Professional Documents
Culture Documents
Standards –
What about it?
The Magazine for Professional Testers
December, 2009
© iStockphoto.com/belknap
© iStockphoto/Yuri_Arcurs
online training
English & German (Foundation)
60%
of training costs by online training.
The obtained knowledge and the savings ensure
the competitiveness of our company.
www.testingexperience.learntesting.com
Editorial
Dear readers,
Standards are there to be used, but as Erik van Veenendaal said, with common
sense. The drug industry, for example, is forced (damned) to follow them, other
parts of industry are less forced and don’t do it.
As you can follow in this issue, there are many standards and also as many opin-
ions about them. Go in and get your own opinion.
Graham Bath told me about the idea of having a “readers’ opinions corner” in the
magazine. I think that this is great idea and that’s why we decided to have it. We
want to encourage you to send us your opinion about the articles.
Let us know, if you agree with them or if you are very disappointed. A far as you
don’t insult anyone, we will publish all your comments.
As you know, we recently organized the Agile Testing Days in Berlin. It was
great. We had very good talks, good mood, an excellent party and, last but not
least, a great audience. They twitted all the time, and you could follow it under
the hash tag #agiletd. A great experience. We plan the next event for October 4-7,
2010 and hope to see you there. Check the call for papers please.
The next Testing & Finance will take place in June in Frankfurt again. Save the
date!
Based on the success of the conferences, we plan testing conferences around the
world. Check please our website to see which of our testing conferences is near
to you.
The testing experience magazine now has two sisters: Security Acts, the maga-
zine for IT-Security, and Agile Record, the magazine for Agile Development and
Testing. Don’t hesitate please to contact me, if you are interested in writing an
article.
We would like to also have great success with these magazines and ask you for
your support.
We decided to stay in Berlin over the Xmas-holidays. Although it would be quite
warm in Gran Canaria and the sea water is fantastic, and although I will miss my
family, we thought that a little bit of snow as a contrast to sunny 28°C at the beach
is good for the kids. White Xmas is fine. They just know Xmas at the beach with
28°C! Life is hard.
I wish you the best for the time and hope you will jump happily, healthy and loved
into the New Year 2010.
Felices Fiestas!
José Díaz
© Katrin Schülke
Standards: Do We Really Need Them In The Age Of
Cloud Computing?
by Koray Yitmen
© iStockphoto.com/morganl
48
kindergarten? by James Christie
18
4 The Magazine for Professional Testers www.testingexperience.com
Optimizing our Regression – Are we Ready?........................................................................................76
by Alon Linetzki
XML Fuzzing Tool: Testing XML on Multiple Levels............................................................................. 78
by Rauli Kaksonen & Ari Takanen
Functional tests with the FEST framework.......................................................................................... 82
by Dominik Dary
Masthead............................................................................................................................................... 86
Index Of Advertisers.............................................................................................................................. 86
© iStockphoto.com/pavelr28
12
Standards in Medical IT
© iStockphoto.com/DNY59
© iStockphoto.com/pavelr28
38
Test process assessments follow in the footsteps of
software process assessments
© iStockphoto.com/Neustockimages
6 by Bernard Homès
The test plan is the basis for all future test ac- Note: This article was originally presented at the IEEE 829 standard.
tivities on a software application. It is a con- CONQUEST09, but has since been improved
• Other suggested audiences include busi-
tract between the test and development teams
Expose ness, line and purchase managers, in or-
and the management.
der to understand what is required in the
IEEE 829:1998 was focused on documentation 1 Key points context of testing their systems, so that
and this documentation detailed the strategy to The following key points will be highlighted they are able to evaluate proposed testing
be used for the testing activities for: in this article: strategies.
-- Management to understand the added 1. Synthesis of the IEEE829:1998 and 2 Novelty
value of the tests and the remaining risks, IEEE829:2008 standards IEEE 829 is a well-known standard for soft-
the costs and requirements as well as the
2. Relationship between the documents ware test documentation, that is not specifi-
time frame,
cally new. The standard has been widely com-
-- Development team to focus on the areas 3. How to be compliant to the 2008 version mented, sometimes attacked, by the different
that are most critical or where a required and how to migrate from 1998 to 2008 schools of testing, and is a bone of contention
level of quality has been set, version between the Agile testing school – which con-
sider documentation to have very limited add-
-- Test team to develop and execute the test 4. Advantages and drawbacks of the
ed value – and the systematic school, where
campaign on time and within budget, IEEE829:2008 version
the strict adherence to established processes
-- Test project manager to have a reference 1.1 Intended audience and standards is considered mandatory.
document to keep the project on course
The intended audience includes: Since 2003, a group of international experts
and on budget.
from the different schools of testing have gath-
• Test and development managers as well
In 2008, the IEEE Standards Organization pub- ered under the auspices of the IEEE, in order to
as project managers and any testers, ana-
lished a revised version of IEEE829, expand- improve the standard and make it ready to face
lysts or consultants intending to deploy
ing it from software to also cover systems.
This article describes the different types of Project Project
Doc TP Doc MTP
document used in the IEEE829:2008 standard
and their relation to one another. Building on Plan
this information, it details the different steps
and aspects of the test plan as described in the ATP STP CITP CTP
Acceptance System Integration Component
standard and the relations between the differ-
ent chapters, how they complement each other TD TD TD ATD
Level Design Acceptance
in order to provide a complete solution
IEEE829:2008 introduces a number of chang- TC
TC TPr
TPr Prepare ATC
ATC ATP
ATPr
Level Level Acceptance Acceptance
es, one of which is the change of focus from a ITR
document-centric standard to a process-centric Test execution Test execution
standard. Execute
TL & ATL
This article maps changes from the old ver- IR AR
Level Track Acceptance
www.testingexperience.com
Additional testing tasks that should be envis- In terms of the types of independence (Techni- • The Level Test Procedures (LTPr) defin-
aged are also proposed by IEEE829:2008, per cal, Managerial or Financial), the reader will ing the test setups and execution instruc-
life cycle phase, and described in more detail in be able to evaluate the impact of each type of tions.
the standard (Annex D, pages 90-96). Among independence on the actual ratio of indepen-
This implies that a full documentation suite
those additional tasks, we have [non-limitative dence between developers and testers.
will include Level Test Plans, Level Test De-
list]: audits, branch coverage, database analy-
3.3.4 Test Level sign documents, Level Test Cases and Level
sis, independent risk assessment, peer reviews,
Test Procedures for all defined levels, resulting
performance monitoring, regression analysis, Organization of the test documentation is al-
in a large documentation set.
certification, documentation evaluation, … ways a problem. Should one group/segregate
work according to the types of tests (static vs. IEEE829:2008 allows users of the standard to
3.3.3 Tester independence
dynamic), or according to the testing tech- add, combine, or eliminate “whole documents
Tester independence is an important aspect niques (EQP, BVA, …), according to ISO9126 and/or documentation content topics based on
that has been promoted in the ISTQB suite of characteristics (functional, maintenance, etc), the needs (and integrity level) of their individ-
syllabi, and which is a fact of life when study- or according to the different testing levels ual systems”. This allows the test documen-
ing the offshore testing markets. (Component/Unit, Component Integration, tation to be fully tailored to the user context
System and Acceptance)? This new standard (see also section 3.3.6 below), which was not
The new IEEE829:2008 standard suggests a
allows any type of organization, but it suggests allowed in the previous (1998) version of the
degree of independence between testers and
one: Horizontal levels according to a standard standard. This results in the user being allowed
developers according to the integrity level of
SDLC. to provide reference to information present
the software / system being tested. This can
elsewhere, eliminate content topics provided
be used as a guideline when decisions must be IEEE829:2008 proposes to associate the doc-
in the process or covered by automation tools,
taken to outsource some testing activities. umentation to the different test levels of the
combine or eliminate documents.
software / system being developed and tested.
Independence can be defined as (Te) Technical
This implementation, which can be tailored to 3.3.5 Customization & compliance
independence, (Ma) Managerial independence
fit multiple integration levels, is detailed and
or (Fi) Financial independence. The test orga- A number of organizations have already im-
ways to implement it according to the integrity
nizations proposed by IEEE829:2008 are : plemented IEEE829:1998 or some other type
level are also provided.
of docu-mentation suite. The adaptation of
• Embedded: where the tester is embedded
IEEE829:2008 suggests horizontal levels, go- their existing documentation suite to fit the
in the development organization, such as
ing up from Component, to Component Inte- new standard should not be seen as too large
a developer testing his/her own code
gration, to System and up to Acceptance. This a task, otherwise the changeover to the new
• Internal: where the tester is considered as fits with the V-Model SDLC, and is fully in standard will not occur.
inside the development team, but with a line with the ISTQB-proposed organization.
Contrary to the 1998 version, the new ver-
specific testing activity
The Component test level, as well as the Com- sion of the IEEE829 standard is highly adapt-
• Integrated: where the testing organization ponent Integration test level have a different able, including in terms of the templates for
is integrated in the same organization as scope depending on the granularity of the the documents proposed in the standard. One
de-velopment, but as a separate sub-orga- component. If components are low-level, such will remember that IEEE829:1998 considered
nization as DLLs, the next level up is integration of even the different sections of the documents
the DLLs. If components are parts of a larger mandatory. The 2008 version does not con-
• Modified: where the testing organization frame of reference, such as within a System- sider these sections to be mandatory. This does
is in the same overall organization, but of-Systems, the components can be complete not mean that anyone can do anything and still
not under the same direct management as systems developed by suppliers, and the inte- be compliant to the standard. It means that the
the development team. gration should be seen as “system integration” decision to depart from the suggested template
• Classical: where the testing organization at the customer level. must be justified and must be traceable.
is fully independent from the develop- Similarly, any one level suggested by the stan- As mentioned in a previous section,
ment or-ganization, either as a sub-con- dard can be translated in more than one level IEEE829:2008 allows the combination and/
tracted organization, or with the develop- for the organization, such as Acceptance be- or elimination of documents, and suggests that
ment being sub-contracted. ing split in “Supplier System this be done depending on the integrity level.
