST 2012 www.TechWell.com