Академический Документы
Профессиональный Документы
Культура Документы
PR va T Ente
BE CTIC ting rise
Fo
Ja the
A es rp
ST ES
r
:
VOLUME 5 • ISSUE 2 • FEBRUARY 2008 • $8.95 • www.stp
SPRING
A BZ Media Event
www.stpcon.com
SUPERB SPEAKERS!
Michael Bolton • Jeff Feldstein
Michael Hackett • Jeff Johnson
Bj Rollison • Rob Sabourin
Mary Sweeney • Robert Walsh
AND DOZENS MORE!
www.empirix.com/freedom
VOLUME 5 • ISSUE 2 • FEBRUARY 2008
Contents A Publication
14
C OV E R ST ORY
Battle of the Defect Trackers:
Bugzilla Takes On Trac
Two open source defect trackers face off. Learn what makes both of these
tools bug-eating behemoths. By Elfriede Dustin
20 Multi-User
Testing Rocks!
Multi-user testing is crucial for every
application that uses a relational
database. Don’t worry, the process can
be fun and exciting.
By Karen N. Johnson
29
Seeking
Depar t ments
7 • Editorial
SOA Profit Worried about shifty politicians? Maybe
defect-tracking tools can keep them honest.
With SOA, the quest
for quality is the key 8 • Contributors
to a healthy ROI. Get to know this month’s experts and the
By Frank Grossman best practices they preach.
25
9 • Feedback
Making Sense Of It’s your chance to tell us where to go.
Chaos Reports
11 • Out of the Box
Since 1994, the Standish Group has
33
New products for testers.
published its annual Chaos Report,
documenting the IT industry’s in-
36 • Best Practices
efficiencies. Before you panic, read
our own report on where those Manual Test Java Web apps have changed everything about
Defect Tracker
VOLUME 5 • ISSUE 2 • FEBRUARY 2008
EDITORIAL
Editor Editorial Director
Edward J. Correia Alan Zeichick
For Politicians
+1-631-421-4158 x100 +1-650-359-4763
ecorreia@bzmedia.com alan@bzmedia.com
ART & PRODUCTION By the time you read this, defects, I wouldn’t vote to
Art Director Art /Production Assistant Super-Duper-Kalamazoop- deploy that product into
LuAnn T. Palazzo Erin Broadhurst
lpalazzo@bzmedia.com ebroadhurst@bzmedia.com
er Tuesday will likely be in the Oval Office.
the history books. I’m As in software, political
SALES & MARKETING referring of course to what defects can be minor or
Publisher we in the U.S. call “Super severe. Minor defects
Ted Bahr Tuesday,” the day in might include crying on
+1-631-421-4158 x101
ted@bzmedia.com
February on which people TV, having an extramarital
of the major political par- affair or experimentation
Associate Publisher List Services
David Karp Lisa Fiske ties from about 20 states with drugs early in life.
+1-631-421-4158 x102 +1-631-479-2977 vote in the presidential pri- While these things might
dkarp@bzmedia.com lfiske@bzmedia.com mary. Primary votes prior Edward J. Correia offer commentary on one’s
to Super Tuesday take place one state at character, they alone would not stop a
Advertising Traffic Reprints
Phyllis Oakes Lisa Abelson a time. It’s all part of the American project from being released.
+1-631-421-4158 x115 +1-516-379-7097 process of deciding who gets to run for But severe bugs might, and would
poakes@bzmedia.com labelson@bzmedia.com president, the nation’s highest office. get top priority when discussing and
Director of Marketing Accounting
As someone who follows national questioning the candidate. Such things
Marilyn Daly Viena Ludewig politics to a flaw (just ask my daughter), might include being caught in a lie
+1-631-421-4158 x118 +1-631-421-4158 x110 I sometimes have a tough time keeping (particularly while under oath), any
mdaly@bzmedia.com vludewig@bzmedia.com
track of candidates’ positions (which type of fiscal malfeasance or too many
are often numerous). Where does each flip-flops on important issues.
READER SERVICE
one stand on the economy, national Just as desired software features
Director of Circulation Customer Service/
Agnes Vanek Subscriptions security and other important issues of change over time, candidates too have
+1-631-443-4158 +1-847-763-9692 the day? And how does their current been known to change their positions
avanek@bzmedia.com stpmag@halldata.com position differ from things they’ve said on the issues, particularly as shifts in
and done in the past? political climate affect public opinion.
Cover Photograph by LuAnn T. Palazzo
Animatronic Godzilla Appears Courtesy of the
As I edited this month’s cover fea- In the days and months after the attacks
Daniel J. and Naomi Pagano Collection, NY ture, it occurred to me that the same of 9/11, most Democrats and
tools we use for tracking software Republicans were in agreement that the
defects could also be applied to tracking U.S. should invade Afghanistan and
politicians. Enter FlakTrak, a new Iraq. Now most disagree.
defect-tracking system I just invented to Similar flip-flops can be seen on
help me keep abreast of where our lead- abortion, POW detention, illegal immi-
President BZ Media LLC
Ted Bahr 7 High Street, Suite 407
ers stand. gration, taxes, global climate change
Executive Vice President Huntington, NY 11743 Here’s how it works. The first time a and “corporate greed.” When a candi-
Alan Zeichick +1-631-421-4158 politician takes a position on an issue, date switches position, either a bug is
fax +1-631-421-4130
www.bzmedia.com it’s entered into FlakTrak and assigned resolved or a feature fails a regression
info@bzmedia.com to that politician. If it’s a position I agree test, and a new defect is logged.
with, it’s resolved immediately and
Software Test & Performance (ISSN- #1548-3460) is
published monthly by BZ Media LLC, 7 High Street,
becomes a feature. Promises to reduce Historically Significant
Suite 407, Huntington, NY, 11743. Periodicals postage taxes, build a border fence and win the For the first time in 80 years, the field of
paid at Huntington, NY and additional offices.
war in Iraq fall into this category. candidates does not include an incum-
Software Test & Performance is a registered trade-
mark of BZ Media LLC. All contents copyrighted If a candidate takes a position I dis- bent president or vice president.
2008 BZ Media LLC. All rights reserved. The price agree with, a bug is created and Interestingly, there’s one candidate who
of a one year subscription is US $49.95, $69.95 in
Canada, $99.95 elsewhere. assigned to that politician. Raising in 1928 was only eight years from being
POSTMASTER: Send changes of address to Software taxes, granting rights to illegal aliens or born. The first few issues he would
Test & Performance, PO Box 2169, Skokie, IL 60076.
Software Test & Performance Subscribers Services calling for surrender, for example. find in his queue would be called
may be reached at stpmag@halldata.com or by
calling 1-847-763-9692.