Acceptance” and “User Ac- The following table proposes a set of testing
Alternative Technical Manage- Financial ceptance”. documents, depending on the Integrity Level:
ment
Classical R R R Your software and system The “L”, representing “Level” in the titles of
documentation organization the documents should be replaced respectively
Modified R C R is fully customizable, and the with “A” for “Acceptance”, “S” for “System”,
Integrated C R R standard can be adapted to “CI” for “Component Integration” and “C”
Internal C C C your own context and orga- for “Component”. The documents can be ex-
nization. panded, combined or eliminated depending on
Embedded M M M various factors such as duration of the devel-
The documentation suite for
opment life-cycle, complexity of the system,
NOTE - R = Rigorous independence; C = Conditional independence; and M = each test level comprises:
Minimal independence.
higher level of integrity, number of test levels,
• The Level Test Plan (LTP) outsourcing and geographically dispersed or-
describing the scope of the ganization, personnel turnaround, etc.
The degree of independence varies between
test level, resources and methods
(R) Rigorous independence, (C) Conditional
independence, and (M) Marginal independence • The Level Test Design
Integrity Selected documents
as described in table F1 of IEEE829:2008. (LTD) providing more
Level
details/updates for the
One can compare this suggested level of in- 4 MTP, LTP, LTD, LTC, LTPr, LTL, AR, LITSR, LTR, MTR
test methods
dependence with the one proposed by the
ISTQB® in its Foundation Level syllabus. • The Level Test Case 3 MTP, LTP, LTD, LTC, LTPr, LTL, AR, LITSR, LTR, MTR
There are no major differences between the (LTC) with inputs and 2 LTP, LTD, LTC, LTPr, LTR, LTL, AR, LITSR, LTR
two. outputs, and 1 LTP, LTD, LTC, LTPr, LTL, AR, LTR
References
[IEEE829:1998] IEEE Standard for Software Test Documentation, © IEEE, 1998
[IEEE829:2008] IEEE Standard for Software and System Test Documentation, ©
IEEE, 2008
[ISO12207:2008] Systems and software engineering — Software life cycle pro-
cesses, © ISO/IEC, 2008
[ISO15288:2008] Systems and software engineering — System life cycle process-
es, © ISO/IEC, 2008
[DO178B/ED12B] Software Considerations in Airborne Systems and Equipment
Certification, © RTCA/EUROCAE 2000
Biography
Founder and principal consultant for
TESSCO Technologies Inc., Bernard
Homès is a former member of the board
of IEEE (France) and active in various
software testing associations and work-
groups.
After 25+ years in software development
and testing with different consultancies,
he set up the TESSCO group consultan-
cies and provides training and consul-
tancy services worldwide.
The fields of operation of TESSCO Tech-
nologies Inc. includes :
• Training testing teams & setting up
software test centers,
• Specialization in mission-critical
systems (banking, health care, tele-
coms, space & airborne systems),
• Qualification of Systems of Systems
(large & complex critical systems)
22nd of March , 2010 for international customers (such
as Orange, Alcatel Alenia Space,
Eurocopter).
Bernard Homès is also President of the
Keynotes French Software Testing Board (www.cftl.
fr) and represents France at the ISTQB.
A long-time speaker at different interna-
Michael Bolton
tional conferences and universities, Ber-
nard has acquired a number of software
testing certifications, and chairs the
“Test vs. Checking” ISTQB Advanced Level syllabus working
party.
Trondheim, Norway
www.free-test.org
Standards in Medical IT
by Dr. Anne Kramer & Georg Götz
Clinical Environment
GAP !!!
Design Integration
Test Case
Specification Test
Vendor
Advanced QS Methods for Medical IT De- documenting tests [3]. With this method the all the information relevant for the test. This
velopment behavior of the system under test is described includes test management information as well
with models (e.g. activity or state diagrams), as test data. Figure 3 illustrates how model-
Using tools helps to manage test cases, but not taking the tester’s mindset into account. Each centric testing is integrated in the process and
to define the right ones. Also, the tool will not path through the model corresponds to a test tool chain. Note that the process chain depends
provide a rationale why certain test cases can case. The model focuses on system usage rather on the specific project requirements.
be left out. The concept of model-centric test- than on system specification. Unlike in model-
ing proved to be a good way of designing and based testing, the test design model contains
clinical workflows
tester’s mindset
laws and
standards
process and tool chain
automatic generation
priorities, hazards,
relevance, ...
Figure 2: Process and tool chain with test design model as central repository
The model constitutes the basis for all discus- states or activities. Thus, it becomes literally because pictures are much easier to under-
sions and is an essential part of the documenta- “visible” which test cases are hazard-relevant. stand than text. Also, tools exist on the mar-
tion. This helps in closing the communication The tester’s mindset, i.e. the reasoning why ket to generate manual or automated test cases
gap between vendor and clinical environments, tests have been designed the way they have, automatically from a model. Thus supported
and thus increases both system quality and ef- is documented and becomes comprehensible by appropriate tools and methods, the testing
ficiency of system integration. The model es- for others – in particular for the auditor. Fi- process can be efficiently integrated into the
tablishes the traceability to requirements and nally, the use of models is also economically development process as required by regula-
hazards, which are linked to the corresponding interesting. Less time is spent during review, tions and laws (see also fig. 3).
Registration
Order
Registration
Change
Data
Cancel Examination
Examination
Cancel Order
Figure 3: Usage models (right side) based on standard workflows (left side) for validating IHE-based systems
Ms. Hilterscheid has been solicitor with practising licence since 1997.
After stays abroad and studies in law in Berlin, she founded first the solici-
tor’s office Hilterscheid, and one year later, together with her husband, the
consultancy Díaz & Hilterscheid Unternehmensberatung GmbH. In addi-
tion, Ms. Hilterscheid has been teaching media law and copyright at the
Berlin University of Applied Science.
Ms. Hilterscheid has been supporting enterprises for more than 10 years
in the discretionary formulation of contracts, general terms and conditions
and license agreements, and accompanies projects legally. She ensures
for her clients that legal requirements are adhered to in their correspon-
dence, on-line appearance as well as in their advertising and marketing
activities.
Ms. Hilterscheid also offers seminars on the subjects of IT-law, trademark
law, copyright and labor law, which can take place in-house if so desired.
www.kanzlei-hilterscheid.de
IT Law
Contract Law
German
English
Spanish
French
www.kanzlei-hilterscheid.de
info@kanzlei-hilterscheid.de
k a n z l e i h i l t e r s c h e i d
© iStockphoto.com/morganl
What are standards? minimum standards of safety, such as Health CMMI Software Process Improvements - us-
and Safety legislation, or the requirements of ing IEEE software engineering standards”. [1]
Discussion of standards usually starts from the the US Food & Drug Administration. That’s
premise that they are intrinsically a good thing, “Standards are consensus-based documents
the law, and it’s not negotiable.
and the debate then moves on to consider what that codify best practice. Consensus-based
form they should take and how detailed they The justification for technical and product standards have seven essential attributes that
should be. standards is clear. Technical standards intro- aid in process engineering. They;
duce consistency, common protocols and ter-
Too often sceptics are marginalized. The pre- 1) Represent the collected experience of oth-
minology. They allow people, services and
sumption is that standards are good and ben- ers who have been down the same road
technology to be connected. Product standards
eficial. Those who are opposed to them appear protect consumers and make it easier for them 2) Tell in detail what it means to perform a
suspect, even unprofessional. to distinguish cheap, poor quality goods from certain activity
I believe that although the content of standards more expensive but better quality competi-
tion. 3) Help to assure that two parties attach the
for software development and testing has great same meaning to an engineering activ-
value, they should not be regarded as “stan- Standards therefore bring information and mo- ity
dards”. Turning useful guidelines into stan- bility to the market and thus have huge eco-
dards suggests that they should be mandatory. nomic benefits. 4) Can be attached to or referenced by con-
tracts
My particular concern is that the IEEE 829 It is difficult to see where standards for soft-
“Standard for Software and System Test Docu- ware development or testing fit into this. To a 5) Improve the product
mentation”, and the many document templates limited extent they are technical standards, but 6) Protect the business and the buyer
derived from it, encourage a safety- first ap- only so far as they define the terminology, and
proach to documentation, with testers docu- that is a somewhat incidental role. They ap- 7) Increase professional discipline.” (List
menting plans and scripts in slavish detail. pear superficially similar to product standards, sequence re-ordered from original)
They do so not because the project genuinely but software development is not a manufactur-
requires it, but because they have been encour- The first four justifications are for standards
ing process, and buyers of applications are not in a descriptive form, to aid communication.
aged to equate documentation with quality, in the same position as consumers choosing
and they fear that they will look unprofession- Standards of this type would have a broader
between rival, inter-changeable products. remit than the technical standards I referred
al and irresponsible in a subsequent review or
audit. I think these fears are ungrounded and I Are software development standards more to, and they would be guidelines rather than
will explain why. like the standards issued by professional bod- prescriptive. These justifications are not con-
ies? Again, there’s a superficial resemblance. troversial, although the fourth has interesting
A sensible debate about the value of standards However, standards such as Generally Accept- implications that I will return to later.
must start with a look at what standards are, ed Accounting Principles (Generally Accepted
and the benefits that they bring in general, and The last three justifications hint at compulsion.
