Monday, October 05, 2020
Saturday, March 07, 2009
Monday, July 01, 2002
Appreciation. One gentle voice who encouraged us to release the backlog of entries is Nikhil Joshi of Pune, India. Thank you for your support and encouragement Nikhil, and rest assured that we will try to not get so far behind again.
But ... The content for Postcards from the Revolution is going to take an additional day before we're ready to release it. Please be patient.
This book is a collection of papers that address the full spectrum of testing issues and challenges in rapid development/rapid deployment environments. Although the title implies that this book is about quality and testing of web applications, many of the papers go well beyond that narrow scope.
The papers are divided into five categories:
- Managing for Optimal Time to Market. This categories contains an obligatory paper on high-speed web testing, which does address the key challenges. However, two of the papers are exceptional: Using QA for Risk Management in Web Projects drives home the relationship between QA and project risk, and Establishing Quality Procedures for Incremental Software Development is essential reading for anyone who needs to integrate testing into methodologies such as the Rational Unified Process or any other incremental/rapid development approach.
- Processes. This section of the book has papers covering topics ranging from how to use Extreme Programming to manage project risks to adapting test processes to web applications. In many respects the papers in this section capture the essence of the book's theme.
- Testing from the User's Perspective. This is my favorite section, especially the papers on business oriented testing for e-commerce and the paper titled "Strategic Testing: Focus on the Business". All of the material here reinforces my own experience and observations, and clearly shows the relationships among meeting business requirements, quality and project success.
- Technical Testing. Test professionals will get the most from this section because it provides techniques. My favorite is "Securing E-Business" because this important aspect of testing is usually given superficial treatment (if it's covered at all) in most testing books. Another paper I liked in this section is "The Back-End Side of Web Testing: Integration of Legacy Systems", which is applicable to enterprise application integration and e-business system testing. In addition to papers on testing techniques, other aspects of quality are covered in this section, such as performance monitoring (more aligned to capacity planning and performance management than testing, but certainly applicable to quality and service level management).
- Test Automation Techniques and Tools contains a single paper titled "Automated Testing of mySAP Business Processes". If you're involved in web-enabled ERP or portal quality this paper is a treasure.
Friday, June 28, 2002
The author of this excellent book give a realistic roadmap to achieving CMM levels 2 and 3, which are major hurdles in capability maturity, especially level 2 from a culture-shock point of view.
What makes this book realistic is the way you're lead through the important steps, with a complete focus on what it takes instead of theory. The book starts off with an obligatory overview of the CMM, but quickly segues into the steps needed to attain level 2 (repeatable), which are creating the structures, processes, training program and policies. While each of these are important, I especially like the inclusion of policies because they are necessary to codify goals and are frequently overlooked. This section also includes subcontractor management, which is important for aligning those with whom you are using on projects with your own organizational capabilities. This makes sense because if your organization is repeatable and your subcontractor(s) aren't, then you either need to go shopping for more compatible subcontractors, or get dragged back into ad hoc approaches.
The same approach to graduating to level 3 is used, with slight changes. In the section that covers level 3 the first topic is about focusing on organizational process improvement, followed by an in-depth chapter on defining organization processes. These reflect the key changes between level 2's repeatable goals and level 3's focus on defined processes. After these are clearly and completely explained the same formula - structures, processes, training program and policies - is addressed for level 3.
Following the steps to get to levels 2 and 3, the next section is centered on implementation and assessment. This section prepares you for the assessment process itself, and offers excellent advice on how to get through it. Additional information of value is provided in appendices B (Annotated Level 2 Preassessment Questionnaire) and C (Samples of Level 2 Policies), both of which are provided in PDF format from the book's associated web site.
One key question that needs to be answered: Which is better, this book or CMM Implementation Guide: Choreographing Software Process Improvement by Kim Caputo? My opinion is that both books are equally important and both should be read because they cover two different aspects of attaining CMM levels 2 and above. This book concerns itself with the nuts and bolts of processes, where Caputo's book is more focused on organizational change. I recommend both books, and think that they nicely complement each other.
Thursday, June 27, 2002
Many of the ideas and the approach for this book were born in the author's earlier book, More Process Patterns, which examined the very transition and support requirements in a more generic manner. In fact this book, like the earlier one, is a collection of best practice patterns that cover the transition and production milestones. After an introduction that explains the rationale and approach, the book covers the workflows and patterns in the sequence in which they will occur: testing, deployment and environment, operations and support, project management and infrastructure management.
What makes this book important is that it extends the Unified Process to include the key milestones that account for cost and quality, and goes into great detail about what is required and how to avoid failure. If you work in operations and support you will find the material in this book invaluable - you should also buy copies for key members of the project team that is delivering your system so they have an understanding of and appreciation for the task of supporting their creation. While this book will obviously benefit shops that employ the Unified Process, the information and workflows are equally useful in any development approach.
Tuesday, June 25, 2002
- Data Warehousing Fundamentals. This is one of the best introductory books on data warehousing I've read. The authors make few assumptions of reader knowledge beyond the fact that they are IT professionals who have a technical background that doesn't necessarily include database and data warehouse knowledge. They do assume a basic knowledge of IT operations, project management skills and systems analysis and design - skills that IT professionals are expected to have.
The book is divided into five parts: Overview and Concepts, Planning and Requirements, Architecture and Infrastructure, Data Design and Data Preparation, and Implementation and Maintenance. These follow a development life cycle, making the structure of the book easy to follow.
What I like about this book is it doesn't just cover the theory and concepts (which it does do well), but sets data warehousing in the context of a larger architecture designed to meet specific business requirements. I also like the way the authors address real world issues such as planning and managing a data warehouse project, and the issues and factors surrounding adding a data warehouse into an existing technical architecture. This information is what IT professionals are seeking when they are faced with a technology with which they may not have strong knowledge, and it makes this book useful to the intended audience.
Among the chapters that I most liked are: Principles of Dimensional Modeling, Data Extraction, Transformation, and Loading, and Data Quality: A Key to Success. These capture the essence of data warehousing in my opinion and are topics that IT professionals without a data background need to understand. I also thought that each of the appendices were useful. They provided a finishing touch by covering project life cycle steps and checklists, critical success factors and guidelines for evaluating vendor solutions - each of which provide practical information.