These all would be classified as defects. McCain-Feingold, McCain-Kennedy and
If a candidate has too many unresolved McCain-Lieberman. !
Source Defect-
cle, I’ll explore how to evaluate and choose a tool using a
defect-tracking tool as an example, enumerate reasons why
open source tools can be a viable solution, and describe an
example comparison of two of the “top” open source defect
Tracking Tools—
tracking tools: Bugzilla and Trac.
Recently, I was tasked with evaluating defect-tracking tools
for a client. We generally approach any type of tool evaluation
strategically, as follows:
www.stpmag.com • 15
BUGZILLA VS. TRAC
FIG. 1: BUGZILLA DEFAULT WORKFLOW (V.3.0) are holding sway with more and more
companies. Advantages of open source
include:
• No licensing fees, maintenance or
New bug from a user with can confirm or
a product without UNCONFIRMED state. restrictions
Unconfirmed • Free and efficient support (though
Bug confirmed or
receives enough votes
varied)
Bug is reopened,
• Portable across platforms
Developer takes was never confirmed • Modifiable and adaptable to suit
possession your needs
New • Comparatively lightweight
Development is • Not tied to a single vendor
Ownership Developer
is changed takes finished with bug Licensing. Trac is distributed open
possession source under the modified BSD
Possible resolutions:
FIXED License (trac.edgewall.org/wiki/Trac
DUPLICATE
Assigned License), a “commercially friendly”
WONTFIX
WORKSFORME
license sometimes known as a “copy-
INVALID Development is center” license (take it to the copy cen-
REMIND finished with bug ter and copy it). It permits changes to
LATER
be made to source code and kept or
Developer takes
distributed commercially with few
possession Resolved restrictions.
Issue is
resolved Bug is closed Bugzilla is covered by the Mozilla
QA verifies
Public License (www.mozilla.org/MPL),
QA is not satisfied
with solution solution worked which is sometimes described as a
BSD/GPL hybrid. This so-called “weak
Bug is reopened
Reopened Verified copyleft” license requires copies and
changes to source code to remain
under the MPL, but permits such
Bug is reopened
Bug is closed changes to be bundled with propri-
etary components.
Closed Support. During my Bugzilla and
Trac evaluations, my questions were
Source: wikipedia.org
often answered within minutes, solv-
ing any issues I ran into from the sim-
good experience with a specific tool ucts, lack of control over improve- ple to the complex.
that meets high-level requirements, ments, and licensing costs and restric- In my experience working with
longevity and user base criteria tions. commercial tool vendors, support is
described. And while a few of those downsides usually more complicated. It can take
Using these criteria, I narrowed the might be applied to some open source days before a support specialist
field from the scores of defect-tracking projects, the advantages of leveraging the addresses an issue, and there is some-
tools to four: two commercial and two open source community and its efforts times an extra cost or annual mainte-
B
open source. This article compares
and contrasts the latter two, Bugzilla
UGZILLA: THE 2007 TESTERS CHOICE
and Trac. Coincidentally, Bugzilla is
widely used by the open source com- Bugzilla was at the top of the 2007 Testers Choice Awards, as noted in the December 2007
munity (in Mozilla, Apache and edition of this magazine.“Bugzilla, competing in a category with commercial products devel-
Eclipse) and was selected “Testers oped by companies with infinitely more money and resources than the open source commu-
Choice” by the readers of this maga- nity from whence it comes,” writes Edward J. Correia of the product. “Originally written in
zine, announced in the December Tcl by Terry Weissman, Bugzilla began its life in 1998 as a replacement for the defect track-
issue (see “Bugzilla: The 2007 Testers er used by Netscape for the Communicator suite (it surely must have been quite loaded).
Choice” sidebar for more).
“Thinking another language might get more traction with the community, Weissman decid-
COTS vs. Open Source ed to port it to Perl, resulting in Bugzilla 2.0. As the Wikipedia story goes, Weissman in April
Commercial off-the-shelf solutions cer- 2000 handed the project off to Tara Hernandez, who succeeded in gaining more participa-
tainly have their advantages, including tion from the development community. She handed it off to its current custodian, Dave
published feature road maps, institu- Miller, and the rest is history. Bugzilla won our top spot in the free test/performance tools
tionalized support and stability category.”
(whether real or perceived). But buy-
ing from a software vendor also has its Download back issues of ST&P, including the December 2007 issue, at www.stpmag.com
downsides, such as vendor lock-in, lack /backissues2007.htm
of interoperability with other prod-
nance contract to be kept current. according to Wikipedia. It’s employed And with the release of Bugzilla 3.0,
Adaptability. Trac is written in Python for many projects in the public and pri- Trac and Bugzilla both now allow for
(www.python.org). First released in 1991 vate sectors, and is widely used to pro- modification and customized fields.
by Guido van Rossum, this dynamic gram Web applications of all stripes. Community. Trac is hosted at edge-
object-oriented programming language Perl is a high-level programming lan- wall.org and maintained by a communi-
can be used for all types of soft- ty of developers who collabo-
ware development. It offers TABLE 1: DEFECT-TRACKING TOOLS COMPARED rate on projects based on
strong support for integration Python. Edgewall.org is per-
Defect-Tracking Tool Evaluation Criteria Bugzilla 3.0 Trac 0.10
with other languages and tools, haps best known for Trac.
_
comes with extensive standard Installation on Windows + Bugzilla is hosted at
libraries, and can be learned rel- Ease of use + + bugzilla.org and is among
atively quickly by the average Extra features + + the many projects adminis-
developer. tered and maintained by the
Customizable workflow + +
Versions of Python are _
Mozilla Foundation, which is
+
available for Windows, Linux/ Security probably best known for its
Unix, Mac OS X, OS/2 and Firefox browser.
Amiga, as well as for Palm and Nokia guage with an eclectic heritage. Perl’s
(Symbian) mobile-phone operating sys- process, file and text manipulation facil- By Definition
tems. Python has also been ported to ities make it particularly well suited for As defined by their respective Web sites,
run on Java and .NET virtual machines, tasks involving quick prototyping, sys- Bugzilla is “server software designed to
and is used at organizations as diverse as tem utilities, software tools, system man- help you manage software develop-
NASA, Rackspace, Industrial Light and agement tasks, database access, graphi- ment.” Trac is “an enhanced wiki and
Magic, AstraZeneca, Honeywell, cal programming, networking and Web issue-tracking system used for software
Symantec and many others. programming. These strengths make it development projects.”