Accounting Practice in the UK) are backed up These are valid justifications, but they are for
specifically to testing. by company law and have a force no-one could standards in a prescriptive form and I believe
Often discussion becomes confused because dream of applying to software development. that these justifications should be heavily qual-
justification for applying standards in one con- Similarly, standards of professional practice ified in the context of testing.
text is transferred to a quite different context and competence in the professions are strictly
without any acknowledgement that the stan- enforced and failure to meet these standards I believe that where testing standards have
dards and the justification may no longer be is punished. value they should be advisory, and that the
relevant in the new context. word “standard” is unhelpful. “Standards”
Where does that leave software development implies that they should be mandatory, or that
Standards can be internal to a particular or- standards? I do believe that they are valuable, they should at least be considered a level of
ganization or they can be external standards but not as standards. best practice to which all practitioners should
attempting to introduce consistency across an Susan Land gave a good definition and justifi- aspire.
industry, country or throughout the world. cation for standards in the context of software
Let’s forget about legal requirements enforcing engineering in her book “Jumpstart CMM-
Exhibitors
Supporting Organisations
Is the idea of “best practice” useful? from orthodox IT academics. to a beginner, and restrict their later develop-
ment.”
I don’t believe that software development stan- Lloyd Roden drew on the work of the Dreyfus
dards, specifically the IEEE series, should be brothers as he presented a powerful argument The issue of whether rules can hinder the de-
mandatory, or that they can be considered best against the idea of “best practice” at Starwest velopment of beginners has significant impli-
practice. Their value is as guidelines, which 2009 and the TestNet Najaarsevent. Hubert cations for the way our profession structures
would be a far more accurate and constructive Dreyfus is a philosopher and psychologist, and its processes. Looking back at work I did at the
term for them. Stuart Dreyfus works in the fields of industrial turn of the decade improving testing processes
engineering and artificial intelligence. In 1980 for an organization that was aiming for CMMI
I do believe that there is a role for manda- they wrote an influential paper that described level 3, I worry about the effect it had.
tory standards in software development. The how people pass through five levels of com-
time-wasting shambles that is created if people Independent professional testing was a novelty
petence as they move from novice to expert
don’t follow file naming conventions is just for this client, and the testers were very inex-
status, and analysed how rules and guidelines
one example. Secure coding standards that tell perienced. We did the job to the best of our
helped them along the way. The Dreyfus Mod-
programmers about security flaws that they ability at the time, and our processes were cer-
el of Skills Acquisition can be summarized as
must not introduce into their programs are tainly considered best practice by my employ-
follows.
also a good example of standards that should ers and the client. The trouble is that people
be mandatory. However, these are local, site- Novices require rules that can be applied in can learn, change and grow faster than strict
specific standards. They are about consistency, narrowly defined situations, free of the wider processes can adapt. A year later and I’d have
security and good housekeeping, rather than context. done it better. Two years later, it would have
attempting to define an over-arching vision of been different and better, and so on. Mean-
Advanced beginners can work with guidelines
“best practice”. while, the testers would have been gaining in
that are less rigid than the rules that novices
experience and confidence, but the processes I
Testing standards should be treated as guide- require.
left behind were set in tablets of stone.
lines, practices that experienced practitioners Competent practitioners understand the plan
would regard as generally sound and which As Ben Simo put it; “If an organization is at
and goals, and can evaluate alternative ways
should be understood and regarded as the de- a level less than the intent of level 5, CMM
to reach the goal.
fault approach by inexperienced staff. Making seems to often lock in ignorance that existed
these practices mandatory “standards”, as if Proficient practitioners have sufficient expe- when the process was created”.
they were akin to technical or product stan- rience to foresee the likely result of different
CMMI has its merits, but also has dangers.
dards and the best approach in any situation, approaches and can predict what is likely to be
Continuous process improvement is at its
will never ensure that experienced staff do the best outcome.
heart, but these are incremental advances and
a better job, and will often ensure they do a refinements in response to analysis of metrics.
Experts can intuitively see the best approach.
worse job than if they’d been allowed to use Step changes or significant changes in re-
Their vast experience and skill mean that rules
their own judgement. sponse to a new problem don’t fit comfortably
and guidelines have no practical value.
Testing consultant Ben Simo, has clear views with that approach. Beginners advance from
For novices the context of the problem pres- the first stage of the Dreyfus Model, but the
on the notion of best practice. He told me;
ents potentially confusing complications. context they come to know and accept is one
“‘Best’ only has meaning in context. And even
Rules provide clarity. For experts, understand- of rigid processes and rules.
in a narrow context, what we think is best now
ing the context is crucial and rules are at best
may not really be the best. In practice, ‘best Rules, mandatory standards and inflexible pro-
an irrelevant hindrance.
practice’ often seems to be either something cesses can hinder the development of begin-
that once worked somewhere else, or a techni- Roden argued that we should challenge any ners. Rigid standards don’t promote quality.
cal process required to make a computer sys- references to “best practices”. We should talk They can have the opposite effect if they keep
tem do a task. I like for words to mean some- about good practices instead, and know when testers in the kindergarten.
thing. If it isn’t really best, let’s not call it best. and when not to apply them. He argued that
In my experience, things called best practices imposing “best practice” on experienced pro- IEEE829 & the motivation behind docu-
are falsifiable as not being best, or even good, fessionals stifles creativity, frustrates the best mentation
in common contexts. people and can prompt them to leave.
One could argue that standards do not have to
I like guidelines that help people do their However, the problem is not simply a matter be mandatory. Software developers are prag-
work. The word ‘guideline’ doesn’t imply a of “rules for beginners, no rules for experts”. matic, and they understand when standards
command. Guidelines can help set some pa- Rules can have unintended consequences, should be mandatory and when they should
rameters around what and how to do work even for beginners. be discretionary. That is true, but the problem
and still give the worker the freedom to deviate is that the word “standards” strongly implies
from the guidelines when it makes sense. Chris Atherton, a senior lecturer in psychology
at the University of Central Lancashire, made compulsion. That is the interpretation that most
Rather than tie people’s hands and minds with an interesting point in a general, anecdotal outsiders would place on the word. People do
standards and best practices, I like to use discussion about the ways in which learners act on the assumption that the standard should
guidelines that help people think and commu- relate to rules. be mandatory, and then regard non-compli-
nicate lessons learned - allowing the more ex- ance as a failure, deviation or problem. These
perienced to share some of their wisdom with “The trouble with rules is that people cling people include accountants and lawyers, and
the novices.” to them for reassurance, and what was origi- perhaps most significantly, auditors.
nally intended as a guideline quickly becomes
Such views cannot be dismissed as the mus- a noose. My particular concern is the effect of IEEE
ings of maverick testers who can’t abide the 829 testing documentation standard. I won-
discipline and order that professional software The issue of rules being constrictive or restric- der if much more than 1% of testers have ever
development and testing require. Ben is the tive to experienced professionals is a really seen a copy of the standard. However, much
President of the Association of Software Test- interesting one, because I also see it at the of its content is very familiar, and its influence
ing. His comments will be supported by many opposite end of the scale, among beginners. is pervasive.
testers, who see how it matches their own ex- Obviously the key difference is that beginners
do need some kind of structural scaffold or IEEE 829 is a good document with much valu-
perience. Also, there has been some interesting able material in it. It has excellent templates,
academic work that justifies such scepticism support; but I think we often fail to acknowl-
edge that the nature of that early support can which provide great examples of how to docu-
about standards. Interestingly, it has not come ment meticulously a project. Or at least they’re
seriously constrain the possibilities apparent
BecomingÊ AgileÊ isÊ noÊ longerÊ optionalÊ forÊ organizationsÊ wishingÊ toÊ
stayÊ competitiveÊ inÊ todayÊ business.Ê SELAÊ helpsÊ organizationsÊ toÊ
performÊsuchÊaÊtransitionÊasÊsmoothlyÊasÊpossible.ÊOurÊcombinationÊofÊ
uniqueÊcourses,ÊconsultingÊservicesÊandÊpracticalÊexpertiseÊhelpsÊourÊ
GYWXSQIVWXSWTIIHYTXLIXVERWMXMSRERHQE\MQM^IXLIFIRIßXWSJ
becomingÊmoreÊAgile.ÊWeÊwillÊhelpÊyouÊchoosingÊtheÊidealÊcombinationÊ
SJ%KMPIERHXVEHMXMSREPQIXLSHWXLEXßXWQSWX]SYVFYWMRIWWRIIHW
ÊAvailableÊCourses:
AgileÊTesting
PracticalÊScrum
7GVYQ1EWXIV'IVXMßGEXMSR'SYVWI
7GVYQ4VSHYGX3[RIV'IVXMßGEXMSR'SYVWI
ÊÊTestÊDrivenÊDevelopmentÊforÊC++ÊDevelopers
TestÊDrivenÊDevelopmentÊforÊJavaÊDevelopersÊ
TestÊDrivenÊDevelopmentÊwithÊ.NETÊ
TestÊDrivenÊDevelopmentÊwithÊVSTS
SolutionsÊareÊavailableÊaroundÊtheÊworld.ÊLocalÊsolutionsÊareÊalsoÊavailableÊin:Ê
Argentina Canada Germany India Israel USA Singapore
solutions@sela.co.il
www.selagroup.com
great examples of meticulous documentation if building designs. Their conclusion was that ers. Defects were categorized according to the
that is the right approach for the project. That they did so using a high-speed, iterative pro- ease with which they could be found. Defects
of course is the question that has to be asked. cess; repeatedly building, proving and refining were also assigned to one of eight defect types
What is the right approach? Too often the ex- mental simulations of how the system might (performance, usability etc.). Exploratory test-
istence of a detailed documentation standard work. Unsuccessful designers couldn’t con- ing scored better for defects at all four levels
is taken as sufficient justification for detailed ceive working simulations, and fixed on de- of “ease of detection”, and in 6 out of the 8
documentation. signs whose effectiveness they couldn’t test defect type categories. The differences were
till they’d been built. not considered statistically significant, but it
I’m going to run through two objections to
is interesting that exploratory testing had the
detailed documentation. They are related, but Curtis et al wrote; “Exceptional designers
slight edge given that conventional wisdom
one refers to design and the other to testing. It were extremely familiar with the application
for many years was that heavily documented
could be argued that both have their roots in domain. Their crucial contribution was their
scripting was essential for effective testing.
psychology as much as IT. ability to map between the behavior required
of the application system and the computation- However, the really significant finding, which
I believe that the fixation of many projects on
al structures that implemented this behavior. the researchers surprisingly did not make great
documentation, and the highly dubious as-
In particular, they envisioned how the design play of, was that the exploratory testing results
sumption that quality and planning are syn-
would generate the system behavior custom- were achieved with 18% of the effort of the
onymous with detailed documentation, have
ers expected, even under exceptional circum- test case testing.
their roots in the structured methods that domi-
stances.”
nated software development for so long. These The exploratory testing required 1.5 hours per
methods were built on the assumption that Robbins et al stressed the importance of it- tester, and the test case testing required an av-
software development was an engineering dis- eration; “The cognitive theory of reflection- erage of 8.5 hours (7 hours preparation and 1.5
cipline, rather than a creative process, and that in-action observes that designers of complex hours testing).
greater quality and certainty in the develop- systems do not conceive a design fully-formed.