- Data Warehousing and Web Engineering. This is a collection of papers that cover salient issues in data warehousing with an emphasis on business intelligence, data mining and knowledge management applications. While many of the papers in this book are more useful to technical professionals, there is a lot of material that will also be useful to marketing and competitive intelligence specialists in the business domain.
Some of the papers are more basic and introductory, such as "Justification of Data Warehousing Projects", "An Introduction to Information Technology and Business Intelligence" and "Some Issues in Design of Data Warehousing Systems". Some, however, address advanced topics such as "Data Mining Methods Databases and Statistics Point of Views" and "Incremental Data Allocation and Reallocation in Distributed Database Systems".
My personal favorite papers were "Specification of Components Based on the WebComposition Component Model" (reflecting professional interests in component-based development), "Complementing the Data Warehouse with Information Filtered from the Web", and "Using Business Rules Within a Design Process of Active Databases" (another area of professional interest).
In addition, the papers cover topics in data mining, data quality and knowledge management, which means that there is at least a few papers that will intersect with a reader's professional interests. The best audience for this book includes academics (the papers are citable), consultants who specialize in business intelligence and data mining, and organizations that have a solid base of experience with advanced uses of data warehousing.
Monday, June 24, 2002
Don't expect qualitative or quantitative risk assessment methods, or even a risk management process that is almost an obligatory part of most project management books. Do expect the collective wisdom of real people who were interviewed, and their recommendations for dealing with the real risks.
These risks range from misaligned or unwarranted expectations to slippery requirements. If you've managed an IT project many of the risks will be familiar. How the PMs who were interviewed handled them will be illuminating.
Aside from the fact that this is a highly readable book that is packed with wisdom and advice, the appendices also add a considerable value. Appendix 1 cross references the risks (constructs) by theme making it easy to quickly find the solution to a particular issue. Appendix 2 gives 5 hypothetical project profiles that reinforce the information in the body of the book, and Appendix 3 is a collection of strategies from the body of the book.
Regardless of whether you are preparing to manage your first project or are seasoned and battle-scared, this book provides knowledge and advice that you can use.
Saturday, June 22, 2002
It's written as a tutorial that uses two tools, Sensitivity, which is used with the chapters dealing with decisions under uncertainty, and Supertree for developing decision trees related to risk analysis. Instructions on obtaining the student versions of these programs are included in the book. Note that the student version of Supertree accommodates trees with up to 250 endpoints, and the student version of Sensitivity performs sensitivity for up to 12 variables.
My most used text on decision analysis is Making Hard Decisions by Robert T. Clemen. Where that book is more comprehensive, it's also less suitable for the working professional who needs a refresher and a desk reference. Therein lies the main value of this book - it's more aligned to real world problems that you'll find in the workplace and is written to be both a tutorial and a reference.
In the past I gleaned information and techniques from books about managing professional services from the perspective of law firms and other industries - good information to be sure, but fell short of the realities of technical services.
What I like about this book is the complete look at professional service management, with an emphasis on both personnel and cost management. I especially like the way the authors show how to go beyond mere cost management to optimize revenue and profit. The information and strategies they provide reflect extensive experience and a strong focus on the business aspects of professional services. I also like the ties to customer relationship management and various types of services, and the PSA components. This first decomposes the components of professional services management (manual or automated) into the critical success factors, then reconnects them into a coherent whole.
Although this book is about automating professional services management, most of the information, especially part 2, can be used effectively without automation. Therein lies the main value of this book and the reason why I think it's simply the singlemost important book a professional services manager can have. In order to get the information collected between the covers of this book you'd have to purchase a pile of related books from other industries, and spend a significant amount of time reading articles and surfing the net. If you are a professional services manager you already know that you don't have time for that. If you're being placed in a professional services management position you need this book.
Friday, June 21, 2002
Regardless of your goals or motivations, the first two chapters helps you to clarify your objectives, decide on the appropriate business model and mission statement, and introduces key concepts that will be used throughout the book. One of the most effective techniques in this section of the book is the way the authors lead you through framing your mission and goals and employing a service alignment risk factor to test the clarity of your mission and how it aligns to other business processes. This is especially important if technical services is not your core business.
Chapters 3 and 4 are, in my opinion, the heart of the book because they address revenue and profitability, and organizational structure - two areas with which many companies struggle. The information in these chapters will show you what you need to do to become and remain profitable, as well as how to best organize your resources to deliver in accordance with your chosen business model. For start-ups Chapter 3 provides an excellent framework for business plan pro formas. Chapter 5, Selling, thoroughly covers the critical success factors and metrics for selling services.
In chapters 6 through 8 services delivery, productizing and promotion are given the same thorough and insightful treatment. Of particular value is the customer engagement workflow that is provided in Chapter 11, and the four phases of professional services given in chapter 12. The phases provide a path by establishing basic implementation services as a service offering, then building upon these to provide integration services, consulting services and productized services - each phase represents an increase in what you offer customers (external or internal). For each of the phases the authors address the following factors: value proposition, profitability triangle focus, critical skills, required operational infrastructure, target mix, revenue growth rate, target gross margin and target operating profit.
I like the way that these (and all of the chapters) end with sample budgets and issues to watch, and the key financial models provided in Appendix D.
You can get more information about this book, including associated articles and PowerPoint presentations, from the author's webpage.
Wednesday, June 19, 2002
Integration is assumed to be within the context of ERP systems, which are enterprise-wide in scope. The level of detail is kept reasonably high so that both audiences can easily grasp the key issues and understand the challenges and needs of the other. What I like about the book is the fact that it never loses sight of business requirements, and the manner in which it stays focused on quality and real world issues. I also like the way case studies are used to reinforce some of the more abstract aspects of enterprise integration.
Highlights of this book that will interest both business and IT include:
- Totally Integrated Enterprise Goals and Agile Enterprise, which give a business framework for the technology solutions that are discussed later in the book.
- Methodology for Understanding Enterprises, which places integration and technology into the context of meeting business requirements.
- Business Development and Product Management, which provide insights to IT about the challenges that their business constituents face and their support requirements.
If you are seeking a book about deciding whether of not to implement an enterprise-wide system I recommend Enterprise Resource Planning Systems: Systems, Life Cycle, Electronic Commerce, and Risk by Daniel Edmund O'Leary. If you are more interested in an implementation methodology I recommend E-Business and ERP: Rapid Implementation and Project Planningby Murrell G. Shields.