Bugzilla (www.bugzilla.org), in its especially popular with system adminis- Trac isn’t an original idea. It owes
current iteration, is written in Perl. Perl trators and CGI script authors, but much to the many project management
(www.perl.org) is a stable cross-platform mathematicians, geneticists, journalists and issue-tracking systems that came
programming language first released by and even managers also use Perl, before. In particular, it borrows from
Larry Wall in 1987 that borrows from C, according to a history posted at CVSTrac. The project started as a reim-
shell scripting, AWK, sed and Lisp, trac.edgewall.org. plementation of CVSTrac in Python and
an entertaining exercise, as well as toy-
FIG. 2: TRAC DEFAULT WORKFLOW (V.0.11) ing with the SQLite embeddable data-
base. Over time, the scope of the
endeavor broadened, a goal formed,
* leave new and it was brought on its current
course.
Both Trac and Bugzilla offer brows-
reassign er-based defect tracking with multi-user
access, attachments, e-mail integration,
import/export capability, custom fields,
assigned reassign accept authentication and authorization,
reporting and audit trails.
Once I had identified the two tools I
accept
resolve reassign wished to zero in on, I started compar-
ing features beyond their basic capabili-
ties. Some of their major pluses and
resolve accepted accept minuses are shown in Table 1.
Installation on Windows. One of my
client requirements was that the tool
reassign installs on Windows servers. While most
resolve open source defect-tracking tools are
cross-platform compatible, Bugzilla
accept (which also runs on Linux) focused less
closed
on the Windows environment until its
later releases.
resolve Windows installation is a Trac
reopen strength. It offers bundled installation
and simple setup, installing on
Windows without a hitch. Trac also can
reopened run as a stand-alone Web server;
Source: trac.fuseboxframework.org Bugzilla can’t. There is currently no
Bugzilla bundle installation package for
A Rose
Tests in the multi-user cycle involve at the database in your production
adding, updating or deleting an object environment when you make this
at the same time or with staggered tim-
ing. Let’s break this description down
with an some example. Imagine a Web
application that allows users to man-
age internal documentation for a com-
pany: a library management system.
This system allows internal users to
access company documents and,
depending on their permissions,
enables them to add, update or delete
documents. The application includes
functionality to allow administrative
users to add users and user groups.
This gives us multiple transactions to
work with.
Now imagine in the course of a
workday, two administrative users
attempt to create a new user group at
the same time. One user adds the new
user group with no error and contin-
ues on. The second user encounters a
database error referencing something
about a unique constraint. Unlikely to
happen? Perhaps. But it’s not unlikely
that two users would be adding or edit-
ing documents; in fact, at a large com-
pany with a heavily used library man-
agement system, dozens of users are
www.stpmag.com • 21
MULTI-USER TESTING
assessment—which means you might there’s no additional work in setting testing. If your testing has been more
need a database administrator who has up objects; I cycle through add, then black-box focused or if you haven’t
access to production. Unless develop- edit, and my final test even cleans up included database considerations in
ment and test environments contain a my test data as I delete as the last test. your testing previously, some of these
recent copy of production data, you errors might be new to you. Let’s
won’t get the same assessment as pro- Pair Up or Go Solo? examine each error type one at a time.
duction. Even with a production copy You can test with two people pairing A deadlock occurs when two process-
in test, you can’t be sure the DBA set- up to cycle through various add, es are locked and neither transaction
ting up your dev or test environment update and delete transactions. completes. Deadlocks in production
didn’t trim any tables to save space. Alternately, I execute this type of test- can wreak havoc if two users lock a
A practical way to plan table. If you compare a
testing is to use your knowl- deadlock to traveling down
edge of the application.
What objects are users like-
ly to be “touching” all day
long with high frequency?
• a highway that uses a tunnel
that allows only one car at a
time, you can envision the
lock. As two cars compete to
What are the fastest-grow-
ing tables in the database?
If you compare a pass through the entrance
first, neither allowing the
What objects do those other to pass, the lock is set.
tables contain?
deadlock to traveling down Add a few more cars com-
When planning your ing along, like transactions
testing program, remember a highway that uses a tunnel that continuing on a Web site,
that you don’t need to test and you can envision a
every object. Instead, allows only one car at queue growing with frus-
you’re looking for high fre- trated users (or drivers).
quency and high volume;
high frequency because
a time, you can Deadlocks are ugly.
There are several lock-
these objects are being ing schemas available to
used the most and are envision the lock. prevent deadlocks, and
•
therefore more likely to more than one database
encounter errors. High vol- vendor on the relational
ume is a likely target database market so there
because these are the are different locking
fastest-growing objects, schemas and concurrency
which also likely makes controls. In fact, there are
them high frequency. Timestamps and ing alone, preferring to arrange two several fascinating problems outlined
version numbers can serve as refer- fairly equal class PCs as I manage two as stories you can find on Wikipedia,
ence points to determine frequency. keyboards and execute transactions. If beginning with the entry on dead-
In the case of volume, you’re looking you choose to go it alone, don’t forget locks. Some of the stories are well
for high table counts. to log in to each PC as a different user. known, the most popular and the start
What is high? Compared to other After all, the purpose is to simulate of the collection is the dining philoso-
objects in the database, these are the two users at the same time—not the phers’ problem (see Edsger W.
objects being added and updated same user on two different worksta- Dijkstra’s work). One type of problem
more often. If you’re conducting per- tions (which, by the way, is another and its related teaching story is
formance testing, you might already form of testing.) For equal-class PCs, referred to as the producer-consumer
be acutely aware of what objects gen- the same timing is easier to accom- problem, which also brings up the
erate the most traffic. Use Table 1 to plish with PCs of equivalent processing point of race conditions.
plan multi-user testing. speeds. Race conditions are a core considera-
Once you identify the objects, think tion in deadlocks. Like the tunnel
about what action is being used the What to Watch For analogy, many traffic issues wouldn’t
most often. Are the objects being Deadlocks. Unique index constraints. take place without a race condition.
added, updated or deleted? A simple Lost edits. Application errors. If multi- Rush hour is a race condition. The
point I’ve learned in executing this user testing didn’t sound exciting at same takes place on the database as
testing is that once I’ve added an first blush, consider these errors in the timing of transactions becomes an
object, I test edit and then delete. This production and you might be willing essential factor.
makes the testing move quickly since to allocate a test cycle to multi-user This is one reason I test both same-
time and staggered timings. Staggered able to add the record, and the second access the same record at the same
timing can catch errors when a user should be notified of an existing time, with admin users accessing a
process or lock hasn’t been released entry of the same value. If the timing user record, and each user updating
but a user can’t view the lock from the is sequential, the user who attempts to the user record. For the first user to
application front end. access the record, the edits
Testing add, update and TABLE 1: MULTI-USER TEST PLANNING FORM will be saved, but the second
delete transactions with user might not obtain the
Same Timing Staggered Timing
slightly staggered timings necessary lock on the record
can catch these errors. If the Add for their edits to be saved. In
lock hasn’t been released, the worst case, the user’s
Change
the next transaction will edits are lost and the user
encounter an error. Delete isn’t informed. Essentially,
In my experience in a the transaction is lost.
