software testing services
Rex Black Consulting Services | software testing experts providing consulting, outsourcing, and software training
CALL US TODAY
(866) 438-4830
ISTQB certification testingISTQB certification testing ISTQB certification testing
PMI

Archive for October, 2010

 

System Integration, Quality Risks, and Implications for Testing

Thursday, October 28th, 2010 by Rex Black

More and more projects involve more integration of custom or commercial off the shelf packages, rather than in-house development or enhancement of software.  In effect, this is direct (under contract) or indirect (market purchase) outsourcing of some of the development work. 

While some project managers see such outsourcing of development as reducing the overall risk, each integrated component can bring with it significantly increased risks to system quality.  Let’s take a look at each factor that can increase risk to system quality, and then talk about strategies for mitigating such risks.

One factor that increases risks is coupling, which creates a strong interaction with the system—or consequence to the system—when the component fails.  Another factor that increases risks is irreplaceability, when there are few similar components available.  To the extent that the component creates quality problems, you are stuck with them. Yet another factor that increases risks is essentiality, where some key feature or features of the system will be unavailable if the component does not work properly.  The final factor that increases risks is vendor quality problems, especially if accompanied by slow turnaround on bug fixes. If there is a high likelihood of the vendor sending you a bad component, the level of risk to the quality of the entire system is higher.

How can you mitigate these risks?  I have seen and used various options.

One is to integrate, track, and manage the vendor testing of their component as part of an overall, distributed test effort for the system.  This involves up-front planning, along with having sufficient clout with the vendor or vendors to insist that they consider their test teams and test efforts subordinate to and contained within yours. When I have used this approach, it has worked well.

Another option is simply to trust the vendor component testing to deliver a working component to you.  This approach may sound silly and naive, expressed in such words.  However, project teams do this all the time.   My suggestion is, if you choose to do so, do so with your eyes open, understanding the risks you are accepting and allocating schedule time to deal with issues.

Another option is to decide to fix the component vendor testing or quality problems.  On one project, my client hired me to do exactly that for a vendor.  It worked out nicely.  Again, though, your organization must have the clout to insist that you be allowed to go in and straighten out what’s broken in their testing process and that they have time allocated to fix what you find.  And don’t you have your own problems to attend to?  As such, this is an ideal job for a test consultant.

A final option, especially if you find yourself confronted by proof of incompetent testing by the vendor, is to disregard their testing, assume the component is coming to you untested, and retest the component.  I’ve had to do this, notably on one project when the vendor sold my client an IMAP mail server package that was seriously buggy.

Both of the last two options have serious political implications.  The vendor is unlikely to accept your assertion that their testing is incompetent, and will likely attack your credibility. Since someone made the choice to use that vendor—and it may have been an expensive choice—that person will likely also side with the vendor against your assertion.  You’ll need to bring data to the discussion.  Better yet, see if you can influence the contract negotiations up front to include proof of testing along with acceptance testing by your team prior to payment.  It’s amazing how motivational that can be for vendors!

With the risks to system quality managed at the component level, it’s still possible to make a serious mistake in the area of testing.  Remember that even the best-tested and highest-quality components might not work well in the particular environment you intend to use them in.  So, plan on integration testing and system testing the integrated package yourself.

Tags: , ,
Posted in risk based testing, software quality, software test outsourcing, software testing | No Comments »

The Future of Test Management

Thursday, October 21st, 2010 by Rex Black

The smart test manager plans for the future.  These plans should cover not only the current project, but also the current decade.  How will you succeed as a test manager in the 2010s decade? Here are ten things you must learn to do:

  1. Connect testing to business value, including measuring effectiveness and efficiency against strategy goals;
  2. Manage testing on outsourced projects, including outsourcing of testing and outsourcing on Agile projects;
  3. Perform system integration testing on systems-of-systems projects effectively;
  4. Test systems that include open source software, and use open source tools;
  5. Test integration of new systems with legacy systems, and test the maintenance of legacy systems;
  6. Test effectively and efficientlywhen there’s too much testing work, too little time, and too few resources;
  7. Deal with the tester “skills gluts” that are created by outsourcing and crowd-sourcing, with millions of entry-level testers;
  8. Deal with the tester “skills shortages” that are created at the upper end of the skills triangle by these entry-level testers, especially in developing regions;
  9. Choose the right certifications, including security, tools, ISTQB, technology, and more;
  10. Manage testing on iterative and Agile projects.

The smart test manager who can do these ten things will be in a strong position to succeed as this decade unfolds.  Hear more about the future of test management here.

Tags: ,
Posted in software test management, software test metrics, software test outsourcing, software test skills, software testing | 6 Comments »

Software Testing Podcast

Monday, October 18th, 2010 by Rex Black

If you enjoy these regular small bites of software testing concepts, you might want to know that we have something very similar in a “to go” package.  Just check out our software testing podcast page.  You can download the podcasts to your MP3 player,  iPod,  iPhone, or other capable smartphone/handheld/pad device, or just play them directly from the page.

Enjoy!

Posted in software testing | 2 Comments »

Selection of Test Design Techniques in Risk Based Testing

Thursday, October 7th, 2010 by Rex Black

In this blog, I have talked a lot about RBCS’ approach to risk based testing, whichwe call the Pragmatic Risk Analysis and Management process. As you know if you’ve followed our videos on risk based testing (e.g., this one), PRAM defines the following extents of testing, in decreasing order of thoroughness:

  • Extensive
  • Broad
  • Cursory
  • Opportunity
  • Report bugs only
  • None

Risk based testing does not prescribe specific test design techniques to mitigate quality risks based on the level of risk, as the selection of test design technique for a given risk item is subject to many factors. These factors include the suspected defects (what Beizer called the “bug hypothesis”), the technology of the system under test, and so forth. However, risk based testing does give guidance in terms of the level of test design (e.g., see here), implementation, and execution effort to expend, and that does influence the selection of test design techniques. The following subsections will provide heuristic guides to help test engineers select appropriate test techniques based on the extent of testing indicated for a risk item by the quality risk analysis process. These guides apply to testing during system and system integration testing by independent test teams.