Sunday, June 16, 2002
I like the complete coverage of both transaction and queuing approaches, and the vendor-specific information that includes Microsoft's .NET and Sun's Java, as well as everything in between. The sections database middleware and middleware performance are especially valuable because they are more generic and applicable to a wider audience than the MS- and Java-centric sections.
While individual papers have a slight vendor bias, the book as a whole is vendor neutral. This is not a book for learning about middleware as much as a good description of what's currently available and their strengths and weaknesses. If you are looking for a more general book I recommend Chris Britton's IT Architectures and Middleware: Strategies for Building Large, Integrated Systems for the fundamentals, and David Linthicum's B2B Application Integration for a detailed text on how to employ middleware in practice. However, this book will give vendor-specific details and a more up-to-date view of middleware that are missing from Britton's and Linthicum's books. If you're a system architect or consultant this book is an excellent desk reference.
Saturday, June 15, 2002
The chapter on engineering change control stands out because this aspect of both data structures and process change management are not covered (or only lightly touched upon) in other ERP references. This chapter and its companion on implementing change add significant value to the book and reflect mature and best practices. I also liked the chapter on new product introduction and custom manufacturing because these aspects of the manufacturing process come with a different set of challenges and requirements from steady production processes.
Regardless of whether you're using SAP, Baan or another ERP package (or are developing custom applications to automate manufacturing materials management) this book will expose the relevant details of the data structures, which are the foundation of any application.
Friday, June 14, 2002
Each section is devoted to carefully chosen papers, some of which reflect individual authors' experience. The strength of this approach is that you benefit from a rich diversity of viewpoints and deep subject matter knowledge. The weakness is that some of the material is inconsistent with what precedes or follows in the book.
Since this is a technology-focused book the highlights are that the information is current and reflects issues, methods and technologies that are valid as of the date this review was written. The editors ensured that information that is not commonly used in ERP integration, such as web services, are not addressed. This doesn't imply that web services will not play a future key role (such as in PeopleSoft 8), but that most ERP implementations are integrated using middleware, XML and other methods. The more typical integration methods are covered in great detail, and the sections on database servers and data warehousing are especially informative.
I also like the section on Internet commerce, which covers topics ranging from web-based testing and capacity planning to XML-based B2B commerce - topics that are not commonly found in other ERP texts. The section on project and systems management also contained excellent information, such as the paper titled "Service Level Management Links IT to the Business", which touches upon a critical aspect of integration. Each of the four papers in the Component-Based Development section also included information that should be carefully considered by large enterprises, especially those that are using off-shore development of off-site contractors to develop modules. This section goes into each of the major critical issues, including economic considerations, domain engineering, server-side Java development and object library management.
Some of the information in this book is time sensitive in that it will be rendered obsolete as web services play a larger role in ERP systems (which is already happening in a sense), and XML and/or ebXML emerge as a core component of all of the major packages, such as SAP, PeopleSoft, Baan, etc. If you have a defined architecture or integration group this book will make a good investment because of the wide array of topics covered. If, however, you are seeking a book that provides a methodology or focused technology description this book may not be for you.
Thursday, June 13, 2002
If you are not familiar with system dynamics, it's a methodology for studying and managing complex feedback systems using time graphs and causal loops, and more formal analytical methods such as simulation and exploring alternatives in a structured manner.
This book uses those techniques to align project management processes to software development. The best way to determine if this book is right for you is to answer the following questions:
- Is your core business software development?
- Is your organization at approximately the same level as that described by SEI's CMM for level 3 or above?
- Is there a commitment to implement an integrated process that is driven by the executive or board level and does this commitment have a strong sponsor?
Those who will benefit most from this book are organizations that have found existing PM methodologies to not fully meet objectives. For example, the U.S. standard based on the Project Management Institute's Project Management Body of Knowledge (PMBOK) is too generic for software development, and the U.K. standard called PRINCE2 is not as well suited for product-line and software vendor approaches to development. While the PMBOK and PRINCE2 contain processes and procedures that can be used, the system dynamics approach defined in this book gives a method for selecting, evaluating and integrating the processes and procedures borrowed from these two standards. Moreover, since the CMM and related models identify key process areas for project management, they do not prescribe how they are to be implemented. This book will provide the tools and techniques for tailoring the techniques to PM process areas.
If your objective is to find a book that describes a complete project management maturity model you will be better served by Strategic Planning for Project Management Using a Project Management Maturity Model by Harold Kerzner; if you are looking for an off-the-shelf methodology to use with iterative processes such as the Rational Unified Process I recommend Software Project Management: A Unified Framework by Walker Royce. However, if you are seeking to develop and implement a best-in-class, tailored project management methodology that is seamlessly integrated into your software development processes this book will show you how to achieve that goal.
Sunday, June 09, 2002
- Frameworks and Architectures. Consists of four papers of which I particularly liked Key Concepts in Architecture Definition Languages and Acme: Architectural Description of Component-Based Systems because of professional interests in ADLs.
- Object-Based Specification and Verification. The three papers in this section were focused on narrow topics; however, I gained much from Modular Specification and Verification Techniques for Object-Oriented Software Components. This paper alone made the book worthwhile to me, but this is a subjective remark with which you may not agree.
- Formal Methods and Semantics. Each of the three papers in this section were, in my opinion, valuable. My favorite, Toward a Normative Theory for Component-Based System Design and Analysis, contained a viable framework and approach to component design, which is a topic that receives little coverage in other component-based books.
- Reactive and Distributed Systems. The two papers in this section are interesting in that their topics intersect nicely with the discipline of semantic web engineering. If your interests or work also includes that knowledge area then the papers (Composition of Reactive System Components and Using I/O Automata for Developing Distributed Systems)will 'connect the dots' in a manner of speaking.
The second book is Component-Based Product Line Engineering with UML. Where most books on the subject cover the component-based development life cycle at a high level with an emphasis on the development, deployment and QA aspects, this one is about requirements and design. That is what sets it apart and an important work. It becomes even more important if you are using or trying to adapt the Unified Process to a component-based environment. Obviously if your environment also includes product line development the value of this book increases even more.
The book contains five parts which build upon each other. Part 1 is a thorough, 60-page introduction that compares and contrasts development life cycles, summarizes the approach the book proposes, and the concepts, artifacts and process associated with "KobrA" (a German abbreviation for "Component-based application development".
