Software Testing

Belgium Testing Conference 2012

/ Arborosa / Leave a comment

QA vs.Testing: Antagonism or Symbiosis?

The header above was the theme of the last Belgium Testing Days in Brussels on March 12-14. During the call for papers for this conference, several months ago, I was in the middle of having SOx compliance established for one of my projects. The theme caught my attention since it represented one of my feelings on the compliance process at the time.

I work at an internationally operating bank which has a few consequences for the context in which I work. The most obvious consequence is that a bank uses either financial software or software that enables financial processes. As a result the (in-house) developed software gets extra special attention with regard to accessibility (or perhaps rather inaccessibility), integrity and confidentiality (AIC). Every piece of software that is built or bought by the bank gets a so-called AIC assessment and depending on the result of the assessment and certain amount of checks, controls and measures are mandatory.

The AIC assessment itself is essentially internal to the bank. But being a bank, and especially being an international bank, this means that on top of the internal regulations all kinds of external government and financial market regulations are imposed on it. The bank QA department translates these regulations or standards into internal processes and rules. For most of the high level business processes such a translation seems fairly straight forward. These processes are often both described and measured at the same way as the regulations. It gets more difficult if you drill down into the organization and start taking all the contributing activities and tasks into account such as in my case the development of software or more particularly the testing of software.

Organizational response

One of the financial organizations common responses is to apply and design standards and procedures together with any number of deliverables.

These standards are prescriptive of nature. They tell you in general terms what their idea is. But, depending on your QA department it gets more specific. They tell you what you must do, how you should do it, in what order you should do it and how you should call it.

The so designed procedures and processes describe the steps you are supposed to do given some standard situation. And since seeing is believing they also formulate how you should proof that you followed the process. In many cases such proof is the delivery of a number of deliverables. Deliverables can be a lot of things, but typically they are in the form of documents, test ware libraries or reports.  Given a certain standard they follow a fixed format both in terms of content, that is what should be described, and in terms of lay-out, that is how it should be described.

Quality Assurance

To my experience for the most part the somebody defining the standards to be used, the procedures to be followed and the deliverables to be created are not the developers or testers nor the customer, but is a typical staff department:

The Quality Assurance department

I see quality assurance not as a singular activity. In my opinion it is a group of activities. Activities that have a difference in focus.One part of quality assurance is focussed on making the chosen framework useable and applicable within the organization. QA as the designer. The second part of quality assurance is closely related to this as it acts as the controller of what was previously designed. To this end it translates the designs into to points of measurement and puts values to the measurement results. QA as the controller. These two might go by different names in some organizations, like quality management, but in my opinion this still is part of quality assurance. The third part of quality assurance is the part in which the actual software development related activity is taking place. It is the part that also executes the previously designed steps and  reports back on them. QA as executor.

At this point QA starts to be seen as testing which is captured in the following definition that is often used for both:

The process of validating and verifying that a software program/application/product meets: The requirements that guided its design and development;  works as expected; and can be implemented with the same characteristics

This definition has a certain appeal. It is understandable; it is similar to other process oriented methodologies; it aligns with the QA concept. But in my opinion it limits testing to checking.

Testing

The previous definition is not the definition I would use for testing. In my opinion the kind of information testing provides depends on the what the stakeholder values as important for the softwares quality. Therefore my definition is:

Software testing is a means to provide information to someone who matters about the product or service under test in a certain context at a certain time.

If I apply this definition to my AIC, SOx compliant context I find that the current solution QA has offered me does not meet this definition. Do not get me wrong I understand and agree that the change process and software development should be both traceable and accountable. I do however not believe that the solution is to enforce processes, procedures and deliverables that are judged by their presence and adherence to layout. What matters is the content that they should be presenting.

Not the process story but the testing story should be told

An example

This example describes in summary which measures the SOx team and I agreed on that are required by software development projects, and specifically testing, necessary to comply to Sarbanes-Oxley Act (SOx) regulation.

A SOx regulation review is targeted at the state of software development and testing at the moment of release to production. The intermediate states or progress steps in establishing traceability and documentation compliance are out of scope for the investigation.

Manual Testing

Testware management for manual testing follows the guidelines as summarized in the following steps:

  • A test plan or a similar structure identifies functional test objects that, minimally, covers the functionality as specified in the requirement or change documents.
  • For each of these test objects specific test activities are logged
  • The test structure identifies the release, individual RFC’s and relates them to the test activities.
  • A  full and complete overview of test objects, test activities and the test results should be established prior to release of the changes to production. This can be either in a testware management system, like preferably HP QC, or in another reviewable form
  • All tests should either have passed or if not passed have a logged defect and or     stakeholder decision attached that indicates that this is acceptable to go into production at this point in time

Automatic Testing

In essence the testware management for automated testing follows the same guidelines as manual testing. Main difference is that the way of documentation is adapted to the structure of automated testing:

  • A test automation tool or input data sheet used by the test automation tool shows the automated tests with a reference to the test object, functionality or RFC that they test
  • A log file (preferred), or checklist, shows whether the tests have been executed and if they have passed or failed
  • A full and complete overview of test objects, automated tests and the final      execution of tests with test results should be established prior to release of the changes to production
  • All tests should either have passed or if not passed have a logged defect and or     stakeholder decision attached that indicates that this is acceptable to go into production
  • If for automatic testing a self designed tool or framework is used the      functionality of the tool and the execution of the test cases should be validated by peer review. Results of the review should additionally be captured in the test report

The above steps should result in the following deliverables:

–          Basic testware describing the test design, test execution, test results and defects
–          Test Report, containing an advice for release

Test report

You might have noted that there is no mention of describing tests in advance, of following test scripts, nor of following standard or using templates. The SOx compliancy team’s focus is not on how the testing is executed during the project. Its focus is to see if the implemented changes are tested and that the executed tests and test results can be matched to them. Their aim is to establish that the changes do not have an unexpected or undesirable effect on the companies annual balance or regulatory capital. To that end they check if the changes are implemented as intended.

The SOx compliance essentially asks for what James Bach describes as three stories that describe the testing story:

  1. A story about the status of the product
  2. A story about how you tested it
  3. A story about the value of the testing

The only thing now left for me is to convince the QA department that even when I have not followed their standard and procedures and not used their templates I have thought about the reason behind their questions and am still able to supply the information they need. Only a bit faster and more naturally.

250 hours of practice – February/March

/ Arborosa / 1 Comment

It has been a while since my last post. It was not that I have been procrastinating. No I actually was too busy to write a post. There were many reasons for this and most of them are covered in this post. So lets start with the biggest time consumer.

BBST Foundation

For those who do not know what this is I can almost hear you thinking.

“A foundation course? Doesn’t this guy have enough experience already and now he does Black Box Software Testing Foundation course. ”

Well let me put it this way. There are foundation courses and foundation courses. The Black Box Software Testing (BBST) Foundation course is as it says a foundation for further education and it is a good place to start your testing career. It’s just that it has a distinctive approach to it. First of all it is a four-week online course. Which is longer then almost any other course on software testing. Second it focusses on getting the participants to become critical and thinking software testers. It does this not by handing you any predefined recipe. It gives you the ingredients and the possibility to work with them. Let me, as an example, give you a short overview of the content:

Basic definitions                                              Programming fundamentals and Coverage
What is a computer program                               Numbering
Types of testing                                                   Storage
.                                                                           Representation
Strategy                                                               Data and Control structures
What is testing                                                     Coverage
Testing missions
Testing strategy                                              The impossibility of complete testing
                                                                          The basic combination rule
Oracles                                                                Paths and sub paths
System under Test                                              Data flows
Heuristics                                                             Sequences
Consistency oracles
More types of oracles                                       Measurement

All captured in :

  • 20+ articles and several books to read
  • 306 slides
  • Over 3 hours of video lecture
  • 5 quizzes
  • multiple individual and group assignments
  • Exam and exam grading
  • Over 70 hours of thinking, preparing and answering either individually or with team members from multiple time zones

Given that I also have worked these four weeks and maintained a family life I have made long days in February. But it was all worth it. Even if you have, like me, some experience in software testing it is a splendid (re)sharpener of your critical thinking skills with regard to software testing. Not only with the content of the course itself, but also with the interaction you have with the twenty or so other participants. Especially the group assignments and the assignments that need reviewing each others work give you a good insight in cultural and thinking differences people have. And from this and from the comments you can get a lot of more wisdom.

So some seventy of so hours spent on BBST Foundation. Well on my way towards the end goal of two hundred and fifty. But you might have noticed that this covers only February and this post is written half way March. So what more have I done.

Proposals

The end of February and beginning of March was also the time in which several deadline for calls for papers came in to view. I do not know if this really is considered practice, but it gets you to think and write about software testing anyway. Within one week I entered five proposals for a track and one for a tutorial for EuroSTAR, TestNet spring and autumn event and the Agile Testing Days. And I already am more than happy to tell you that the tutorial on the use of mind maps in testing, that I thought of together with testing buddy Huib Schoots, already got accepted.

But not only did I spent time on my own proposals. Zeger van Hese, this years program chair, invited me to help review some of the many proposals that EuroSTAR has gotten this year. And even if the amount of, anonimized, text is not so much I did want to do a serious review and evaluation of the proposals. (Like I would like others do with mine.) Some of them were good, some were bad and for some I was indecisive.

TestNet book

And there was more time spent reviewing. A couple of months ago I had committed to reviewing the TestNet jubilee book on the future of software testing. Obviously at the time I had not imagined to be this busy. But at the cost of some sleep I managed to finish the review prior to my next challenge.