It is possible to criticize the methods of the
ment process could be achieved only through Instead, they must construct a partial design,
researchers, particularly their use of students
engineering-style rigour and structure. evaluate, reflect on, and revise it, until they are
taking a course in software testing, rather than
ready to extend it further.”
Paul Ward, one of the leading developers of professionals experienced in applying the tech-
structured methods, wrote a series of articles The eminent US software pioneer Robert Glass niques they were using. However, exploratory
[2] on the history of structured methods, which discussed these studies in his book “Software testing has often been presumed to be suitable
admitted that they were neither based on em- Conflict 2.0” [8] and observed that “people only for experienced testers, with scripted, test
pirical research nor subjected to peer-review. who are not very good at design ... tend to case based testing being more appropriate for
Two other proponents of structured methods, build representations of a design rather than the less experienced.
Larry Constantine and Ed Yourdon, admitted models; they are then unable to perform simu-
The methods followed by the Helsinki re-
that the early investigations were no more than lation runs; and the result is they invent and
searchers might have been expected to bias the
informal “noon-hour” critiques” [3]. are stuck with inadequate design solutions”.
results in favour of test case testing. Therefore,
Fitzgerald, Russo and Stolterman gave a brief These studies fatally undermine the argument the finding that exploratory testing is at least as
history of structured methods in their book that linear and documentation-driven pro- effective as test case testing with a fraction of
“Information Systems Development – Methods cesses are necessary for a quality product, and the effort should make proponents of heavily
in Action” [4] and concluded that ”the authors that more flexible, light-weight documentation documented test planning pause to reconsider
relied on intuition rather than real-world ex- approaches are irresponsible. Flexibility and whether it is always appropriate.
perience that the techniques would work”. intuition are vital to developers. Heavy-weight
Documentation per se does not produce qual-
documentation can waste time and suffocate
One of the main problem areas for structured ity. Quality is not necessarily dependent on
staff if used when there is no need.
methods was the leap from the requirements documentation. Sometimes they can be in
to the design. Fitzgerald et al wrote that “the Ironically, it was the heavy-weight approach conflict.
creation of hierarchical structure charts from that was founded on guesswork and intuition,
Firstly, the emphasis on producing the docu-
data flow diagrams is poorly defined, thus and the light-weight approach that has sound
mentation can be a major distraction for test
causing the design to be loosely coupled to the conceptual underpinnings.
managers. Most of their effort goes into pro-
results of the analysis. Coad & Yourdon [5]
The lessons of the HCI academics have obvi- ducing, refining and updating plans that often
label this shift as a ‘Grand Canyon’ due to its
ous implications for exploratory testing, which bear little relation to reality. Meanwhile the
fundamental discontinuity.”
again is rooted in psychology as much as in IT. team are working hard firming up detailed test
The solution to this discontinuity, according to In particular, the finding by Curtis et al that cases based on an imperfect and possibly out-
the advocates of structured methods, was an “exceptional designers were extremely famil- dated understanding of the application. While
avalanche of documentation to help analysts iar with the application domain” takes us to the application is undergoing the early stages
to crawl carefully from the current physical the heart of exploratory testing. of testing, with consequent fixes and changes,
system, through the current logical system, detailed test plans for the later stages are being
What matters is not extensive documentation
to a future logical system, and finally a future built on shifting sand.
of test plans and scripts, but deep knowledge
physical system.
of the application. These need not be mutu- You may think that is being too cynical and
Not surprisingly, given the massive documen- ally exclusive, but on high-pressure, time-con- negative, and that testers will be able to pro-
tation overhead, and developers’ propensity to strained projects it can be hard to do both. duce useful test cases based on a correct un-
pragmatically tailor and trim formal methods, derstanding of the system as it is supposed to
Itkonen, Mäntylä and Lassenius conducted
this full process was seldom followed. What be delivered to the testing stage in question.
a fascinating experiment at the University of
was actually done was more informal, intui- However, even if that is so, the Helsinki study
Helsinki in 2007 in which they tried to com-
tive, and opaque to outsiders. shows that this is not a necessary condition for
pare the effectiveness of exploratory testing
effective testing. Further, if similar results can
An interesting strand of research was pur- and test case based testing. [9]
be achieved with less than 20% of the effort,
sued by Human Computer Interface academ-
Their findings were that test case testing was how much more could be achieved if the tes-
ics such as Curtis, Iscoe and Krasner [6], and
no more effective in finding defects. The de- ters were freed from the documentation drudg-
Robbins, Hilbert and Redmiles [7]. They at-
fects were a mixture of native defects in the ery in order to carry out more imaginative and
tempted to identify the mental processes fol-
application and defects seeded by the research- proactive testing during the earlier stages of
lowed by successful software designers when
Exhibitor / Sponsor
Apply as exhibitor
at www.testingexperience.com
or contact us via e-mail info@testingfinance.com
it
of
rt
pa
Be
Exhibitors
Supporting Organisations
development? would be cut off with “So, it’s no”. the field of IT governance in the last few de-
cades has been the US 2002 Sarbanes-Oxley
Susan Land’s fourth justification for standards I have seen that style of auditing. It is unpro-
Act, which imposed new standards of report-
(see start of article) has interesting implica- fessional and organizations that tolerate it
ing, auditing and control for US companies.
tions. Standards “can be attached to or ref- have deeper problems than unskilled, poorly
It has had massive worldwide influence, be-
erenced by contracts”. That is certainly true. trained auditors. It is senior management that
cause it applies to the foreign subsidiaries of
However, the danger of detailed templates in creates the environment in which the ticklist
US companies, and foreign companies that are
the form of a standard is that organizations approach thrives. However, I don’t believe it is
listed on the US stock exchanges.
tailor their development practices to the tem- common. Unfortunately people often assume
plates rather than the other way round. If the that this style of auditing is the norm. The act attracted considerable criticism for
lawyers fasten onto the standard and write its the additional overheads it imposed on com-
IT audit is an interesting example of a job
content into the contract, then documentation panies, duplicating existing controls and im-
that looks extremely easy at first sight, but is
can become an end and not just a means to an posing new ones of dubious value. However,
actually very difficult when you get into it. It
end. the response to Sarbanes-Oxley verged on the
is very easy for an inexperienced auditor to
hysterical, with companies, and unfortunately
Documentation becomes a “deliverable”. The do what appears to be a decent job. At least
some auditors, reading more into the legisla-
dreaded phrase “work product” is used, as if it looks competent to everyone except expe-
tion than a calmer reading could justify. The
the documentation output is a product of simi- rienced auditors and those who really under-
assumption was that every process and activity
lar value to the software. In truth, sometimes stand the area under review.
should be tied down and documented in great
it is more valuable if the payments are staged
If auditors are to add value, they have to be detail.
under the terms of the contract, and dependent
able to use their judgement, and that has to be
on the production of satisfactory documenta- However, not even Sarbanes-Oxley, suppos-
based on their own skills and experience as
tion. I have seen triumphant announcements of edly the sacred text of extreme documentation,
well as formal standards. They have to be able
“success” following approval of “work prod- requires detailed documentation of test plans
to analyze a situation and evaluate whether
ucts” with the consequent release of payment or scripts. That may be how some people mis-
the risks have been identified and whether the
to the supplier, when I have known the under- interpret the act. It is neither mandated by the
controls are appropriate to the level of risk. It
lying project to be in a state of chaos. act nor recommended in the guidance docu-
is very difficult to find the right line, and you
ments issued by the Institute of Internal Audi-
Formal, traditional methods attempt to repre- need good experienced auditors to do that. I
tors [11] and the Information Systems Audit &
sent a highly complex, even chaotic, process believe that ideally IT auditors should come
Control Association [12].
in a defined, repeatable model. These methods from an IT background so that they do under-
often bear only vague similarities to what de- stand what is going on; poachers turned game- If anyone tries to justify extensive documenta-
velopers have to do to craft applications. The keepers if you like. tion by telling you that “the auditors will ex-
end product is usually poor quality, late and pect it”, call their bluff. Go and speak to the
Too often testers assume that they know what
over budget. Any review of the development auditors. Explain that what you are doing is
auditors expect, and they do not speak directly
will find constant deviations from the man- planned, responsible and will have sufficient
to the auditors or check exactly what profes-
dated method. documentation of the test results.
sional auditing consists of. They assume that
The suppliers, and defenders, of the method auditors expect to see detailed documenta- Documentation is never required “for the
can then breathe a sigh of relief. The sacred tion of every stage, without consideration of auditors”. If it is required, it is because it is
method was not followed. It was the team’s whether it truly adds value, promotes quality needed to manage the project, or it is a require-
fault. If only they’d done it by the book! The or helps to manage the risk. ment of the project that has to be justified like
possibility that the developers’ and testers’ ap- any other requirement. That is certainly true
Professional auditors take a constructive and
parent sins were the only reason anything was of safety-critical applications, or applications
pragmatic approach and can help testers. I
produced at all is never considered. related to pharmaceutical development and
want to help testers understand that. I used to
manufacture. It is not true in all cases.