decade of multi-user testing, This is why, in practice,
I’m more likely to encounter dead- add the same record receives an error when I test multi-user editing, I make
locks with the same precise timing on stating a record of the same value a point to know what edit each user
the creation of an object. This is why already exists. In some cases, such as makes, and the edits made are not the
I’d rather operate two keyboards than with MySQL, unless the database has same. In the case of the user record, I
perform pair testing; I can get to the been defined as a transactional data- might edit the last name field, adding
exact same precise moment by my own base, all inserts for the table may be a 1 to the end of the existing name as
two hands better than any other way. admin user 1, and a 2 to the end of the
•
Plus, I have the patience to execute existing name as admin user 2. In
tests multiple times until I can find the short, knowing exactly which edit is
timestamps that make me convinced being made by each user helps to veri-
I’ve covered the test. fy that both edits made it into the data-
The second most frequent error I base.
encounter is deleting the same object
with slightly staggered timing.
Knowing exactly Too Much Information?
In terms of practical knowledge Another test idea to keep in mind
and more immediately tangible ideas which edit is while executing multi-user tests is
for testing, you might look to know security. Here’s a test you can pick up
more information about the specific at the same time as multi-user testing.
database you’re working with. Are you being made by Review the database errors dis-
working with Oracle, Sybase, SQL played to find the behind-the-scenes
Server, Informix, MySQL or another information of an application. Look
database? Each has different imple- each user helps to for database table names, admin
mentations available, so it’s worth- account information or directory path
while to talk with your DBA about the
concurrency controls that have been
verify that both information being given away on error
messages that share too much infor-
implemented. mation. If your application can trap
If you can’t get the information you edits made it into for database errors, a design decision
need, test to find a deadlock and then needs to be made about how much
you’ll likely get the support and infor- information should be revealed
mation needed—a harsh but effective the database. through error messages.
•
approach. As most of the database ven- “When two trains approach each
dor products have matured, I haven’t other at a crossing, both shall come to
uncovered as many issues as I did years a full stop and neither shall start up
ago, but multi-user testing still is a test again until the other has gone.”
cycle likely to harvest bugs, and since This Wikipedia entry relating to
the impact can be significant, multi- deadlocks, which quotes a statute
user testing remains a risk area worthy halted. These issues are sometimes passed by the Kansas state legislature
of investigation. referred to as primary key or unique key early in the 20th century, is an excel-
Unique index constraints are database errors. lent way to visualize the importance of
errors that occur when two users A challenge with lost edits is multi-user testing. And now you have
attempt to add the same information whether or not the user is informed. a few techniques to help you imple-
at the same time. One user should be Consider this example: Two users ment it. !
Reports And M ost IT projects are late, over budget and deliver some-
thing other than what was expected. Such outcomes are the
consequence of arbitrarily mandated Group’s periodic CHAOS reports
budgets and schedules, inadequately (www.standishgroup.com) about IT
defined business requirements and too- project success rates evoke a certain
Looking Into a Train Wreck ance of the reports’ basic findings that
Like a train wreck, the Standish IT projects seldom are on time, on
budget and what the stakeholders
Robin Goldsmith is an author and testing want.
consultant specializing in business engineer- While such an unflattering depic-
ing and requirements.
tion of project effectiveness obviously
reflects a somewhat contrarian view of ures were made reliably. Glass ques- gle answer fails to take into account
IT, there’s plenty of room for even tioned whether the CHAOS reports the pattern of variation in the source’s
more contrarianism. In fact, the seeds are valid and said his personal experi- actual project data, which I’m sure
of this admittedly contrarian article ence indicated a much lower IT proj- most of the CHAOS sources were high-
were born in a letter to the editor and ect failure rate. ly unlikely to consider, let alone have
subsequent correspondence with (I He may be right, both about his quantified. Thus, the respondent may
believe he’d accept the characteriza- personal experiences and their being have felt the 100-150 range was most
tion) contrarian Bob Glass, who may representative for the broader IT proj- typical, even though perhaps a few
have been the first to ect population. We can’t instances are in the 25-50 and 400-500
publicly question the really tell either for sure, ranges. It’s like the old story of a per-
•
seemingly sacrosanct though, because the fact son whose left foot is in a bucket of
inviolable CHAOS find- is that nobody else seems boiling water and whose right foot is in
ings that the great major- to have sufficient suitable a bucket of ice. The average of the two
ity of IT projects fail (see objective IT project meas- temperatures might be a comfortable
his “Loyal Opposition” ures that could validate 90 degrees, but neither foot feels at all
article “IT Failure Survey responses whether or not the comfortable.
Rates—70% or 10-15%?” CHAOS reports’ main While CHAOS groups within proj-
in the May-June 2005 in general finding is accurate. ect size categories, it also consolidates
IEEE Software). In fact, this lack of across categories, and it’s unclear
For more than a tend to be objectively measured IT whether its calculations accurately
decade, the Standish project data isn’t just lim- reflect the varying sizes of reported
Group has published a shaky ited to formal study projects. Should a one-month one-per-
series of CHAOS reports reports. It’s highly unlike- son project be given the same weight
that describe embarrass- in both ly that (m)any of the as a one-year 100-person project?
ingly low IT project suc- organizations surveyed Should a project’s size be defined
cess rates, starting with reliability for CHAOS based their based on the original estimate or the
an abysmal 16 percent in answers on reliable and bloated size the report tells us the
1994 and improving to 34 and validity. valid facts, which raises project eventually reached?
percent in 2006 (a num- serious methodological Regardless, to come up with aver-
•
ber that looks good only reasons to question the ages, it’s necessary to convert each of
in comparison to preced- CHAOS figures’ validity. those 100-150 range responses to an
ing years’ reports—or for The CHAOS data comes average score of 125. Although the
a baseball batter). Even from surveys of IT execu- reports do show distributions of
though it’s now well over tives’ perceptions regard- responses for the various ranges, they
a decade old, the 1994 ing project measures. I focus on single average overrun per-
report seems to continue to be the one think we all recognize that survey cents, which take on an appearance of
cited (and read) most, by me and oth- responses in general tend to be shaky authority and scientific precision.
ers, primarily I assume because it’s the with regard to both reliability and Moreover, even if the CHAOS-
only one available in its entirety for validity. reported average overruns of 189 per-
free (find it at www.standishgroup.com Even when well intentioned, survey cent and 222 percent are absolutely
/sample_research/register.php). Since responses often are guesses or, at best, accurate, it’s unclear exactly how to
subsequent reports are priced prohibi- broad approximations. I don’t know interpret these reported overruns. If
tively (for me), I and presumably most about you, but I’m asked to respond the budget was $100, does an overrun
people know only snippets of them all the time to surveys that ask ques- of 189 percent mean that the project
reported in the trade literature, such tions I don’t have good answers to, actually cost $189 or $289?
as the current 34 percent figure either because I don’t know or On the other hand, despite such seri-
(which was described in SQE’s because none of the answers actually ous methodological issues, a lot of sub-
2/22/2007 Between the Lines e-mail fits my situation. Nonetheless, it does- jective data, including my own, does
newsletter). n’t stop me from answering some- support the general tenor of the
So far as I can tell, though, the thing, probably with vague impres- CHAOS conclusions.