Part 2 is devoted to component modeling based on the KobrA component model, and covers all aspects in 153 pages. This part ends with an excellent introduction to patterns and UML, which lays the groundwork for the next part. The information in this part drills down into requirements and specifications, which is one of the reasons I cited above that sets this book apart.
In Part 3 (Embodiment) refinement and translation, component reuse and incremental development are covered in detail. Part 4 introduces and covers product line, framework and application engineering. It is here that the KobrA foundation laid in the previous parts begins to become coherent and the viability of the approach becomes apparent.
Part 5 is my favorite because, like Part 2, it gives a view of component-based development that most books gloss over. In particular, the chapters on maintenance and QA are filled with information that reflects the realities of component-based development, and the chapter on quality modeling is among the best treatments of the topic in any book or paper I've recently read. The 60 pages of appendices are also valuable sources of information and knowledge about metamodels, maintenance and process. I found this book to be an invaluable reference and recommend it to anyone who is heavily involved in component-based software engineering in conjunction with product line development.
Tuesday, June 04, 2002
- Applied Statistics for Software Managers. If you're working in SQA or managing software development projects this book is an excellent introductory text to statistical analysis.
What I like about this book is that it's a tutorial on the statistical skills and knowledge that you'll need, and it combines this learning goal with the basics of software metrics and how they can be employed to measure productivity, estimate projects, and manage costs and organizational quality. The core approach is data analysis, and the main tools that the book employs are multi-variate techniques, regression analysis and correlation and sensitivity tests. The author has a talent for clearly explaining a dry subject, and while it will take a good deal of effort to master the material because of its nature, the excellent writing and illustrations will make it easy to quickly grasp statistical fundamentals and put them to use.
The lessons are taught within the framework of four case studies that are realistic and apply to the real world. The case study topics are: productivity analysis, analysis of time to market factors, development cost analysis, and maintenance cost drivers. These cover the full range of both internal development and product-line software engineering. I especially like the inclusion of maintenance costs as a topic of study because this area contributes significantly to total costs of ownership, but is often overlooked.
- Measuring the Software Process. This book contains the keys to meeting core CMM level 5 requirements, which defines key processes for optimizing and continuous improvement, and for achieving 6-sigma processes. However, you need not be striving for either (or both) of these goals to use the techniques and approach in this book to full advantage.
Implementing and employing statistical process controls are the basis of this book. The authors lead you through the steps and techniques necessary to implement and use SPC, starting with background information on processes and a process measurement framework, and moving through topics such as planning your measurement strategy, data collection and analysis, and developing and interpreting process behavior charts using common SPC chart types. The most common controls are x-bar (mean) and r (range) charts. Be aware that any SPC approach requires two conditions to be met:
- defined processes
- the processes are in statistical control (meaning that the data points being measured have settled into a normal distribution that are randomly clustered around a mean and have defined upper and lower control limits)
This book requires knowledge and skills in basic statistical analysis. If you require a refresher I recommend reading Visual Statistics before tackling this book.
Sunday, June 02, 2002
The book is divided into twelve chapters, each of which contains two or more papers written by top experts in the field, including Mark Paulk (of CMM fame), Watts S. Humphrey (creator of PSP and TSP, and prolific author of software engineering process papers), Robert B. Grady (author of three standard references on metrics), and others who key players, but are not as widely known outside of the SPI and SPA community.
Chapter 1 covers software process assessment with an article by Paulk that surveys the more common models for SPI and SPA, and a reprint of Sarah Sheard's excellent article from CrossTalk Magazine titled "The Frameworks Quagmire". Chapter 2 contains three articles on the SW-CMM, which seems to be the centerpiece of this book. Chapter 3, "Other Approaches to Software Process Assessment" contains four articles that add balance by covering non-CMM approaches that are in common use, especially in Europe (Bootstrap). I especially liked the article by David N. Card titled "Sorting out Six Sigma and the CMM", which combines two hot topics. One of the exceptions that I cited at the beginning of this review is the article on Trillium, which in my opinion has been superseded by TL 9000 in the telecommunications industry.
The three articles in Chapter 4 (Software Process Improvement: How To Do It) address common concerns and barriers to any SPI initiative, and each add well thought out ideas, especially Sandra McGill's "Overcoming Resistance to Standard Processes, or, Herding Cats", and William Florac's "Statistically Managing the Software Process".
Watts Humphrey's Personal and Team Software Processes, and CMMI are the key topics in Chapter 5, which covers developments inspired by the SW-CMM. All of Chapter 6's Software Product Evaluation articles were my favorites from among the collection in this book, and I particularly liked Jørgen Bøegh's "Quality Evaluation of Software Products" and Geoff Dromey's "A Model for Software Product Quality" because they go to the heart of key issues in both product line engineering challenges and user acceptance testing.
Chapter 7, ISO 9000 Series and TickIT, is the second exception that I previously noted. Much has changed in ISO 9000 with the 2000 standard, which renders this entire chapter moot in my opinion. I also thought the five articles in Chapter 8, The SPICE Project, would have been a better fit in Chapter 3. The same goes for Chapter 9, Experiences of Software Process Assessment, which is nearly an extension of Chapter 8, and is closely related to Chapter 3.
Two other favorite chapters are 10 (Software Process Improvement for Small Organizations) and 11 (Benefits of Software Process Improvement). Chapter 10's three articles dispell any notion that SPI is only feasible for large organizations, and the three articles in Chapter 11 focus on the benefits of SPI, especially Herb Krasner's article titled "Accumulating the Body of Evidence for the Payoff of Software Process Improvement". I also liked the final chapter, which covers software processes in general, including an excellent article on modeling. I felt that this chapter should have been at the beginning of the book instead of the end.
Overall, this is a book for those of us who are nearly religious about SPI; but is not a good introductory text. It's main value will be to IT consultants who specialize in either SPI or SPA (or both), and who need to be familiar with the mainstream standards and approaches.
Saturday, June 01, 2002
The first book is Translucent Databases. This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.
What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.
This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book. As of this entry the link to the source code is on the site, but the code itself is not yet available. When it is the value of this book will increase even more because of the time it will save by not having to manually create the code from scratch.