What about the auditors? find it frustrating when I worked as an IT audi-
tor when I found that people had wasted time IEEE 829 and other standards do have real
Adopting standards like IEEE 829 without on unnecessary and unhelpful actions on the value, but in my opinion their value is not as
sufficient thought causes real problems. If the assumption that “the auditors require it”. standards! They contain a wealth of good ad-
standard doesn’t reflect what really has to be vice and the fruits of vast experience. How-
done to bring the project to a successful con- Kanwal Mookhey, an IT auditor and founder
ever, they should be guidelines to help the in-
clusion, then mandated tasks or documents of NII consulting, wrote an interesting article
experienced, and memory joggers for the more
may be ignored or skimped on, with the result for the Internal Auditor magazine of May 2008
experienced.
that a subsequent review or audit reports on a [10] about auditing IT project management.
failure to comply. He described the checking that auditors should I hope this article has made people think about
carry out at each stage of a project. He made whether mandatory standards are appropri-
An alternative danger is that testers do comply no mention of the need to see documentation ate for software development and testing, and
when there is no need, and put too much ef- of detailed test plans and scripts, whereas he whether detailed documentation in the style of
fort into the wrong things. Often testers arrive did emphasize the need for early testing. IEEE 829 is always needed. I hope that I have
late on the project. Sometimes the emphasis is provided some arguments and evidence that
on catching up with plans and documentation Kanwal told me. “I would agree that audi-
will help testers persuade others of the need to
that are of dubious value, and are not an ef- tors are - or should be - more inclined to see
give testers the freedom to leave the kindergar-
fective use of the limited resources and time. comprehensive testing, rather than compre-
ten and grow as professionals.
However, if the contract requires it, or if there hensive test documentation. Documentation
is a fear of the consequences of an audit, then of test results is another matter of course. As
it could be rational to assign valuable staff to an auditor, I would be more keen to know that
unproductive tasks. a broad-based testing manual exists, and that
for the system in question, key risks and con-
Sadly, auditors are often portrayed as corpo- trols identified during the design phase have
rate bogey-men. It is assumed that they will been tested for. The test results would provide
conduct audits by following ticklists, with a higher degree of assurance than exhaustive
simplistic questions that require yes/no an- test plans.”
swers. “Have you done x to y, yes or no”. If
the auditees start answering “No, but …” they One of the most significant developments in
Together with the global e-exam provider Pearson VUE, iSQI enables its customers from now
on to take their exams no longer merely paper-based, but computer-based in the test center
around the corner at the time of their choice all over the world.
ISTQB® Certified Tester - FL (English & German) / ISTQB® Certified Tester - AL Test Manager, Test Analyst,
Technical Test Analyst (English) / IREB® Certified Professional for Requirements Engineering (English) /
ISEB® Intermediate Certificate in Software Testing (German)
www.isqi.org
26
CERTiFYING The Magazine for Professional Testers
PEOPLE www.testingexperience.com
Column
Standards: to be used with common sense!
by Erik van Veenendaal
Probably, I’m one of those persons who doesn’t Amongst others, it now has a dedicated tem- is that many companies define their own re-
like standards, because they tend to restrict me plate for a master test plan and a dedicated view processes. Most often they end up with
and provide me with a harness. As many of template for a level test plan; also there are at least 90% of what has already been defined
you, I have experienced that a quality docu- various instances of test reports provided. Of by IEEE 1028, but somehow succeed in mix-
ment, e.g. a test plan, wasn’t accepted by QA course, IEEE 829 should again not be used as ing up terms and renaming the review types
because it wasn’t according to the standard. a restrictive harness, but rather as a source of etc. Confusing and a waste of effort to say
Who cares! As long as it does the job. Hav- inspiration. In fact, there are three main ways the least. Probably only great for consultan-
ing co-developed the TMap methodology and you can use this standard effectively: cy companies that provide the service. IEEE
written several TMap books – a de-facto test- 1028 is a very straightforward standard that
1. If you do not yet have templates in your
ing standard in amongst others the Netherlands, provides the processes for the different types
organization or project for test docu-
I’m probably as much to blame as anyone else. of review that can be distinguished, e.g. in-
mentation, do not start re-inventing the
However, the real question to ask ourselves spection, walkthrough, technical review and
wheel! IEEE 829 can be a great source to
here is“Who’s to blame: the standard, or those management review. Let’s not waste effort in
use when defining your own customized
who apply the standard?” Having worked in defining what is already provided; to the best
test documentation standards.
many industries with many different standards of my understanding the added value is NOT
over the years, I probably have to state that it 2. If you do already have a set of templates in the 10% difference. Let’s focus on getting
is down to those applying the standards to use in use, it can be used as a checklist. A reviews implemented using IEEE 1028 as a
them effectively. Of course, it makes a differ- review your own set of documentation common reference process framework.
ence whether it’s a mandatory external stan- standards against IEEE 829 can lead to
BS7925-2 Software Component Testing
dard, e.g. FDA, or “just” a company-internal some improvement ideas and is a verifi-
standard, but still ……. cation of completeness of your own test Although this standard was originally targeted
documentation standards. towards component testing, it can be used by
Unfortunately, there is no single software
all testers whatever test level they work at. The
testing standard yet (ISO is in the process of 3. Many of us now work with third parties,
standard provides a test process framework, es-
developing one to be released in 2012). There e.g. outsourcing, and try to make agree-
pecially for component testing, but much more
are many standards that touch upon software ments on the test processes to be used and
important provides great detailed descriptions
testing, but many of these standards overlap documentation to be produced. However,
for both structure-based and specification-
and contain what appear to be contradictory what is a “good” test log or test plan? This
based test design techniques. Not only does
requirements. Perhaps worse, there are large question often leads to a never ending
it provide a description, in the annex it also
gaps in the coverage of software testing by discussion. My recommendation would
provides detailed examples for all test design
standards, such as integration testing, where be to use the well-known and internation-
techniques which is really helpful. A highly
no useful standard exists at all. Where stan- ally accepted IEEE 829 as part of the test
usable and complete overview of test design
dards related to software and system testing do agreements and state that test documents
techniques, that should be used when introduc-
exist, I would like to point to my personal top to be delivered have to comply with IEEE
ing or improving test design within your com-
3 recommended standards, for both building 829. An easy, but quality way out of an
pany or project. Unfortunately, this standard is
confidence between supplier and consumer, on-going discussion.
not lectured as part of the ISTQB certification
and providing information on good practice to
IEEE 1028 – Reviews scheme, which is a mistake according to my
the new or even experienced tester.
opinion. Nevertheless, I strongly recommend
IEEE 829 – Software and System Test Docu- When discussing reviews, I always wonder you to download this standard and start using
mentation standard why we are not all practicing such an effective it. It’s much better than most test design books
and relatively low-cost technique. Surveys and totally independent of any testing method
One of the most popular and well-known test- show that only 50% of projects practice re- or process.
ing standards is IEEE 829. IEEE 829 is ref- views and only 25% practice them in the way
erenced in many testing book and lectured they are meant to be practiced. Yet the tech- Finally, I strongly recommend not re-invent-
as part of the ISTQB certification scheme. nique has been around since 1976 when Mi- ing the wheel, but using the testing standards
The recently updated version from 2009 has chael Fagan published his famous paper. One available. But please, let common sense pre-
many benefits over the “old” version of 1998. of the things that strikes me as very strange vail…… good luck!
Erik van Veenendaal is a leading international consultant and trainer, and recognized expert
is the area of software testing and quality management. He is the director of Improve Quality
Services BV. At EuroStar 1999, 2002 and 2005, he was awarded the best tutorial presenta-
tion. In 2007 he received the European Testing Excellence Award for his contribution to the
testing profession over the years. He has been working as a test manager and consultant in
software quality for almost 20 years.
He has written numerous papers and a number of books, including “The Testing Practi-
tioner”, “ISTQB Foundations of Software Testing” and “Testing according to TMap”. Erik is
also a former part-time senior lecturer at the Eindhoven University of Technology, the vice-
president of the International Software Testing Qualifications Board and the vice chair of the
TMMi Foundation.
“Standard” - an often used (or misused) word related areas: are in development) and to retain this informa-
that shouldn’t be missing in the area of testing. tion. There is a distinct lack of a central “test
• IEEE 730 – Standard for Software Qual-
What is the meaning of “standard”? Which standard portal” which would help to find dif-
ity Assurance Plan
(test) standards exist? What keeps us from ap- ferent process-specific, domain-specific and
plying the standards or from being compliant? • IEEE 828 – Standard for Software Con- documentation-related standards, etc. – well
Are they a curse or a blessing? figuration Management Plans structured and across different organizations.
These questions originate from a question- • IEEE 829 – Standard for Software Test At least 67% of the interviewees gave this in-
naire which was filled in by test managers, Documentation formation.
quality assurance managers and managers of
• IEEE 1008 – Standard for Software Unit Through the home pages of single standard-
centralized testing groups. Their results were
Testing ization organizations it is possible to search
compared with the practical experience of the
for standards. This is a simple search if the
author, which will be clarified in this article.1 • IEEE 1012 – Standard for Software Veri- organization (e.g., ISO, IEEE) and the number
fication and Validation of the required standard is known. The more
Definition
• IEEE 1028 – Standard for Software Re- commonly used method to find standards is
According to the definition of the British Stan- via suitable reference lists / literature lists in
views
dards Institution, a standard is a “published test-related books as well as in the syllabi of
document that contains a technical specifica- • IEEE 1044 – Standard Classification for tester training schemes, e.g. ISTQB Certified
tion or other precise criteria designed to be Software Anomalies Tester. Also, this is always just an extract of all
used consistently as a rule, guideline, or defi- relevant standards. An overview to all publica-
• …
nition“. tions is not available.