Standish Group’s methodology, find- sions or answers that I know have no For example, when I describe the
ings and analysis have remained fairly basis. 1994 CHAOS numbers in my semi-
consistent over the years, with changes nars/speeches, I usually ask the partici-
essentially only in the absolute figures. Illusion of Precision pants whether the report reflects their
Consequently, concerns raised by the Although I’m sure it’s unconscious, own project experience. Over the years,
1994 report are reasonably likely to statistical manipulations can both dis- thousands of attendees regularly have
remain current. tort reality and imbue an illusory given what seems to be almost always
appearance of precision. For instance, unanimous affirmation. Furthermore,
Is IT Really That Bad? “About 90 percent” sounds much less the reports wouldn’t be so widely cited
Measurements must be both reliable precise than “89.51 percent.” Surveys and accepted unless people do find the
and valid. The reports’ year-to-year often ask people to pick ranges of val- conclusions consistent with their own
consistency indicates that the meas- ues; say 100-150. Having to give a sin- experiences.
It’s All in Your Head scientific community’s agreement that The Real Cause of Failure
However, Glass also has a point. IT global warming will deplete animal life It’s not only pathetic TV wanna-be
projects ordinarily do deliver systems in the oceans and submerge coastal celebrities who respond to dysfunction
that people can and do use. Both Glass cities doesn’t cause individuals to cut with greater dysfunction. Many, if not
and CHAOS are right, to an extent, their gas guzzling. Statistics on the most IT projects are destined from the
and focusing on either’s conclusion damaging health impacts of obesity start for failure because management
alone may itself obscure other signifi- don’t make individuals eat better or has arbitrarily dictated a project budg-
cantly important issues. To understand less. And CHAOS’s reported 84 per- et and schedule that bears no relation-
this balance more fully, certain inter- cent IT project failure rate doesn’t ship to the work to be done.
esting psychological factors also need cause individuals to change how they But that’s just the beginning of a
to be taken into account. do projects. downward spiral. When budgets and
CHAOS is correct that IT projects Perhaps the problem seems over- schedules are nonsense, overrunning
routinely are late, over budget and not whelming, or one’s own power to them becomes nonsense too. So what
entirely what is expected. The aberra- affect it seems so insignificant, but if nonsense budgets and schedules are
tion is large, and it’s really not neces- ultimately it comes down to the nor- overrun 189 percent and 222 percent
sary to quibble over CHAOS’ specific mal psychological defense mecha- of the time? People doing the projects
numbers. Glass is right that usually nisms people enlist unconsciously to don’t take a personal stake in the out-
projects produce some kind of work- protect their self-images. We’ve gotten come because they go into the projects
ing system. Once people can start so good at denying anything that “knowing” the nonsense budgets and
using the system, they get busy with it reflects poorly on us, so unwilling to schedules are impossible to meet,
and tend to forget that it was late, over
budget and perhaps only a portion of
what they’d expected.
That’s fine; life must go on—but
this forgetting can involve some bigger
ramifications. First, the same scenario
recurs, project after project. As an
industry, IT tends not to learn, or per-
haps tends to learn, but not necessari-
ly the right lessons, from our experi-
ence. Instead, we’ve learned to
become quite proficient at a develop-
ment process that reliably repeats fail-
ure—late, over budget and not what’s
expected—and then through denial
essentially accepts that failure as ade-
quate.
Second, by failing to relate our own
actions to our results, we prevent the
personal initiative needed to make
meaningful improvement. Consider a
perceptual paradox phenomenon
that’s evident in the worlds of politics
and culture. For example, survey after
survey finds low approval ratings of
Congress, yet congressional re-elec-
tion rates historically are close to 100
percent, sometimes not even impeded
by incarceration or death. Similarly,
surveys repeatedly find that people say
the American education system does a
terrible job, but their own local school
is just fine. recognize, let alone take responsibility which becomes a self-fulfilling prophe-
People often have an understand- for our results, and so willing to shoot cy, regardless of how “objectively” fea-
able disconnect relating broad-scale the messenger, that we not only fail to sible the budget/schedule may be.
external results to their personal take appropriate corrective actions The more the worker bees grumble
sphere. That’s a major reason why peo- but also sometimes intentionally and miss their targets, the more the
ple seldom change their individual engage in additional self-defeating managers feel compelled to dictate
behaviors in response to well-known behaviors. For example, consider the yet-even-more nonsensical budgets
big problems. Annual reports of lung dysfunctional behaviors that get acted and schedules, thereby ensuring fail-
cancer death statistics tend not to out even more excessively every after- ure and confirming to them that they
cause individuals to stop smoking. The noon on the television scream shows. were right in having to hold the
troops’ feet to the fire. Dysfunction rent practices won’t produce better tem/software requirements to satisfy
begets more dysfunction. requirements. them, which of course contributes to
The business users don’t know It’s understandable that the report management’s propensity for arbitrar-
about these internal dynamics. They fails to realize this distinction, because ily establishing budgets and schedules.
only know that as an industry, IT the industry is unaware that such a dis- Once a project is set to fail, albeit
almost always blows project budgets tinction exists. Perhaps one reason by management’s actions or absence
and schedules. They perceive that IT why user involvement is low is that thereof, managers quickly distance
doesn’t know what it’s doing, and thus managers may sense that just giving themselves from the project.
they may not believe what IT says, more time by itself often may not pay
which further impedes IT’s ability to off. One More Little Oversight
keep its promises. Similarly, the report mirrors the Roughly half the time spent in IT proj-
Project managers’ psychological industry’s general lack of awareness of ects is taken up by testing, yet the
defense mechanisms pre- the important distinction CHAOS report’s failure factors don’t
•
vent them from becom- between real, business mention quality or testing.