If you are new to the cryptographic techniques introduced in this book I recommend Cryptography Decrypted by H. X. Mel and Doris M. Baker, which is one of the best introductions to this complex subject. I also recommend reading Secrets and Lies: Digital Security in a Networked World by Bruce Schneier, which covers the technical, organizational and social aspects of security and gives a clear description of the technical underpinnings discussed in this book.
The second book is XML Security. Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.
Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.
The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.
Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.
Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.
Friday, May 31, 2002
The ideal audience for this book is the new Oracle DBA or UNIX system administrators who have either inherited DBA responsibilities or who want to gain cross-functional skills. Experienced DBAs will find much of this book too basic, and may complain that it doesn't cover the full range of database administration topics.
In my opinion the relatively narrow scope of this book is one of its strengths. Instead of overwhelming the new DBA with hundreds of pages it sticks to the essentials. Another point in its favor is that the author doesn't attempt to go into gory details about how things work (information that you can get from other books as your comfort level and self-confidence improve), but remains focused on what you need to do in order to effectively manage and support an Oracle 9i instance.
While I liked the Getting Started and Some DBA tasks (Sections I and II) that start this book, I especially liked Section III, which covers tuning. This is the essence of what a DBA does, and the basics are well covered. This section also gives some excellent scripts that the new DBA will find invaluable. Section IV, is somewhat useful, but Section V is another favorite because it shows how to begin building your own set of tools, which is the hallmark of an experienced DBA. The scripts that are provided in this section are the foundation of database administration, and will spark ideas for additional and more specific scripts. The value is that you can learn much from what is provided.
Each topic in this book is given a brief 2-3 pages, which makes it somewhat terse. In many cases you'll have to go to other books for deeper explanations, but at least you'll be quickly functional.
If I had to choose a single book with which to get started this would be it. Of course you'll outgrow this as your skills and experience evolve, but it will get you started and does so using good practices and workable techniques.
Thursday, May 30, 2002
In a nutshell, you bring your knowledge of algorithms, data structures and development methodologies, and the book will show you how to apply them to web programming.
Wednesday, May 29, 2002
After a quick introduction to the XML processing the author wastes no time getting to the meat by going into processing types in Sections II (Event-Based Processing), III (Tree-Based Processing) and IV (Declarative Processing). Each of these sections are comprised of chapters and topics that cover the strengths and weaknesses of each approach, common tools and example applications, and tips and techniques.
Section V is focused on Java development, including SAX in Java, DOM in Java and XSLT In Java Applications. This section covers APIs, tools and specific considerations for each topic.
The final section addresses XML processing in detail, and deals with alternative processing approaches (including hybrids of event-, tree- and declarative-based models), schemas, and RSS.
In addition the appendices are informative and add to the value of this book. In particular, Appendix A, A Lightning Introduction to Python, will get seasoned developers up-to-speed (augmented by Appendix C which covers Python XML Packages). Appendix B is a glossary that goes into considerable detail, making it a handy reference.
Sunday, May 26, 2002
- Charles F. Goldfarb's XML Handbook (4th Edition) by Charles F. Goldfarb and Paul Prescod. Goldfarb invented SGML, upon which XML is based and which had a significant influence on the design of HTML. At 1200 pages this book is probably one of the most complete references that one can have. It covers every conceivable topic, ranging from a good description of XML and how it evolved from SGML, to semantic web and web services (each of which are disciplines onto themselves).
Expected topics are given in-depth treatment (XML, schemas, DTDs, datatypes, XSLT, XSL-FO, XLink, XPath, XPointer, XSDL, namespaces, topic maps, RDF, SOAP, UDDI, WSDL and VoiceXML), with a focus on the following:
- integration of XML and the older EDI approaches to e-commerce and extended supply chain systems
- a sound approach to content management - how XML fits into the web services framework
- chapters on important topics such as portals, databases, content acquisition, conversion and publishing
- a series of chapters devoted to tutorials on XML basics, schemas, and transformation and navigation protocols
This is an overwhelming book for beginners, but is a valuable resource for anyone who is deeply involved in web services, XML and related technologies. If you fit the latter category this is probably the only XML reference you'll need.
- Definitive XML Schema by Priscilla Walmsley. In a nutshell this book gives a detailed description of the XML schema and associated topics. The author is a member of the W3C working group that created XML Schema, and the material in this book is consistent with W3C recommendations. See the editorial description and reviews on this book's product page for specifics.
- Definitive XSLT and XPath by G. Ken Holman. Covers everything you need to know about transforming information structured vocabularies and output formats. The author is the chair of OASIS's XSLT/XPath Conformance Technical Subcommittee. See the editorial description and reviews on this book's product page for specifics.
Saturday, May 25, 2002
Although you can download XML specifications from the W3C working groups, a single book that summarizes these specifications is worth the investment. XML Family of Specifications: A Practical Guide is such a book. It's a comprehensive and up-to-date (as of this review) reference on XML as defined by the W3C. Part I is more of a desk reference (with a lot of example code), which covers XML syntax, modeling and parsing, DTDs and schemas. Part II, also with many examples, is a complete treatment of parsing with APIs, with separate chapters on SAX, DOM, JDOM and JAXP. Transformation and display protocols are covered in Part III, including CSS2, XSLT and XPath. XSLFO for formatting is also covered in this part. Xlink and Xpointer to facilitate referencing operations are the subjects of Part IV, and the book wraps up the formal descriptions of the family of specifications in Part V, which covers XHTML and RDF. I have a personal interest in RDF, and found the chapter devoted to it complete, but terse. This characterizes all of the chapters in this book. What makes this book valuable is the way the information is displayed. Each chapter starts with either an overview or concepts, and each clearly explains each specification and gives clear examples to demonstrate how they work in practice.
Appendices at the back of the book are especially valuable because they summarize much of the information in the body of the book. For example, Appendix A depicts the family of specifications in a format that clearly shows the relationships among them. In addition, the web site that supports the book provides a lot of supplementary material, including over 900 links to related resources and an image map of the family of specifications that is one of the most visually appealing and informative resources one can have at their disposal. Note that the web site is not up-to-date - some information that was cited as coming in April and May were still not online as of late June.
This is not a book for learning XML as much as it's a reference. The main value over W3C material that is available over the web is the clear writing and many examples. It reads much better than dry specs and is complete in its coverage.
If you work within the framework of the FDA's General Principles of Software Validation or the FAA's DO-178B for safety-critical avionics the material is consistent with these governing documents, but is too outdated to be useful.