In addition, numerous standards exist which
In Wikipedia, standard is defined as “relatively We contribute to part of the missing overview
are published by other national and interna-
uniform or standardized, widely approved and over the variety of different standards:
tional organizations: For example ISO 9126
mostly applied (or at least this is the aim) way
for the definition of software quality charac- A regular search is carried out only by 42%
to produce or execute something which has as-
teristics, or DIN EN ISO 9001, etc. of the interviewees. Most of them indicated to
serted itself compared with other ways”.2
Presently through the ISO/IEC JTC1 / SC7 find changes / updates in the area of the test
Let’s extract a few concepts from the above standards only by chance. None of the inter-
Workgroup 26, a new international standard
definitions and approach the question “Curse viewees were members of the publishing inter-
ISO/IEC 29119 Software Testing is being
or Blessing”: national organizations (e.g. IEEE).
developed, which will probably substitute
Published standards some of the existing standards (IEEE 829 Test
Assertion or avoidance
Documentation, IEEE 1008 Unit Testing, BS
Let’s first look at the term “published”. 7925-1 Vocabulary of Terms in Software Test- Have published standards really “asserted”
The Institute of Electrical and Electronics En- ing, BS 7925-2 Software Testing, Software themselves according to the above definition?
gineers (IEEE) has more than 375,000 mem- Component Testing) and is planned to be be
Where products are concerned, standardiza-
bers in more than 160 countries and has pub- presented in 2012 as the “Final International
tions in the production process have found
lished more than 1300 standards (31.12.2007); Standard“. The objective is to develop an in-
their way in: Our worldwide credit card usage
many of these belong to the area of testing and ternational standard for testing software in all
is only possible because the credit card manu-
1 In this case, the questionnaire carried areas, from the analysis to design, develop-
facturers follow a standard with regard to the
out from June to July 2009 was a non representative ment and maintenance of software products.
physical characteristic and the format of the
questioning among customers.
Missing overview cards.
2 As opposed to the norm, a standard does
not go through several stages of official standardiza- Nevertheless, in spite of standardized prod-
Obviously, there are enough publications of
tion procedure, for example by international organiza- ucts, the standard itself can also be avoided.
tions (ISO, IEC, ANSI etc.) as carried out for this test standards that anyone can have access to.
The difficulty here is getting an overview of The QWERTY standard describes the layout
purpose. This article does not distinguished between
the terms standard and norm, and the term standard the variety of standards (including those which for English-language computer keyboards and
will be uniformly used throughout. typewriters. This name is derived from the first
g
s
n
y
g
s
io
g
in
ie
io
lit
w
in
ry
in
at
t
al
at
ua
es
ie
st
la
t
t
es
m
en
lid
ev
Te
bu
tT
Q
no
tT
Va
R
m
ca
ct
ni
e
-A
u
en
W
ar
du
U
Vo
oc
d
W
ftw
rS
an
n
W
ro
D
po
rS
g
P
rS
So
fo
in
n
st
om
fo
tio
SW
st
Te
28
fo
9
Te
ica
n
11
10
8
tio
W
6
0
rif
e
29
2
ca
10
rS
ar
d
ar
91
Ve
St
ftw
ifi
C
ftw
fo
d
ss
/IE
St
W
E
So
9
So
IS
E
la
rS
82
O
E
IE
C
-2
E
IS
1
fo
d
-
IE
4
25
25
St
2
10
79
1
79
E
10
E
BS
BS
IE
St
d
St
E
E
E
IE
E
IE
References:
[Kaner, 2002] Kaner, C. (2002) Requirements for Test Documentation
[BSI, FAQ 2009] http://www.standardsuk.com/FAQs.php
[C. REID, 1995] Reid, Stuart C. (1995) Software Testings Standards – do they
know what they’re talking about?
Theme:
Managing the Testing Process
My career in software testing probably started time. A commonly recognized definition sug- atory testing was equally effective in expos-
like some of you. I relied on domain knowl- gested by James Bach is “Simultaneous learn- ing all categories of defects, or if it is more
edge and some intrinsic traits such as problem ing, test design, and test execution; any testing efficient in exposing a particular category of
solving, critical thinking, curiosity about how to the extent that the tester actively controls defects? Essentially, I wanted to better under-
things worked, and creativity to find bugs in the design of the tests as those tests are per- stand some of the benefits and limitations of
software. I didn’t have any formal training, formed …” So, whether we call it exploratory exploratory testing based on empirical studies
and my only knowledge of software testing testing or not we all do it to some extent, and rather than anecdotal evidence so we could
was gathered from glancing over a few chap- it may be applied differently because there is learn how to use it more effectively in our soft-
ters of a book, and some sporadic direction not one single way to engage in exploratory ware testing process.
from my managers and leads. Learning how testing.
So, in 2002 I began a series of experiments in
to test was mostly trial-by-fire, and testing fo-
Questioning Exploratory Testing our new tester training program at Microsoft
cused on bug finding by designing a variety
intended to help me answer 2 questions about
of negative tests on the fly, asynchronously When I really started studying practices in our exploratory testing:
executing those tests, gathering and evaluating profession I learned about Boris Beizer’s first
the information, and learning more about the law - The Pesticide Paradox. The Pesticide 1. Does a knowledge and practiced appli-
product and patterns of problems. Paradox is a metaphor that suggests no single cation of formal systematic testing tech-
approach to testing is effective in exposing niques such as equivalence partition test-
My professional career at Microsoft began in
all categories of defects, and that the effec- ing, combinatorial testing, and boundary
1994 testing Windows 95; mostly focusing
tiveness of a single approach to testing wears testing increase the effectiveness of ex-
on the East Asian language versions. When
out over time. I also began reading books on ploratory testing and test design?
I started at Microsoft I was already familiar
with a few classic attacks using double-byte software testing by experts such as Glenford 2. Is there evidence to support the claim that
encoded character sets (DBCS), and those at- Myers, Boris Beizer, and Robert Binder. These “exploratory testing is orders of magni-
tacks exposed countless bugs. It was almost early pioneers of the software testing profes- tude more effective than scripted test-
too easy! But then the developers learned to sion studied fault models and categories of de- ing?”
prevent these types of bugs and my attack pat- fects, and then used heuristics and other prob-
terns became less effective. I had learned more lem solving approaches to develop patterns Interestingly enough, while conducting these
about the internal workings of the Windows or techniques that are effective in identifying experiments over the past 7 years I discovered
operating system and I designed new tests, specific types of problems. I also learned that others in the industry and academia who were
executed more tests, and found lots of pretty some approaches to testing are more effective conducting similar studies. Although the in-
cool bugs. In fact, my bug counts were so high than others in exposing different types of de- ternal Microsoft study used reasonably simple
the VP of Windows rewarded me and other top fects in software. software simulations, the external studies used
performers with tickets to the Rolling Stones’ publically released software. Surprisingly,
There are numerous papers and talks on the these different studies carried out around the
Voodoo Lounge Tour at the Seattle Kingdome perceived benefits of exploratory testing as
in December of that year. world on different types of products had very
an approach to software testing. However, similar results and conclusions. And, the gen-
Much of my early testing was based on ex- the benefits of exploratory testing are mostly eral findings of these studies are also nearly
ploratory testing approach, and it shouldn’t based on emotional reaction rather than de- identical to the results reported in a case study
be a surprise to anyone that exploratory test- monstrable evidence. I always questioned involving 3 separate software companies. Of
ing is probably the single most common ap- these claims; not because I don’t appreciate course, studies such as these rely on control
proach used in software testing. Perhaps this the value of exploratory testing approaches, groups and the results and the conclusions
is because many practitioners in our field ap- but because while this approach to testing has are based on the observations of these con-
proach software testing as a purely destructive found a lot of important bugs it also missed trol groups. However, since these findings are
process, and exploratory testing can be a very many important bugs as well. Basically, I very similar I think we are beginning to better
effective approach in designing negative tests didn’t buy into the idea that exploratory testing understand the benefits and limitations of the
on-the-fly. Cem Kaner initially coined the term was a revolutionary approach to testing, and exploratory testing approach.
“exploratory testing” and the definition of ex- I wanted to study exploratory testing to learn
ploratory testing has somewhat evolved over more about it. I wanted to discover if explor-
The testers who participated in the Microsoft • Slightly less than 45% of the tests de-
multi-year study ranged from less than 1 month signed by the untrained testers effectively
to more than 6 years of experience in software evaluated the critical computational logic
testing. In the first 2 years of this study the av- in the program
Figure 2
erage experience of tester’s was slightly over • Test effectiveness increased post training,
Key findings by Marne Hutcheson include: 2 years, but in subsequent years the average but still failed to adequately evaluate all
• Only 1 of the 25 seeded bugs in the data- experience has dropped to less than 6 months. critical paths
base was found by the untrained testers, Interestingly, our initial findings indicated the
more experienced testers who lacked formal • Less than a 10% probability of untrained
and 21% of the untrained testers found 0 testers identifying a critical seeded bug.
bugs during exploratory testing training in testing concepts tended to raise is-
sues such as globalization, performance, secu- • There was more than a 65% probability
• Testers found 15 of the 25 seeded bugs rity, compatibility, etc. during their initial test- of trained testers finding a critical seeded
in the database after trained to use a table ing. These areas are important; however, they bug.
driven testing approach were tangential to the specific testing goals
outlined in the study. These results may indi- • Almost one quarter of tests executed by
• The table driven testing approach by untrained testers tended to focus on user
cate testers have a tendency to engage in con-
trained testers found almost 60% more interface elements and the software be-
text-free exploratory testing in hopes of find-
errors as compared to an exploratory test- havior, and 96% of these tests focused on
ing a bug rather than focus on specific goals.
ing approach by untrained testers. usability aspects.