ing aware, let alone requirements and prod- Again, this probably reflects a lack of
believing, that they may uct/system/software awareness among the surveyed indus-
have credibility issues. So requirements. try executives, which in turn translates
they attribute their diffi- The common use of into the project failures described.
culties to other, often-
Real business the term requirements Inadequate quality clearly causes users
irrelevant factors and refers to the require- not to receive what they expect, and
mistakenly divert atten- requirements ments of the product, sys- the unplanned time needed to fix
tion to these perhaps tem or software that is defects is a major contributor to proj-
non-issues instead of tend not to expected to be created. ect budget and schedule overruns.
addressing their real Said product, system or Without awareness of—and
credibility problems. change nearly software actually is the informed attention to—quality and
This further reduces high-level design of one testing, quality and testing activities
their likelihood of suc- so much of the possible ways how are too little and too late. Too many
cess and their already- to accomplish the pre- defects escape to be found by the
diminished credibility. as people’s sumed real, business- users. Those defects that are found
The business puts more requirements deliverable during development tend to be discov-
pressure on IT manage- awareness whats that provide value ered so late that they’re very expensive
ment, which leads to when delivered/accom- to fix. Proactive testing can turn this
even more nonsense dic- of them. plished/met/satisfied. situation around, actually helping
tates and more overruns; The CHAOS report projects deliver quicker and cheaper
•
and the cycle perpetu- identified incomplete by catching and preventing more of
ates. and changing require- the errors earlier, when they’re easiest
ments as two separate to fix.
Close, But Missing issues. In fact, the main All in all, in spite of significant
Critical Distinctions reason that product/sys- questions about their measures and
Ultimately, project budgets can’t help tem/software requirements change is analysis, the Standish Group’s CHAOS
being nonsense unless they’re based because they aren’t defined accurately reports seem generally accurate in
on adequately defined real require- and completely enough in the first finding that most IT projects are late,
ments. At first glance, this seems very place, which in turn is mainly due to over budget and not entirely what is
much in line with the project success the failure to adequately discover the expected.
and failure factors that CHAOS analy- real business requirements. Designs To a considerable extent, such out-
sis identifies. (including their product, system comes are the inevitable consequence
Requirements and user involve- and/or software requirements) can of arbitrarily mandated project budgets
ment issues certainly dominate the change frequently and rapidly. Real and schedules, inadequately defined
tops of the factors lists. They indeed business requirements tend not to business requirements and too-
are important, but I fear the report change nearly so much as people’s little/too-late reactive attention to qual-
simply parrots overly simplistic, wide- awareness of them. ity and testing.
spread conventional beliefs that con- Such problems persist in part
tinue to miss the distinctions critical Missing Resources And because few organizations have suit-
for making meaningful improvement. Unrealistic Expectations able or sufficient objective factual
The report focuses only on amount The main remaining failure factors measures of their projects and because
of user involvement. While a certain identified in the report include lack of those responsible for IT haven’t creat-
quantity of user involvement is neces- resources, unrealistic time frames, ed an environment in which they and
sary for discovering the real require- unrealistic expectations, and lack of other involved individuals take
ments, it’s not sufficient. Rather, it’s executive support. The first three are enough personal responsibility for
the quality of that involvement that all largely attributable to not ade- their results.
really matters. Merely subjecting users quately defining the real business The solution? Know, document and
to more of the same ineffective cur- requirements and the product/sys- adhere to the real requirements. !
Web Services vs. SOA as the “law enforcement” for an SOA development of rogue, redundant
What exactly is SOA quality? First, let by controlling service implementa- services for specific applications in
me tell you what it’s not. Software tions with the process, procedures and order to meet their project dates. Not
quality initiatives are usually associated standards deemed necessary for only is quality at risk, the fundamental
with testing. And more recently, test- quality. value of the SOA initiative breaks
ing often means testing a single Web While SOA governance solutions down.
service using a waterfall approach. vary in functionality, governance must One approach to achieving SOA
This might work for a Web service that be applied to design time, change time quality is to deploy an SOA quality
has a distinct function with a specific and runtime to be truly effective. The gateway along with governance solu-
life cycle, and can be designed, devel- challenge is that each phase requires a tions. This can complement the con-
oped, debugged and deployed. It then different approach to maximize the trol aspect with interfaces designed for
exists in production until being enablement and adoption of gover- various roles within the process and
different approaches for design time,
change time and runtime. The SOA
quality gateway then becomes the
quality enablement point for reg-
istries.
Collaborative Quality
In any SOA, the more loosely coupled
services are, the more communication
is needed among every team and mem-
ber involved in the design, implemen-
tation and support processes. Agility
and interaction are constantly at risk
in these loosely coupled environments
because of the temptation for each
group to be autonomous.
Collaboration begins at design
time. Architects and business analysts
need to be aware of existing services,
Photograph by Amanda Rohde
ity throughout. To do this, you must And unlike traditional software appli- stand and resolve problems quickly
build a solid foundation for quality cations, SOA testing occurs while and often need to reproduce scenarios
consisting of five core traits: many services are in various stages of when a failure occurred. When service
• Compliance development or production. Yet with developers need to get involved, com-
• Prototyping service-oriented architectures, testing plete problem data needs to be shared
S
• Testing is unavoidable.
• Diagnostics Therefore, teams need tools that
• Support can provide the necessary user inter- OA QUALITY DEFINED
As with any foundation, if one of face, simulate unavailable services and
the components is weak or missing, ensure that all team members—even
In Wikipedia, SOA quality is defined as
the entire structure is at risk. ones without programming or XML
“a service-oriented architecture that
Compliance. SOA quality starts with language knowledge—can test servic-
meets or exceeds business and techni-
compliance with standards. Non-com- es. It’s also important that test scripts
pliant services pose the highest risk for are accessible so that retesting can be cal expectations by consistently yield-
SOA quality and positive business easily performed when a service policy ing value in the form of cost savings,
returns, and simply can’t exist if an changes or if a new service consumer productivity and time to market.”