However, if you are working on integrated projects that are unregulated with respect to government controls you may find this book useful. It contains a wealth of useful guidelines for establishing and managing processes to support development of products that are based on embedded software or hardware/software integration, The core of this book is a collection of templates that were developed and proven in the DoD industry, and are designed to manage integrated testing, failure management and field feedback. Each element is applicable to commercial environments, especially for companies that are manufacturing intelligent network devices, data storage systems and specialty products such as digital control systems, sensors and other integrated hardware/software products.
The templates are introduced in Chapter 1, and each of the seven functional areas covered by the templates are discussed in separate chapters. These functional areas are: integrated testing, failure reporting, design limits, product life, test/analyze/fix process, uniform test reporting and field feedback. A chapter on applying these follows, but the material is slanted towards DoD issues. If you apply thought and imagination while reading this chapter you should get ideas on how to refactor the cases into your own environment.
Section 2 devotes three chapters to software design and test, which are based on the older waterfall development life cycle. However, this particular life cycle lends itself well to developing embedded systems, making this material valid and applicable to commercial environments.
Overall, this is a useful book for the intended audience I cited above if you can track down a copy. In particular, the checklists and overall framework are valuable, and much can be learned from the risk-based approach taken in the book.
Shifting Gears. Although I'll inevitably return to quality and reliability, I am going to shift to another topic in my next entry: XML. Also, most of the topics for the next few weeks will be in the form of book reviews instead of the tutorials and news items that we've been writing about. That will change as soon as things stabilize. We're all busy and haven't the time to do the research we normally do, nor the freedom to craft original essays on topics that are dear to us. That will change in due time, but until then please bear with us.
Friday, May 24, 2002
Although over 11 years old the QA approach contained in this book is still valid. To get at the gems, though, you have to overlook a few things. For example, terminology common in the mainframe data center of past decades sounds quaint even to those of us who came from that environment. Also, the code examples used to illustrate quality problems are sure to confuse the younger generation of C++ and Java developers and test professionals who probably never heard of PL/I and only vaguely know about FORTRAN.
What I like about this book and the reason why I think it's still an important reference is the fact that application quality from an enterprise perspective is addressed. This goes beyond testing and release processes, as well as beyond project issues surrounding applications delivery and SQA. The focus is on production and maintenance, although testing, SQA and project metrics are addressed.
In addition to the focus, the book contains checklists, questionnaires and sample forms that can be updated to reflect modern computing environments - and you may be surprised to find that much of this 'ancient' material requires very little modification. Another aspect of this book that I like is the material on software maintenance, which seems to be a lost art, although it's as important now as it ever was.
Don't let the age of this book deter you if you're interested in quality assurance from a production support point of view. The best recommendation I can give is that this book has served me well in over a decade of consulting, and it probably will for years to come. However, it shouldn't be your only reference either.
Thursday, May 23, 2002
- Testing Very Big Systems. After you've peeled back the layers of testing techniques that are better documented and more refined in more recent books, and archaic language that characterized the mainframe lingo that was dying out when this book was first written a decade ago you'll find gold.
First, the way test case management is presented stands the test of time. The author is obviously well versed in managing complex system testing and it shows in his detailed approach to developing a test strategy and managing a large array of test cases. As good as this material is, it isn't a sufficient reason to track down a copy of this book because Rick Craig and Stefan Jaskiel have a more modern book, Systematic Software Testing that accomplishes the same goal.
The real gold is in the way that this book integrates testing, issue management and metrics. Although there is a large body of knowledge on these topics, this book manages to sort out the complexities in the clearest terms I've encountered. I also think that the approach change management is excellent, and especially the way this is linked to issue management. On the subject of issue management, the taxonomy of issue types has served me as a model during numerous consulting engagements for service delivery and software engineering process development, and have been proven in the field.
Additional gold is in the chapters on test documentation (especially the treatment of status reporting) and managing management. I also like the way that the author takes economic considerations into account, which was not much in vogue when this book was written in 1992.
If you're an SQA or applications delivery practitioner I strongly recommend tracking down a copy of this book. Look past the archaic parts and you will find one nugget after the other of useful information. I wish this book would be rewritten to reflect today's environment and the lessons that the author learned in the decade since this book was first published because there is much in this book that you will not find elsewhere.
- Ensuring Software Reliability. Despite this book's age and the subsequent software reliability books that have since been published, it adds a perspective and information that is either not in more recent books, or is not given the same comprehensive treatment.
If you are familiar with software reliability as a discipline and with any of the major books, such as John Musa's Software Reliability Engineered Testing, you'll probably not find anything new in Part I, although chapters 3 (software failures and failure processes), and 6 (reliability terms and definitions) add clear, succinct descriptions and definitions to these topics.
Part II, however, is where this book shines and why I use this book as one of my principal references. Specifically, chapter 7, which covers software reliability data collection, is thorough and comprehensive. I especially like the way data collection is integrated into a reporting process, and the near exhaustive list of error, product and process metrics and their associated descriptions. Chapter 8 is another gem. It describes 12 major reliability models, ranging from Musa's models to predictive models. One of the most interesting models in this catalog is the 'Leone Test Coverage Model', which is based upon percentage of completion and coverage of specific development and testing tasks. For each model the author gives a summary description, provides assumptions and parameters of the model, and the associated math. Each model's summary contains strengths and weaknesses, and when in the life cycle the model is best employed.
Overall, this book contains some invaluable information and information that has been superseded by newer books (especially the last chapters in Part II). If you're seeking information that I've highlighted above, this book is a worthwhile investment. If you're looking for a book that is more up-to-date I recommend Software Reliability Engineered Testing by John Musa. This book will remain an often referenced part of my library for some time to come.
Wednesday, May 22, 2002
Wireless and M-Commerce Development. I just posted my take on a book titled Mobile Business Strategies: Understanding the Technologies and Opportunities in our sister weblog, Postcards from the Revolution.
That weblog focuses on service delivery and business/IT alignment issues, while this one is slanted towards software engineering and more technical topics. The book fit within our theme for Postcards from the Revolution, but there is a related book that is more suitable for this audience. The title is The Complete Wireless Internet & Mobile Business Programming Training Course (with CDROM), and the friend who called it to my attention was enthusiastic. It appears to be a complete training course in all aspects of wireless and mobile commerce development. Judging from the content of the thirty-four associated PowerPoint presentations that are available for free download this is, indeed, a complete training course. If you need to get yourself or your staff quickly up-to-speed and you have a constrained training budget this may be a cost-effective alternative.