It could also indicate that exploratory testing
• Exploratory testing by untrained testers may lead testers to try to cover many differ-
• 80% of the untrained testers incorrectly
found slightly more Severity 1 type prob- ent things in a limited amount of time rather
misidentified specific boundary values
lems in the client than correctly prioritizing testing objectives.
However, in general we found that experience Based on the results of this study conducted
Based on her study, Marne Hutcheson con- over the past 7 years in several countries, I
as a tester without any prior formal training in
cluded: reached the following conclusions:
software practices had no significant impact
• “Exploratory testing tends to trigger is- on their ability to adequately evaluate our im-
• Testers with no formal training in testing
sues through spot negative testing.” plementation of the triangle program.
methodologies and approaches tend to be
• “Exploratory testing is not useful in sys- Following two consecutive days of training on less effective as compared to trained tes-
tematically identifying or predicting the functional testing techniques, each group of ters regardless of experience in practice.
prevalence of a particular category of testers was given a brief but clear requirement (Practice doesn’t make perfect; perfect
defect.” statement, a simulation similar in size and practice makes perfect!)
AB OU T T H E AU T H ORS
Alan Page has been a software tester for more than 14 years,
including more than 12 years at Microsoft Corporation.
Ken Johnston is group manager for testing in the Microsoft
Office business group.
Bj Rollison is a Test Architect in the test excellence organization
at Microsoft.
Authors’ website: http://www.hwtsam.com
Bibliography
The Venerable Triangle Redux. Bj Rollison, STARWEST 2005
Do Test Cases Really Matter? An Experiment Comparing Test Case Based and Biography
Exploratory Testing. Juha Itkonen, Licentiate Thesis, Helsinki Univ. of Technol-
ogy, 2008 Bj Rollison is a Principal Test Architect
with Microsoft’s Engineering Excellence
Exploratory Testing: A Multiple Case Study, Juha Itkonen, Proceedings of the In- group where he designs, develops, and
ternational Symposium Empirical Software Engineering, 2005 teaches technical training to Microsoft’s
Exploratory Testing Versus Requirements Based Testing: A Comparative Study test and development engineers. Bj got
Marnie Hutcheson, PSQT Conference 2007 his first computer in 1979 and taught
himself Q-Basic. He started his profes-
Exploratory Testing: A Workshop in Risk-Based Testing, Stale Amland 2002 sional career at a small OEM company in
Japan in 1991 building custom hardware
Exploratory Testing, Erik van Veenendaal, Improve Quality Services BV, 2002
solutions for small businesses. In 1994
he joined Microsoft and worked on sev-
eral key projects including Windows 95
and Internet Explorer, and also served
as the Director of Test responsible for
managing the training programs for more
than 9000 testers. In 2003 Bj decided
his passion was teaching and mentor-
ing testers and became a Test Architect
in Microsoft’s Engineering Excellence
group. Bj also teaches software test-
ing and test automation courses at the
University of Washington, sits on the
advisory boards at the University of
Washington, the University of California
Extension Santa Cruz, and Lake Wash-
The Magazine for Agile Developers and Agile Testers ington Technical College. Bj is a frequent
speaker at international conferences,
Pantone Process Blue U C. 100 // M. 0 // Y. 0 // K. 10 and is co-author of “How We Test At
Pantone 2955 U C. 100 // M. 45 // Y. 0 // K. 37
Microsoft.”
check out at
www.agilerecord.com
Since its launch in 1998, Sogeti’s Test Process relative strengths and weaknesses; the model
Improvement® has offered logical and prac- also provides a roadmap for reaching specific In more detail: a retrospective view of
tical steps to enhance test efficiency and ef- business, IT or test goals. the original model
fectiveness, and moreover, to instil a belief in
achieving a permanent improvement cycle. We kept the strengths The original TPI® model looked at
the test process from different points
But, as in most things in life, there is always Clarifying the Key Areas of view, for example the use of test
room for improvement. In over a decade of Each test process can be divided into a com- automation, test specification tech-
use, our customers, colleagues and Sogeti’s bination of coherent aspects called Key Areas. niques and reporting. These are called
own testing consultants have gathered a huge Integral to the original model, we have made Key Areas. Examination of each Key
amount of experience and best practices in ap- some changes to the Key Areas - TPI NEXT Area leads to a classification of the test
plying TPI ‘in the field’. This experience, cou- identifies 16 – and the most important changes process at certain Levels of Maturity.
pled with a changing IT environment and tech- are explained here: The ascending levels improve in terms
nology developments, has been the driver for a of time (faster), money (cheaper) and/
completely updated version of the model. • We combined ‘Life-cycle model’ and or quality (better). For example, for the
‘Test process management’, since they Key Area ‘Reporting’ defined Levels A
Developed by Sogeti TPI experts from several showed a great deal of similarity;
countries, with support from other colleagues through to D.
and the active involvement of customers • The goal of TPI NEXT is to achieve a cer-
worldwide, the result is TPI® NEXT: Test Pro- tain result from optimizing a test process. Key Areas and Levels are not equally
cess Improvement has itself been improved. It The scope of the test process improve- important for the performance of the
is a powerful next step in the evolution of test ment may cover all or any of the evalu- complete test process, and dependen-
process improvement, as it takes as its start- ation and test activities within the Soft- cies exist between the different Key
ing point the close alignment with business ware Development Life Cycle (SDLC). Areas and Levels. Therefore they are all
drivers, while leveraging the strengths of the Because the scope or focus of TPI NEXT mutually linked in a Test Maturity Matrix.
original model. cannot be a Key Area as well, the Key Ar-
eas ‘Evaluation’ and ‘Low-level testing’ To ensure that the classification of
The TPI® NEXT model – an overview have been removed; Levels is done objectively, Checkpoints
(being requirements) are assigned to
The TPI NEXT model is used to analyze the • The original Key Area ‘Commitment and each Level. If a test process passes all
current situation of a test process, showing its motivation’ addressed two distinct suc- the checkpoints at a certain level, then
cess criteria for any test process. We the process is classified at that level.
Test maturity matrix believed commitment of stakeholders
to be so essential for the success of test In addition to mapping the current situ-
projects that we created a completely ation of the test process, Key Areas and
Key Areas
the new Key Area ‘Stakeholder commit- Levels can also be used to define the re-
ment’. Motivation has been integrated quired situation and intermediate steps
within the Key Area ‘Tester profession-
Clusters
Figure 2. The elements of the original TPI model All Checkpoints have been reassessed
Expectations for each of the Key Areas are defined by Checkpoints for
each maturity level (except for the ‘Initial’ level). A Checkpoint is an
objective statement that can be confirmed by a simple ‘yes’ or ‘no’. TPI
Maturity levels have been redefined NEXT contains 157 Checkpoints across the 16 Key Areas and 3 main
As each Key Area can have a different level of maturity, it is the com- Maturity Levels.
bination of the Key Areas which defines the maturity of the test process
as a whole. TPI NEXT has 4 Maturity Levels for each Key Area, char- Example: A Checkpoint for Key Area ‘Test process manage-
acterizing the test maturity: ment’ at the Controlled level
• Initial: Ad hoc activities
At the start of the test project, a test plan is created. The test
• Controlled: Doing the right things plan includes at least the test assignment, the test scope, the
test planning, roles and responsibilities.
• Efficient: Doing things the right way
• Optimizing: Continuously adapting to ever-changing circumstanc- Improvement suggestions have been updated
es.
For each Maturity Level per Key Area, we have provided Improvement
Compared with the original model, visualizing the maturity of the test suggestions, which describe hints and tips for reaching a specific Ma-
process is now much clearer. With the original model, the levels (A to turity Level. Checkpoints that have not been met should definitely be
D) could be spread across the levels Controlled, Efficient and Optimiz- looked at to reach the Maturity Level, but while Checkpoints describe
ing. In TPI NEXT, all Key Areas comprise the 4 Maturity Levels. what needs to be reached, it is Improvement suggestions that describe
how this can be done.
Key areas
Initial Controlled Efficient Optimizing
1 Stakeholder commitment 1 2 3 4 1 2
Maturity levels3 1 2 3
2 Degree of involvement 1 2 3 4 1 2 3 1 2
3 Test strategy 1 2 3 4 1 2 3 1 2
4 Test organization 1 2 3 4 1 2 3 4 1 2 3
Checkpoints
5 Communication 1 2 3 4 1 2 3 1 2
6 Reporting 1 2 3 1 2 3 1 2
7 Test process management 1 2 3 4 1 2 3 1 2
8 Estimating and planning 1 2 3 4 1 2 3 4 1 2 3
9 Metrics 1 2 3 1 2 3 4 1 2
10 Defect management 1 2 3 4 1 2 3 4 1 2 3
11 Testware management 1 2 3 4 1 2 3 1 2 3
12 Methodology 1 2 3 1 2 3 4 1 2
13 Tester professionalism 1 2 3 4 1 2 3 4 1 2 3
14 Test case design 1 2 3 1 2 3 4 1 2 3
15 Test tools 1 2 3 1 2 3 4 1 2 3
16 Test evironment 1 2 3 4 1 2 3 4 1 2 3
Figure 3. An example of a ‘current’ situation displayed in the Test Maturity Matrix
Define
improvements
Evaluate and Make a plan
redirect of action
Implement
Process-driven TPI NEXT: improving the full breadth of testing to accomplish this, some ways are better than others, and we provide
proven suggestions to help. It all starts with applying some generally
For straightforward improvement, we have created a base clustering, il-
acknowledged best test practices: think before you start, involve the
lustrated in Figure 4. The improvement of the test process is regarded as
appropriate people in this thinking, and monitor the actions agreed.
a general improvement process, in which no one single business driver
Checkpoints addressing these first basic best practices together make
is predominant. To try and reach the Controlled level in one step would
up Cluster A.
be, in our experience, usually a leap too far!