SOA is to be successful. Even well-writ- uses the service in a different way.
ten services can’t guarantee broad Diagnostics. Remember, this is still This is achieved through continual
interoperability unless standards and software. So no matter how well Web optimization of all components within
best practices are well designed and services and business processes are the SOA environment to ensure maxi-
adhered to throughout an organiza- tested, problems will still occur. With mum adoption, business agility and
tion. an SOA, problems often need to be service reuse.Therefore, SOA quality is
Developers must embrace stan- solved in real time, and may involve a key component of reaping the intend-
dards, rules and policies by seeing disparate teams and systems. This ed benefits of an SOA—it’s the strate-
value in what they provide. Architects requires collaborative diagnostics. gy needed to achieve maximum busi-
and governance teams must educate Determining if a Web service can per- ness benefit.
others as to what the standards are, form its intended function is often a
why they’re in place and most impor- time-sensitive issue that may require
tantly, how developers can improve fast identification of the root cause of with other team members who can
their projects by becoming compliant. a problem. This also means that all simulate different scenarios to more
Finally, analysts and architects must members of the team are responsible effectively diagnose problems.
embrace compliant serv- for helping to diagnose
ices and leverage them problems. For this to be Communication,Trust and Control
•
in SOA applications to effective in an SOA, Communication. The ability to commu-
ensure trust and reuse. strong diagnostics are nicate effectively is an essential core
Prototyping. Seeing is essential to providing element in a successful SOA. It’s as
believing. As business and maintaining SOA important to SOA technologies as it is
and IT groups work quality during runtime, to the people involved with the envi-
together on SOA initia- Strong and for preventing run- ronment. Communication in a tech-
tives, prototyping is one time issues by catching nology domain is often referred to as
of the best ways to reach diagnostics are them in design time and interoperation and occurs across differ-
agreement on a WSDL change time. ent platforms, languages, locations,
contract before any code essential Support. The final policies and standards.
is written, and to deliver component in the foun- Communication must take place
SOA quality early. to providing dation of SOA quality is between people, because individual
Prototyping lets busi- support. It is absolutely team members depend on each other
ness analysts, architects and essential to have a mecha- to do their jobs, complete a task, solve
and developers design nism for supporting the a problem or contribute to a project.
and develop very usable maintaining disparate groups that use The communication between business
interfaces early in the services, without over- and IT is a perfect example. This is
process, thereby creating SOA quality whelming the develop- often associated with collaboration.
services designed for ment teams. Also, sup- But communication is more than
•
reuse. It also allows con- port is fundamentally dif- just interoperability and collabora-
sumers and testers to get ferent in an SOA because tion—it involves the interaction
involved much earlier in it involves two phases that between people and technologies,
the design process, span design time and which is often where quality breaks
reducing the overall runtime simultaneously. down in an SOA.
development cycle. As services are Visibility is an important attribute
Testing. SOA has many moving exposed for use and reuse, consumers offered by a registry, providing a cata-
parts. It’s virtually impossible to test will seek support to assist in the devel- log of services that are available for
every Web service and its interaction opment of their applications. In pro- use. While this helps architects and
with its dependencies within an SOA. duction, support teams need to under- developers to communicate, visibility
B
alone is not enough. Services need to
be visible, accessible and easily under- UILDING BLOCKS OF SOA
stood to ensure SOA quality.
Accessibility and understanding When building a foundation for SOA quality, consider the following:
help make visibility a form of commu-
nication in an SOA. Together, they • How will the individual or team responsible for the overall quality of your SOA manage
allow team members to easily view and all the facets of SOA quality?
comprehend what a service can and • How do you ensure that best practices are actually followed, once they’re defined?
can’t do, which can be a challenge
• How do you enable team members to communicate effectively, given diverse development
when interacting with a technical reg-
environments and skill levels?
istry that lists a myriad of XML files
and WSDL contracts. • How do you enable team members, especially those are remote or who don’t have
An SOA quality gateway can pro- advanced coding or XML skills, to test effectively?
vide the accessibility and understand- • How do you efficiently reproduce and solve problems that span disparate systems and
ing attributes to an existing registry disparate teams without finger pointing?
and address the requirements for • How do you achieve the reuse of your SOA service assets across your team?
effective communication within an
SOA.
Look for platforms and tools that allow team members to:
Trust. The primary characteristics
of SOA quality for any business are
agility and reuse. Trust is what drives 1. Define executable standards and specifications early in development that team members
service reuse. It’s critical for SOA must develop to. These help ensure that your Web services will be of high quality.
teams to be aware of existing services 2. Create and run analysis profiles to verify that your services meet the best practices
in the SOA, to understand what they defined by your organization.
can and can’t do, and most important- 3. Save services in reusable workspaces that all team members can run, regardless of skill
ly, to have trust and confidence that
level. This promotes team communication.
the services will execute as intended.
4. Save workspaces, simulations and test scripts that all members of your team can run to
Trust is relevant in nearly every
aspect of an SOA. Architects need to test your services.
trust the services they choose to use. 5. Run previously saved simulations to effectively reproduce, diagnose and solve problems.
Developers need to trust that an exist- 6. Save services simulations for reuse of your existing SOA service assets in new imple-
ing service will be appropriate for an mentations.
application versus building a new one.
They must also trust that the imple-
mented policies and standards are time and runtime. SOA quality.
meaningful and add value. SOA lead- Governance involves policy
ers must trust that services are being enforcement and sometimes requires Achieving Business Objectives
added to the registry and reused. And changes in human behavior, develop- As with any business application, the
QA teams must trust that policies and ment concepts and processes. Control SOA’s ultimate goal is to help an
standards will enable compliance and also involves reducing the number of organization achieve its business
interoperability at runtime. production issues during runtime and objectives. And SOA quality is
Without trust, an SOA will never resolving those issues quickly. required to ensure that the service-ori-
achieve reuse, which leads to redun- Further, control involves under- ented architecture meets or exceeds
dant or rogue services. Trusted servic- standing the dependencies applica- business and technical expectations,
es, however, will lead to “socialized tions have on multiple, disparate serv- whether in the form of cost savings,
quality.” As services gain trust, users ices, and prompts the need to test serv- productivity, better customer service
will share their positive experience ices that depend on other services that or shorter time-to-market. Achieving
with peers—the trust factor grows and might not be directly accessible. this quality means understanding the
reuse increases. This is what we mean overall goals of the SOA strategy and
by socialized quality. SOA quality opti- Quality In = Quality Out optimizing the environment for suc-
mization depends on creating trusted This variation of the old “garbage in, cessful execution.
services and then socializing that qual- garbage out” adage from the comput- SOA quality also requires a top-
ity throughout the SOA. er science field is relevant to the SOA down approach to mapping out those
Control. Governance in an SOA is registry/repository concept. If quality objectives and a bottom-up strategy for
about control. Often what is lacking, isn’t enforced when services are maintaining it. By laying a foundation
however, is the ability to enforce poli- entered into a registry, quality is at risk for quality at the outset of any new
cies. Control without enforcement when services are used from that reg- project, companies can establish a
really isn’t control at all, and will not istry. process for success that will become a
yield SOA quality. Although gover- While registries are an essential ele- standard practice as new services are
nance alone isn’t the answer to SOA ment of SOA governance and gover- added—ensuring consistent trust and
quality, it’s a critical element, and nance is about control, it goes well reuse, and a high-quality SOA at all
comes into play at design time, change beyond simple governance to ensure times. !