Back to Quality. Before ending this entry I want to revisit quality. If you are pursuing the ASQ CSQE certification you may want to get a copy of Fundamental Concepts for the Software Quality Engineer. This book is published by the sponsor of the certification (ASQ), and the book editor is Taz Daughtrey, who is editor-in-chief of ASQ's peer-reviewed quarterly journal, Software Quality Professional.
Tuesday, May 21, 2002
Software Reliability - Short Version. I am still pressed for time, so this entry is going to be as terse as my last. In the same manner that I use a single book as my primary reference for SQA, I use Software Reliability Engineered Testing by John Musa as my primary reliability reference. My 11 May 2001 review on Amazon will show why I hold it in such high regard. That doesn't mean that it's the only book I use - I have a large collection of SQA and reliability books - it means that it's the first one to which I turn for authoritative information on the topic. On the web the first place I go is the Data and Analysis Center Software Reliability page, which points me to the resources I need for particular aspects of reliability.
Past Information. Reliability has been addressed in this weblog in many previous entries, so I am not going to repeat much of that material here. However, during the next few days (when I get a break in my routine) I am going to wrap up this thread with a few longer entries that describe my own views about SQA and reliability.
Monday, May 20, 2002
- CrossTalk Magazine.
- Software Technology and Support Center, which has a rich cache of technical documents, great material about software quality engineering and testing, as well as related topics.
- Data and Analysis Center for Software SQA page.
I am pressed for time, so am going to abruptly end this without further commentary. I'll pick up where I left off tomorrow.
Sunday, May 19, 2002
Not everything that can be counted counts, and not everything that counts can be counted.How true. Einstein's legacy of genius will live on for ages because he has influenced generations of mathematicians and physicists.
While perhaps not at the same level as Einstein, Robert B. Grady will remain in my memory because of the deep influence his work has had on my thinking. I first discovered Grady in 1992 when I read Practical Software Metrics for Project Management and Process Improvement (see Linda's 22 April 2001 Amazon review). This is Grady's first book and it sets the tone for his later two books discussed below. What makes this book so important is that it is one of the first to integrate software metrics with project management metrics.
What I particularly like about this book includes:
- Complete view of metrics that matter, and the chronicle of how these metrics evolved in a large company (Hewlett-Packard).
- Recognition that any software metrics initiative extends beyond the project that delivers the software - Grady examines post-production metrics and ties them back to not only the development life cycle, but the product life cycle as well. Ten years after this book was published there are still large organizations that are struggling with doing this, yet Grady's book provides a clear roadmap to achieving this elusive goal.
- Continuous improvement is the central theme in this book. Grady does not stop with collecting and analyzing metrics, but how to effectively employ them to spot improvement opportunities and develop a strategy to effect those improvements.
Among all of Grady's books I like this one the best; however, I recommend that his other two also be carefully read if software process improvement is your goal. He has much to say and backs it up with data and a chronicle of his experiences from real projects.
Five years later Grady wrote Successful Software Process Improvement, which followed-up on the foundation he laid in the first book by showing how his metrics-based approach can be leveraged into a viable process improvement program. This book uses the TQM Plan-Do-Check-Act framework as the basis for process improvement. However, he goes deep into the issues and factors to give a complete approach to developing and managing a continuous improvement posture.
Highlights of this book include:
- The same story telling approach he successfully used in his first book. The conversational writing style and the logical sequence of the book makes it easy to read. Moreover, the real life examples add credibility and make the content practical instead of merely blue sky theory.
- A complete survey of assessment methods, such as the CMM, Software Productivity Research's Software Quality and Productivity Assessment, and Hewlett-Packard's internal QUality Maturity System. The latter two are especially interesting because they are, in essence, balanced scorecards.
- Business-oriented - the approach taken never strays from cost/benefit and ROI.
In also like the wealth of metrics, data and examples. While this book is longer than his first one, it's still a manageable 314 pages and is highly readable. If you are involved with software process improvement initiatives this book should be on your short list.
His last book, Software Metrics: Establishing a Company-wide Program, is about how to establish a viable metrics program. See my 28 November 2000 review on Amazon for details.
There is one other book that has deeply influenced me, Software Excellence: A Total Quality Management Guide. This book is a collection of papers that were made into a text under the editorial control of Shigeichi Moriguchi. Mr. Moriguchi did a superb job of ensuring both readability and structuring the content in such a manner that it can actually be viewed as three books:
- A textbook on software quality control.
- Catalog of techniques used in testing and SQA.
- Training guide for testers and SQA professionals.
Moving Along. Life is a journey, not a destination. This thread is going to imitate life because in the next entry I'll continue the journey, which will pass into the realm of SQA - a strange place inhabited by many cultures, and whose inhabitants are still trying to figure out who they are.
Saturday, May 18, 2002
It is best to do things systematically, since we are only human, and disorder is our worst enemy.Isn't it amazing how something uttered so long ago by a Greek poet is relevant to software testing?
It's beyond question that the Greeks made many lasting contributions to culture and civilization. In the world of test process improvement the lasting contributions may well be coming out of the Netherlands. As an aside, our Dutch brothers and sisters are also making significant contributions to service level management (see my 5 April 2002 entry in our sister weblog, Postcards from the Revolution). The reason I believe that the Dutch are leading the way in test process improvement is because the Test Process Improvement (TPI) and Test Management Approach (TMAP). Each of these approaches are documented in the following books:
Test Process Improvement: A Practical Step-by-Step Guide to Structured Testing. This book provides a coherent process improvement approach for software testing. It provides a model that supports the assessment of strengths and weaknesses of an existing software testing process and an approach for developing and implementing remedial action to rectify the weaknesses. As such this book is not useful to organizations that have not achieved a mature and stable testing process because the model will not apply. If you are seeking a book that will get your processes stable you will find Systematic Software Testing by Rick D. Craig and Stefan P. Jaskiel a better place to start.There are a few other books about test process improvement that are worth reading:
However, if your processes are stable this book is among the best because it stays focused on improving the testing process and does so in the same manner that SEI's CMM does for software development. In fact, the TPI approach in this book is cross-referenced to the CMM, which gives you an approach that can be viewed as a testing maturity model that aligns nicely with the CMM (including the newer CMMI). This is one of the strong points of the book and TPI.