Next, pay more and more attention to the details involved in managing
What is more, to make any improvement process successful, you need
the test process and the actual test activities. The Checkpoints for this
to celebrate successes on a regular basis. Although there’s no one way
next step are grouped together in Cluster B. Clusters C, D and E rep-
1 Stakeholder commitment A B B C F H H K M M
2 Degree of involvement A B C E H H J L L
3 Test strategy A A B E F F H K L
4 Test organization A D D E I I J J K L L
5 Communication B C C D F F J M M
6 Reporting A C C F G G K K
7 Test process management A A B B G H J K M
8 Estimating and planning B B C C G H I I K L L
9 Metrics C C D G H H I K K
10 Defect management A A B D F F H J K L L
11 Testware management B B D E I I J L L L
12 Methodology C D E F H J J M M
13 Tester professionalism D D E E G G I I K K M
14 Test case design A A E F I I J K K M
highlighted)
15 Test tools E E E F G G I L M M
16 Test evironment C D D E G H J J L M M
6 7
June, 2009 September, 2009
The Magazine for Professional Testers The Magazine for Professional Testers
printed in Germany
printed in Germany
print version 8,00 €
www.testingexperience.com
ISSN 1866-5705
ISSN 1866-5705
Agile Testing
Security Testing
© iStockphoto/alexandru_lamba
© iStockphoto/Mlenny
Please fax this form to +49 (0)30 74 76 28 99, send an e-mail to info@testingexperience.com
or subscribe at www.testingexperience-shop.com:
Billing Adress
Company:
VAT ID:
First Name:
Last Name:
Street:
Post Code:
City, State:
Country:
Phone/Fax:
E-mail:
32,- € 60,- €
(plus VAT & shipping) (plus VAT & shipping)
The world’s leading Sogeti’s new book, TPI® NEXT, Business How TPI® NEXT can help your test organization
Driven Test Process Improvement written — Develop a clear improvement path to
approach for improving by Sogeti test experts and validated improve quality, reduce time and save costs
test processes... has by extensive customer field tests, builds
— Ensure processes support the most
on the strengths of the successful original
now been enhanced! model and provides invaluable insight important business drivers
and recommendations on the maturity — Gain a better understanding of the
of an organization’s test processes. correlation between testing and other
What’s new about TPI® NEXT? software development processes.
— Key focus on alignment with business
drivers is at the heart of the model Order your copy now!
— Reflects Agile and Outsourcing changes Available from 17 November 2009 from
in testing environment
specialist publisher UTN at www.utn.nl
— New ‘Enablers’ to identify the impact on or contact Sogeti at tpi@sogeti.nl.
broader Software Development Lifecycle
TPI® NEXT an indispensable step-by-step
— Clear maturity levels – Controlled, guide to improving your organization’s
Efficient and Optimizing testing processes.
— Easy-to-view representation
for business management. www.sogeti.com
© iStockphoto.com/Zemdega
A Community
over 110,000 C
Are you on the
www.ist
*March44
2009 The Magazine for Professional Testers www.testingexperience.com
y Worldwide!
Certifications*
e right track?
tqb.org
www.testingexperience.com The Magazine for Professional Testers 45
ings can be realized by acquiring and maintaining scarce resources, saving test costs.
like skilled test specialists, test environments, and test tools within
• Metrics; as with reporting, basic metrics are necessary to provide
the line organization, and then providing them as a service to other
support for saving costs. But while more intense use of metrics
projects as required.
provides more detailed control of test process management, it does
• Degree of involvement; many problems in the development pro- not contribute to cost reduction itself.
cess manifest themselves in the test process; typically project costs
• Stakeholder commitment; testing certainly benefits from strong
at the testing phase appear to run out of control. By involving test-
stakeholder commitment in many ways, but saving costs for test-
ing earlier in the development process and allowing testing to in-
ing is not really one of them.
fluence the development project, many of these problems can be
avoided. Sufficient involvement early in the project also results in • Test environment; the management of test environments and test
defects being found sooner, resulting in lower fixed costs and less data can cost a lot of money and often there is a strong desire to
uncertainty about project rework. reduce these costs. In this case, effort should be spent on improv-
ing test environment management.
Conversely, the following 4 Key Areas are usually considered to be
least effective in contributing to test cost reduction: Impact of prioritizing Key Areas on the Clusters
• Reporting; while reporting is important for monitoring costs and Figure 5 below provides a visual presentation of the Clusters. The Key
managing the test process in a cost-effective way, basic reporting Areas have been prioritized into High, Neutal and Low (H, N & L).
will suffice. Improving reporting in itself does not contribute to
Figure 5. Categorized Key Areas for ‘Test cost reduction’ as the business driver
1 Stakeholder commitment x B C C D G I I L M M
2 Degree of involvement x A A B D G G I K K
3 Test strategy x A A A D E E G J K
4 Test organization x A C C D H H I I J K K
5 Communication x B C C D F F J M M
6 Reporting x B D D G H H L L
7 Test process management x A A B B G H J K M
8 Estimating and planning x B B C C G H I I K L L
9 Metrics x D D E H I I J L L
10 Defect management x A A A C E E G I J K K
11 Testware management x B B D E I I J L L L
12 Methodology x C D E F H J J M M
13 Tester professionalism x D D E E G G I I K K M
14 Test case design x A A E F I I J K K M
15 Test tools x D D D E F F H K L L
16 Test evironment x D E E F H I K K M M M
After re-arranging the Checkpoints, the Key Area ‘Stakeholder com- ‘1.E.1’ cannot be part of a Cluster later than ‘3.E.1’ and so moves back
mitment’ has no more Checkpoints in Cluster A. Two dependencies from Cluster G to Cluster E.
have now been compromized: ‘1.C.1’ cannot be part of a Cluster later
The Cluster arrangement for Test cost reduction has now changed and
than ‘3.C.1’, so ‘1.C.1’ moves from Cluster B back to Cluster A, and
is represented in Figure 6:
H N L Initial Controlled Efficient Optimizing Figure 6. Final Cluster re-arrangement for the business driver ‘Test cost reduction’
1 Stakeholder commitment x A C C D E I I L M M
2 Degree of involvement x A A B D G G I K K
3 Test strategy x A A A D E E G J K
4 Test organization x A C C D H H I I J K K
5 Communication x B C C D F F J M M
6 Reporting x B D D G H H L L
7 Test process management x A A B B G H J K M
8 Estimating and planning x B B C C G H I I K L L
9 Metrics x D D E H I I J L L
10 Defect management x A A A C E E G I J K K
11 Testware management x B B D E I I J L L L
12 Methodology x C D E F H J J M M
13 Tester professionalism x D D E E G G I I K K M
14 Test case design x A A E F I I J K K M
15 Test tools x D D D E F F H K L L
16 Test evironment x D E E F H I K K M M M
Conclusion
Business dynamics and drivers change over time and from entity to entity, but TPI
NEXT is highly flexible and adaptable, and can work independently or in sync with
other test methodologies, including of course Sogeti’s own TMap.
By putting the business drivers at the heart of the new model, we have seen very
clear benefits; a clear improvement path understood and endorsed by the business,
optimization of test processes in line with the most important business drivers, and
a better understanding of the correlation between testing and adjacent software de-
velopment processes. We believe that our enhancements make TPI®NEXT an in-
dispensable step-by-step guide to improving your organization’s testing processes.
More information on TPI NEXT can be found at www.tpinext.com. Copies of
TPI®NEXT are now available from specialist publisher UTN at www.utn.nl or
contact Sogeti at tpi@sogeti.nl.
Biography
Bert Linker has over 12 years testing
experience, in the Netherlands and other
countries, as test consultant, test man-
ager and senior trainer of test topics and
methodologies. He has gained his knowl-
© iStockphoto.com/ Andresr
www.testingexperience.com
Biography
Koray Yitmen has been working as a Managing Partner at Keytorc Software Testing
Services ( www.keytorc.com ) since 2004. He is a board member of ISTQB (Interna-
tional Software Testing and Qualifications Board), and he is the President of the Turkish
Testing Board. Formerly, he worked as a consultant in various technology and business
consulting projects for local and international clients during his engagement at Ander-
sen, Accenture and Booz Allen Hamilton. He holds a B.Sc. degree in Computer Science
from Middle East Technical University, Turkey and MBA degree in Entrepreneurship from
Babson College, USA. He has published many articles about software testing and given
speeches at many software testing conferences. He is a strong supporter of the impor-
tance of software testing and tries to achieve his vision through conducting seminars
and workshops at various non-profit organizations.
50 The Magazine for Professional Testers www.testingexperience.com
.%5
'RAHAM "ATH *UDY -C+AY
0RAXISWISSEN 3OFTWARETEST ¯
4EST !NALYST UND
4ECHNICAL 4EST !NALYST
!US
UND 7EITERBILDUNG ZUM #ERTI½ ED 4ESTER ¯
!DVANCED ,EVEL NACH )341"
3TANDARD
3EITEN &ESTEINBAND
E $
)3".
$AS "UCH DECKT SOWOHL FUNKTIONALE ALS AUCH TECHNISCHE
!SPEKTE DES 3OFTWARETESTENS AB UND VERMITTELT DAMIT DAS
NOTWENDIGE 0RAXISWISSEN F~R 4EST !NALYSTS UND 4ECHNICAL
Â%RSTES DEUTSCHES "UCH ZUM -ODUL 4EST !NALYSTS ¯ BEIDES ENTSCHEIDENDE 2OLLEN IN 4ESTTEAMS
Â4EST !NALYST UND 4ECHNICAL 4EST !NALYST±
DES )341"