By Prakash Sodhani
www.stpmag.com • 33
DOS AND DON’TS OF TESTING
and resource allocation should have able to work during weekends. His eran testing level.
been done accordingly. Doing these question was, “Is everyone coming to Granted, some of the testers who
kinds of activities just for formality’s work so that we can get a lot done? were assigned to help had previously
sake is a total waste of time and After all, it’s a UI-based application, worked on the same application, but
resources, and should be and everyone can play all they could do was to go through
avoided, especially when around with it to see if the basic flows. The end result? They
everyone is hard pressed they see something spent only a few hours reviewing the
for time. wrong.” As soon as the application and concluded that every-
Teamwork
Anyone reading this
should be familiar with
• question came out, the
faces of the Scrum Master
and leads became indig-
nant, appearing to say,
thing looked great. Everyone was
happy to hear that, and the launch
remained on schedule. No one had
any idea of what had happened during
the concept of team- It’s essential “Are you kidding? Why the previous month, and Peter was so
work, which, if improp- should we work week- disgusted that he just let it go.
erly managed, can have a to keep ends?”
dramatic effect. In this That was the final What should have been done?
case, a small teamwork people blow, and Peter lost all For help to be effective, it has to be
incident led Peter to interest and concern offered at the right time, or you can
stop testing the applica-
tion and give it a green
motivated about the project. From
that moment on, all of his
foster a false impression that every-
thing is great. Peter knew that the sys-
light for release to pro-
duction.
during the efforts were toward going
to production as soon as
tem still had many defects, but was
totally unmotivated to point them out.
possible, after which Had he noted this early enough in the
What was done?
project. came the wait for the life cycle, the project could have been
•
Even with Peter’s 50 per- inevitable production rerouted toward an effective course.
cent involvement, he defects to come in. There are lessons to be learned in
spent around 14 hours everything we do. Testing is a subjec-
each day during a two- What should have tive practice, and carries no hard-core
week period. He was, been done? formulas for success. It’s important to
after all, the more expe- The team should have learn from experience; in this case,
rienced tester and was pulled together. Even a from our fictional friend. Peter’s mis-
therefore obliged to short presence or small takes encapsulate many of the pitfalls
work on the more complex functional- show of effort and willingness to pitch I’ve witnessed throughout my career
ities. Most evenings, no developers in on the part of leads and managers in quality control. Keep him in mind
were available to support his issues. In during crunch time goes a long way when you face some of your own. !
every morning scrum, it was repeated- and can motivate the team toward the
ly mentioned how busy everyone was common goal.
and that they couldn’t deliver some of While it’s a good idea to circulate
the requested functionality, even e-mails or memos of praise when
halfway into regression week. everything is said and done, it’s essen-
tial to keep people motivated during
What went wrong? the project. When true effort and com-
Here’s the funny part: In one of the mitment have been maintained
morning scrums, Peter initiated the throughout the project’s life cycle,
notion of working weekends to get after-project commendation is all the
things done. The development lead more sincere and long lasting.
asked his developers who would be
available to work. All that could be Too Little, Too Late
heard was crickets. These are same What was done?
developers who weren’t able to deliver Everyone needs help at one time or
the required functionalities on time another. This project involved many
and were always “busy.” “Busy doing extra hours, and the test manager cor-
what?” Peter wondered. It was an awk- rectly asked Peter if he needed any
ward moment, and I would have help to get his testing done.
expected more concern to get things
done from the leaders and people who What went wrong?
built the product than from a tester Even though Peter finally got some
with less of a stake in the project’s suc- help, it came too late, right before the
cess. application was to go live. It’s difficult
In another meeting just a couple of for someone to walk in to a project
days before the production release, where so much has happened and be
Peter was asked if he would be avail- expected to instantly perform at a vet-
ability to write testable code than to sound, logical argument. Rather, prop- work, which in turn might be repur-
implement new functionality. The fact er incentive is needed, such as fear (do posed for IT to use and run automati-
that the latest Java versions allow this or get fired) or greed (do this and cally as a business service monitor.
developers to easily annotate their make twice as much money as the poor Cohen is right, and his story only
code is a foreshadowing of this future, sap in the cube next to yours). proves that in technology, eventually
he believes. In fact, Kumar insists that Unless I’m missing something, nei- everything old is new again. In the early
each software class might soon come ther such incentive looms on the tech days of computing, at least through the
with notes from the author about just horizon, and as Cohen sees it, there’s mid-1950s, there was essentially no dis-
which combinations of functions can little evidence that the overall level of tinction between testing and debugging.
be used to test it, a change that would coding competence is on the rise. So Developers were expected—required, in
require considerably more skill than how to deal with Java testing in the age fact—to both test and debug. Testing
that used simply to cobble the func- of the rich Web, when you wake up one and debugging were decoupled by 1960,
tion together in the first place. morning and all of a sudden have an and later testing was further subdivided
Granted, Kumar speaks at confer- AJAX-enabled search box on your into the current array of bang-on-the-
ences, writes for a slew of trade publi- home page? code activities, most of which aren’t
cations and leads a team of 400 tech- done by the developers who wrote the
nology specialists, while I’m just a casu- Rx: Repurposing code in the first place.
al industry observer marooned in geo- The only approach, Cohen says, is to Now, the pendulum may be swinging
graphically challenged Michigan. Still, try to combine the efforts of develop- back. Developers, especially in the
I’m more than a little skeptical of his ment, test, QA and IT. For example, open-source, share-and-share-alike
assertion for much the same reason presumably the developer behind the haven of Java programming, should be
that I looked askance at the sunniest search function in the Plone site has expected to promptly debug their new-
unit testing claims in last month’s col- already created a unit test for the fangled Web application as soon as it’s
umn. Here’s the thing: Behavior JavaScript program. Perhaps that unit unveiled as a service—or at least to
change is difficult, and people rarely do test could be repurposed for test and share their secrets for testing it with
what’s best for them on the basis of QA into a functional testing frame- their downstream colleagues. !
Index to Advertisers
Advertiser URL Page
Automated QA www.testcomplete.com/stp 10
EclipseCon www.eclipsecon.org 19
Empirix www.empirix.com/freedom 4
Hewlett-Packard www.hp.com/go/securitysoftware 40
iTKO www.itko.com/lisa 8
TechExcel www.techexcel.com/stp 13
Who’s Really
While we may expect a rocket guidance
system author to apply 100 percent prov-
ability to his test approach, for the major-
ity of software developers, competitive
Responsible For
market dynamics will dictate when soft-
ware is released.
Given these realities, it’s sensible to
equip people as early in the development
process as possible with tools and process-
understanding of the
of leading
software vendors,
on a variety of topics
directly related to
your industry.