Extensive

According to the quality risk analysis process template, for risks rated to receive this extent of testing, the tester should “run a large number of tests that are both broad and deep, exercising combinations and variations of interesting conditions.” Because combinational testing is specified, testers should select test design techniques that generate test values to cover combinations. These techniques are either: (a) domain analysis or decision tables; or, b) classification trees, pairwise testing, or orthogonal arrays. The techniques in option (a) are appropriate where the mode of interaction between factors is understood (e.g., rules determining output values). The techniques in option (b) are appropriate where the mode of interaction between factors is not understood or indeed interaction should not occur (e.g., configuration compatibility). For each technique selected, the strongest coverage criteria should be applied; e.g., all columns in a decision table, including the application of boundary value analysis and equivalence partitioning on the conditions in the decision table. The use of these combinational techniques guarantees deep coverage.

In addition, testers should ensure that, for all relevant inputs or factors, tests cover all equivalence partitions and, if applicable, boundary values. This contributes to broad coverage.

Testers should plan to augment the test values with values selected using experience-based and defect-based techniques. This augmentation can occur during the design and implementation of tests or alternatively during test execution. This augmentation can be used to broaden test coverage, to deepen test coverage, or both.

If available, use cases should be tested, and the tester should cover all normal and exception paths.

If available, the tester should use state transition diagrams. Complete state/transition coverage is required, 1-switch (or higher) coverage is recommended, and, in the case of a safety-related risk items, state transition table coverage is also recommended.

In some cases—e.g., safety critical risks, risks related to key features, etc.—the tester may elect to use code coverage measurements for risks assigned this extent of coverage, and to apply white box test design techniques to fill any code coverage gaps detected by such measures.

As a general rule of thumb, around 50% of the total test design, implementation, and execution effort should be spent addressing the risk items assigned this extent of testing.

Broad

According to the quality risk analysis process template, for risks rated to receive this extent of testing, the tester should “run a medium number of tests that exercise many different interesting conditions.” Testers should create tests that cover all equivalence partitions and, if applicable, boundary values. Testers should plan to augment the test values with values selected using experience-based and defect-based techniques. This augmentation can occur during the design and implementation of tests or alternatively during test execution. This augmentation should be used to broaden test coverage.

If available, use cases should be tested, and the tester should cover all normal and exception paths.

If available, the tester should use state transition diagrams. Complete state/transition coverage is required, but higher levels of coverage should only be used if possible without greatly expanding the number of test cases.

If available, the tester should use decision tables, but strive to have only one test per column.

Other than the possible use of decision tables, combinational testing typically should not be used unless it can be done without generating a large number of test cases.

As a general rule of thumb, between 25 and 35% of the total test design, implementation, and execution effort should be spent addressing the risk items assigned this extent of testing.

Cursory

According to the quality risk analysis process templates, for risks rated to receive this extent of testing, the tester should “run a small number of tests that sample the most interesting conditions.” Testers should use equivalence partitioning or boundary value analysis on the appropriate areas of the system to identify particularly interesting test values, though they should not try to cover all partitions or boundary values.

Testers should plan to augment these test values with values selected using experience-based and defect-based techniques. This augmentation can occur during the design and implementation of tests or alternatively during test execution.

If available, use cases should be used. The tester should cover normal paths, though the tester need not cover all exception paths.

The tester may use decision tables, but should not try to cover columns that represent unusual situations.

The tester may use state transition diagrams, but need not visit unusual states or force unusual events to occur.

Other than the possible use of decision tables, combinational testing should not be used.

As a general rule of thumb, between 5 and 15% of the total test design, implementation, and execution effort should be spent addressing the risk items assigned this extent of testing.

Opportunity

According to the quality risk analysis process templates, for risks rated to receive this extent of testing, the tester should “leverage other tests or activities to run a test or two of an interesting condition, but invest very little time and effort.” Experience-based and defect-based techniques are particularly useful for opportunity testing, as the tester can augment other tests with additional test values that fit into the logical flow of the tests. This can occur during the design and implementation of tests or alternatively during test execution.

In addition, testers can use equivalence partitioning or boundary value analysis on the appropriate areas of the system to identify particularly interesting test values, though they should not try to cover all partitions or boundary values.

As a general rule of thumb, less than 5% of the total test design, implementation, and execution effort should be spent addressing all of the risk items assigned this extent of testing. In addition, no more than 20% of the effort allocated to design, implement, and execute any given test case should be devoted to addressing any risk item assigned this extent of testing.

Report Bugs Only

According to the quality risk analysis process templates, for risks rated to receive this extent of testing, the tester should “not test at all, but, if bugs related to this risk arise during other tests, report those bugs.” Therefore no test design, implementation, or execution effort should occur, and it is a misallocation of testing effort if it does.

None

According to the quality risk analysis process templates, for risks rated to receive this extent of testing, the tester should “neither test for these risks nor report related bugs.” Therefore no test design, implementation, or execution effort should occur, and it is a misallocation of testing effort if it does.

Posted in risk based testing, software test management, software testing | No Comments »

 
`