Another thing to know about this book is that it's written more like a specification than a narrative. Some readers may find this difficult, but if you are involved in mapping the TPI key process areas to the CMM (or SPICE, Bootstrap or PSM), you'll appreciate the format. Also, the book views TPI as a subset of software process improvement, and software process improvement as a subset of TQM. While the authors focus on the software testing process, they do not isolate it from the bigger picture. This allows you to view then entire quality process as a coherent whole when you're assessing the software testing process and developing improvement strategies.
I personally think this book adds considerably to the software testing body of knowledge, and that the approach the authors give is both practical and sensible. If you work in an organization that has a stable testing process or is at CMM level 2 or above this book is essential reading.
Software Testing: A Guide to the TMAP Approach My first introduction to TMAP was in the above book, which the author co-authored. It piqued my interest, but unfortunately all of the literature on TMAP was written in Dutch. This book makes this powerful test management approach available to English speaking readers, making it invaluable.
First, a little about TMAP to explain why I think the approach is important and useful: It views testing as a process instead of a collection of procedures. The advantage is that once a process is in place it can be stabilized and improved upon. The key to testing is repeatability, and without a process there can be no repeatability. TMAP consists of four elements that combine to form a cohesive test management model:
Each of the above elements and their parts are covered in great detail, resulting in a sound framework for test management. That alone makes this book invaluable, but there are some additional gems that I especially liked:
- Testing life cycle that is aligned to the development life cycle. This life cycle is encapsulated within a planning and control framework that easily fits into the project management activities of the development life cycle.
- Testing techniques - not the techniques used in the execution of test cases, but the techniques employed for defining a test strategy, developing test specifications, and the associated artifacts. This book does cover some basic test execution techniques, but they are not the focus of the book and are not covered in great detail.
- Infrastructure and tools - addresses what are the minimums for an effective test process in the form of environments and tools. If you're establishing a test organization this aspect will be invaluable.
- Organization - how the test organization is structured and how it relates to external functions, such as development, configuration and release management, project management and other major stakeholders.
This book and the first one I discussed above combine to give a complete picture of test management and test process improvement.
- Test point analysis and estimation, which is an estimating method for test effort that is based on function point analysis. This is incredibly valuable because accurate estimation is one of the shortfalls in testing. This alone is reason to buy the book. For more information about Test Point Analysis you can download Test point analysis: a method for test estimation or look through the presentation slides from Conquest 2000, which also includes presentations on TPI and other items of interest. Although off topic, Test Effort Estimation Using Use Case Points is a related approach that fits nicely within the unified process.
- The wealth of checklists - I especially liked the comprehensive list of quality characteristics.
- Testing in maintenance situations - probably the most common situation for software testing and this book covers it well.
- Software Testing in the Real World (see Linda's 21 March 2001 Amazon review for details).
- Lessons Learned in Software Testing
- Surviving the Top Ten Challenges of Software Testing: A People-Oriented Approach
Friday, May 17, 2002
The software testing profession came into its own in 1979 when Glenford Myers published The Art Software Testing. Although this book is still in print (a remarkable feat in itself), it's quaint when compared to what we now have in published works and the body of knowledge. What this book did for the profession is legitimize it as a valid career path and to portray software testing as a profession instead of an activity to which mediocre programmers were exiled. Myers deserves the credit bestowed, but there is an unsung hero in the software testing and quality movement whose prolific writing has had considerable influence: William E. Perry.
Perry was writing about maintenance, testing and quality before Myers' book arrived on the scene, and his 1991 book, Quality Assurance for Information Systems: Methods Tools, and Techniques, is an interesting blend of holistic IT quality and software testing. I still refer to my copy for ideas when I am researching metrics. This book is about mid-point in Perry's publishing career. While his subsequent books focused more on software testing, this one is among the first to cover both software quality assurance and software testing in a coherent manner.
William Lewis' Software Testing and Continuous Quality Improvement that both Linda and I have recently discussed here (and reviewed on Amazon) extends Perry's work with respect to a holistic view of software quality.
Testing vs. SQA. I make the distinction between testing and SQA as follows:
Testing is an activity to find or prevent defects in software using older inspection techniques or more modern preventive techniques. Note that I am not including value judgments in my definition, else I would have ignored the inspection approach. What I want to do is highlight differences between testing and SQA.Based on my definitions testing belongs in the application delivery domain and serves as the boundary between application delivery and service delivery (i.e., production). This is shown in the organizational diagram that Linda and I developed. SQA, in my opinion, should be a function of a program management office (an ideal spot for oversight), or an entirely separate function that reports directly to the CIO.
SQA is an oversight function that collects and analyzes quality data to be used in pursuit of process improvement.
However, software testing is evolving to the point where testing and SQA are becoming blurred. In fact, to put it crudely, finding the boundary between testing and SQA is akin to picking fly shit of pepper. I apologize for that analogy, but it best describes the situation. The two books I've recently discussed, Systematic Software Testing and Introducing Software Testing each integrate testing and SQA, and it looks like the direction that software testing is going to take. There are some strengths and weaknesses to this:
- Strengths: end-to-end quality infrastructure, with a viewpoint that encompasses the entire systems life cycle (not just the development life cycle).
- Weaknesses: misses the big picture because testing is a narrow viewpoint of software quality. Other stakeholders in the service level management and project management domains have different viewpoints. See our Life Cycle Quality Gates document for an overview of metrics we deem important and you'll see why many will not be on the RADAR of a test organization.
Clouds in My Coffee. The way I see it the maturity of the software testing profession, as evidenced by the two books I discussed yesterday, and the affinity of testing and SQA, are on a course that needs to be carefully considered. For small organizations this isn't such an important issue, but for large enterprises the strengths and weaknesses need to be more carefully examined and weighed than I've done in this entry. The good news is we have reached a point where quality is considered to be important and proactive approaches to achieving it are becoming more prevalent. Better yet, thses approaches are wrappd in process.
Where the issues become even more cloudy is in the growing (and excellent) body of knowledge and practices supporting test process improvement. My next entry will focus on that aspect of testing and quality before moving on to software reliability in a future entry.
Have a wonderful weekend!
Subscribe to Posts [Atom]