sss ssss rrrrrrrrrrr ssss ss rrrr rrrr sssss s rrrr rrrr ssssss rrrr rrrr ssssssss rrrr rrrr ssssss rrrrrrrrr s ssssss rrrr rrrr ss sssss rrrr rrrr sss sssss rrrr rrrr s sssssss rrrrr rrrrr +===================================================+ +======= Quality Techniques Newsletter =======+ +======= December 2004 =======+ +===================================================+ QUALITY TECHNIQUES NEWSLETTER (QTN) is E-mailed monthly to subscribers worldwide to support the Software Research, Inc. (SR), eValid, and TestWorks user communities and to other interested parties to provide information of general use to the worldwide internet and software quality and testing community. Permission to copy and/or re-distribute is granted, and secondary circulation is encouraged, provided that the entire QTN document/file is kept intact and this complete copyright notice appears in all copies. Information on how to subscribe or unsubscribe is at the end of this issue. (c) Copyright 2004 by Software Research, Inc. ======================================================================== Contents of This Issue o Advances in Model-Based Software Testing o Stevens Institute Research/Thesis Abstracts Available o Second International Workshop on Quality Assurance and Testing of WEb Based Applications o eValid Version 5 (V5) Availability o Third Workshop on Software Quality o Fourth International Workshop on Automated Verification of Infinite-State Systems o John Musa's "Professor's Corner" o Software Engineering for Secure Systems: Building Trustworthy Applications o The eValid Suite: A Quick Feature Summary o Fifth International Workshop on Web Based Collaboration o QTN Article Submittal, Subscription Information ======================================================================== Advances in Model-Based Software Testing 15-16 May 2005 http://a-most.argreenhouse.com There is a need for renewed stress on rigorous and disciplined approaches to software testing as a result of the growing focus of product liability on software. As an industrial reality, an order of magnitude reduction in the cost of effective testing is needed. Model-based testing methodologies can provide this discipline and rigor. A premise of model-based software testing is the creation of models of the software being tested as opposed to adhoc and manual creation of test suites. Despite progress in model-based software testing the practice is limited to relatively few organizations. The goal of this workshop is to bring together researchers and practitioners to describe, discuss, and advance the current state of the art AND the current state of the practice in model-based software testing. Submissions are solicited that describe new research, tools and technologies, noticeable industry experience reports, and position papers which will collectively advance the state-of-art and the state-of-practice in the area of Model-Based Software Testing. Topics of interest include, but are not limited to: MODELS Black Box (Requirements Based) White Box (Code Based) OMG's MDA Markov Chain Combinatorial Designs Systems of Systems Embedded Systems PROCESS Test Generation Algorithms Test Oracles Tracing Requirements to Test Cases Automated Change Management Testing Tools Test Management Systems MEASUREMENT Estimating Reliability Coverage Analysis Risk Assessment Return on Investment Case Studies Test Stopping Criteria Contact: Prof. Larry Bernstein, Stevens Institute of Technology, email: lbernste@stevens-tech.edu. ======================================================================== Stevens Institute Research/Thesis Abstracts Available eValid use at Stevens Institute of Technology under the direction of Prof. Larry Bernstein, Computer Science Department, has led to the publication of two MS thesis papers, abstracted and linked below. Jabu Woodard (December 2004) This Thesis "Overhead -- Bane of Layered Network Design," examines the effect of adding an OSI layer of overhead to website protocols, and uses eValid to measure the relative overhead. Aketa Parikh (December 2004) This Thesis, "Trustworthy Software," examines the demand for Secure, Reliable and Safe (SRS) software systems. These concepts are illustrated in three "student projects" which are analyzed in part with eValid to assess their reliability and safety. Copies of both of these theses can be downloaded from: http://www.soft.com/eValid/Customers/USA/S/StevensInstitute/Research/abstracts.html ======================================================================== Second International Workshop on Quality Assurance and Testing of Web-Based Applications in Conjunction with COMPSAC 2005 (URL: http://aquila.nvc.cs.vt.edu/compsac2005) July 25-28, 2005, Edinburgh, UK Contact: hzhu@brookes.ac.uk, kung@cse.uta.edu The Internet is rapidly expanding into all sectors of our society and becoming an indispensable platform of information systems and other computer applications as well. Web-based applications are complex, ever evolving and rapidly updated software systems. Testing and maintaining web-based applications are a nightmare because the Internet is a heterogeneous, distributed, multiplatform, multilingual, multimedia, autonomous, cooperative wide area network computing environment. Traditional