VERIFY Conference - 2007 Keynote Speeches

2007 Keynote Speeches

Improving Your Development Process by Automating Infrastructure — Mark Lambert, Director, Parasoft

Monday October 29, 9:00 am

Building software has always been a complicated process, but it has become increasingly challenging as systems have grown in complexity. Cowboy programming is no longer acceptable. To build today’s and tomorrow’s business applications effectively, software development organizations need an automated infrastructure which supports and unifies the efforts of the entire software development team--from the people who write the requirements, to the people who build the software, to the people who verify that the software meets the requirements and performs as expected. This automated infrastructure has to provide all team members with comprehensive, objective measurements that provide instant visibility into whether the project is on the right track.

Such an infrastructure should be built in such a way that it captures human intelligence. Human intelligence is required the first time that a complex task is performed, but automation can typically be leveraged to repeat the task from that point forward. This frees people to perform more creative tasks that can’t be automated. When such an automated infrastructure is implemented and regularly fed with human intelligence, it can provide significant productivity gains—up to a factor of 10 or beyond.

Monday October 29, 1:00 pm

Typically, more than 60% of the overall effort in developing and delivering software products is spent on testing. Test time and cost is expected to continue to increase as the complexity of software applications is continuing to grow and as is the desire to deliver products more quickly. This presentation discusses the use of test automation to help reduce test efforts and testing costs. The presentation will focus on describing how the test automation increases the efficiency of the testing team, allows last minute releases to be tested quicker, and reduce the cost of testing overall. From a test engineer's perspective, automation should increase efficiency, reduce tedious data entry, allow for increased analytical time, and provide career enhancing skills. This presentation will describe the business case for test automation.

Tuesday, October 30, 2007. 9:00am

What makes software testing for security any different than normal software testing? Part of the answer is tied up in expertise, experience and attitude. Security testing comes in two flavors and must involve both standard functional security testing—making sure that security apparatus works as advertised—and risk-based testing—malicious testing that simulates attack. Risk-based security testing should be driven by architectural risk analysis results, abuse and misuse cases, and attack patterns. Unfortunately, first generation “application security” testing misses the mark on all fronts. That’s because canned black box probes can at best show you that things are broken, but in the end say very little about security posture. This talk is about what software security testing should look like, what kinds of knowledge testers need to carry out such testing, and what results may say about security.

Tuesday, October 30, 2007. 1:00pm

Many companies’ ability to design and develop advanced applications using Web 2.0 or Service-based approaches has surpassed their ability to properly govern and test these apps. Therefore, the QA organization will be asked to step up to the challenge of ensuring that these critical systems can be trusted to meet business requirements. Testing will no longer be a pre-deployment checkpoint, it will become a continuous process that will demand a higher level of technical and business awareness from the QA professional.

Why is testing, once an afterthought of the software development lifecycle, now increasing in strategic value to today’s organization? Simply put, the technology for delivering applications in a flexible, reusable way has evolved, so the QA organization must evolve with it. To succeed, testers must wear both business and technical hats. Testers must participate in Governance of their enterprises’ IT assets. Created tests literally become business policies, which must be constantly enforced against today’s advanced, ever-changing software.