The book itself is a great reference to over think where testing is going to and what choices you as tester need to make to make yourself both comfortable and future proof the coming five years.

Conferences

Although I have given talks and workshops before I had never been a speaker at a major international test conference. March 14 I made my debut on the international stage at the Belgium Testing Days. As I will be spending a separate post on the content of my talk I will limit for now with the remark that it was great fun to do and that it was great to meet both familiar and new  faces.

Meanwhile during this period Markus Gärtner published an interview with me on his blog as prequel to Europe’s first context-driven testing conference “Let’s Test“. The only downside for me seems to be that I am actually not able to attend, due to a lack of funds.

To complete the conference experience for the coming period I am invited to be a test expert at the Dutch Testing Conference (agile, context-driven testing and exploratory testing) and I invite participants to ask me questions during the conference.

250 hours of practice – January

/ Arborosa / 2 Comments

As said in my post a couple of weeks ago, this year I would try to spend 250 hours on practicing and enhancing my testing skills. This post is a report on how I fared in January 2012. (Leaving my personal favourite untill the end…)

I started enthusiastically on January 2nd by following up on a post about the “Follow the link exercise” by Jeff Lucas. In short the exercise is to choose a blog post of your liking. You start reading it critically and then follow every link mentioned in the post. You then pursue this with every post that you read in a one hour session.

In my session, that actually lasted two hours, among others I followed up on a link to Alan Page’s blog “Tooth of the Weasel”. This post contained an overview of posts Alan wrote in 2011 so there were enough links in there to follow-up:
My job as a Tester
What is Testing?
Test Design for Automation
Numberz Challenge
Beyond Regression Tests
R-E-S-P-E-C-T
Judgment in Testing
Lost in the weeds

Although I had heard about Alan Page I was not yet familiar with his work. It pleasantly surprised me with some useful ideas and even some advice for my personal goals for this year. Let me give you some quotes I found interesting:

“What you do or don’t define as testing may differ per context.”

Automated testing “starts the same as always. Design your test first then automate where eligible. Coded tests do not replace, but enhance human tests.”

“Do not only use automated testing for regression. Vary the data, the sequence, randomize, to find new information” data driven testing

“Are testers’ second class citizens? NO. Are they whiners? Yes; Figure out how to get and earn respect!”

My second (larger) series of practice session(s) started with watching the 2011 GTAC keynote by Alberto Savoia with the ominous title “Test is dead”. You can read more about this on the blog post I wrote “Is testing dead?”

My third endeavour entailed reading the hardcopy of the book “Essential Software Testdesign” by Torbjörn Ryber. The E-book is free to download, but I liked the content enough to want to own it. Some warning is in order however. Even the hardcopy has a somewhat annoying number of typos, illogical sentences and even faults. Nevertheless the concepts Ryber discusses are helpful for many a tester.

Early in January the DEWT’s met up again. This time to discuss and prepare the TestNet event about context-driven testing. On January 18, some 150 testers visited the event to watch James M. Bach and Michael Bolton do a one hour introduction on context-driven testing using Go to meet  (which btw. worked brilliantly). After the break the DEWT Zeger van Hese, Ruud Cox, Ray Oei and myself gave a number of lightning talks followed by Q&A. Themes of the talks were “On being context-driven”; “Spin-Off”; “Context-Driven expert”; “Test Plan”.

All in all these activities got me some 20 hours of practice bringing me well en route for the 250 hours of testing practice. But to be honest I am even more of a test nerd. I have spent another 10-15 hours on following Twitter feeds with a peak while participating in a #Testchat lead by Lisa Crispin asking the following questions:
Q1: Have you worked on a “test automation project” that succeeded? What helped it succeed
Q2: What do you think upper management should know about testing? (not limited to automation)
Q3: related some to Q2: How do you keep your testing transparent to others on your team and in the organization?
Q4: Are testers on your team treated with the same respect as programmers?
Q5: sometimes the tester is undone by the process. Documentation outdated leading to looking like lack of knowledge

The last practice activity however was, for me personally, the most engaging, emotional and gratifying one.

In December I contacted Markus Gärtner to ask him for a challenge to see if I was worthy enough to enter the realms of the Miago-Do software school of testing. This actually the first step of the challenge having found a member. Markus offered my “The light saber” challenge. Several times during the challenge I would sent Markus my test investigation results and as many times Markus answered. I used several heuristic approaches, tried to inform the customer based on his needs and eventually offered a solution using personas. Somewhat to my despair Markus’s answers were getting shorter and repetitive and I asked Markus to debrief me.

We organized a one hour Skype session and went on with the challenge discussing results, progress en feelings during the challenge. Eventually we came to the point where Markus would reveal if I was allowed to enter Miagi-Do. The result got me stunned, silent and humbled for a moment… Not only was I a new member I was one of the members to, fully endorsed by other instructors, become a Black-belt.

I can only say again. Thanks guys, I am honoured.