quality models, testing methods and tools are not adequate for web-based applications because they do not address problems associated with the new features of web- based applications. At present, web-based applications testing and maintenance are still an unexplored area and rely on ad hoc testing processes. Little has been reported on systematic testing methods and techniques, quality metrics, and dependability of web-based applications, to mention just a few. The first workshop on quality assurance and testing of web-based applications was successfully held at IEEE 28th Annual International Computer Software and Applications Conference (COMPSAC'04) in Hong Kong, Sept. 30, 2004. This is the second workshop of the series. It is aimed to provide a forum for researchers, practitioners and tools vendors to exchange ideas, research results, practical experiences and lessons learned on quality assurance and testing of web-based applications. It will also be held at COMPSAC'05 in Edinburgh, UK, July 25-28, 2005. Testing and Quality Assurance Methods and Techniques Effective quality assurance and testing of web-based applications require a systematic approach, which include models, methods and techniques that deal with the representation of software artefacts under test and processes for the analysis of these artefacts, and the generation of test cases/test data from them. This theme seeks proposals of test models, methods and techniques for web-based applications including but are not limited to the following: * Test models and meta-models * Verification and validation techniques, such as modelling checking, consistency and completeness checking, etc. * Analysis and testing * Test criteria * Architecture and framework * Reverse engineering * Exception handling * Testing for security, privacy and trustworthiness * Content management * Tools and environments Process and Management Issues A process is a sequence of macro-level activities performed to accomplish a significant task. This theme deals with processes and management activities for quality assurance and testing of web-based applications. Example topics are: * Quality management * Human factors * Web configuration management * Metrics and indicators * Maintenance and evolution * Content management * Process improvement * Quality of service * Security and privacy (as quality metrics) * Dependability * Fault tolerance and automatic recovery models Practical Applications and Experience Reports on quality assurance and testing of practical web-based applications or industrial experiences are strongly encouraged. Topics include but are not limited to: * Quality assurance and testing of E-Commerce applications * Quality assurance and testing of E-Government applications * Quality assurance and testing of E-Science applications * Quality assurance and testing of Wireless applications * Security and privacy in practice * Lessons learned Technology Impact This theme is concerned with impact of related technologies to quality assurance and testing of web-based applications as well as impact of quality assurance and testing of web-based applications to other technologies. Example technologies are: * Bio-metric technology * Data warehouse and data mining * Agent technology * Autonomic computing * Component software engineering * Wireless communication * Mobile computing * Service-oriented computing * Ubiquitous/pervasive computing * Network centric computing * Web services technologies * Grid computing * Open grid service architectures * Grid middleware Workshop Co-chairs Hong Zhu, Oxford Brookes University, UK David Kung, University of Texas at Arlington, USA ======================================================================== eValid Version 5 (V5) Availability http://www.e-valid.com We're writing to let all eValid users for whom there is an assigned Customer ID (CID Number) know about the upcoming release of eValid Version 5. Availability of eValid Version 5 -- we call it "V5" for short -- is planned for January 2005. We'll let everyone know as soon as V5 is released. New Feature Summary V5 is a major upgrade to the product technology. The new release includes many new features and capabilities such as: o New PageMap facility to allow in-depth analysis of pages and their properties. You can use the PageMap to see how pages are composed and you can use the PageMap information for additional scripting power and reliability. o New formats and structure for site analysis to make your runs quicker, easier to analyze, and easier to archive. o Major changes to the powerful 3D-SiteMap applet that include manipulating the focus, depth, and content of the 3D page- dependency diagrams. o Improved detailed timing for individual page components. o Reorganized and updated online documentation to reflect eValid's support for XP applications. o Enhanced support for monitoring operations, including new CSV- style output files and improved batch mode control. o A new and improved JavaScript interface to allow scripting activity to interact with browsing activity. These are combined with new features for extracting the current contents of a page direct from the internal DOM (Document Object Model). o Revised dashboard (eValid's floating control panel) to simplify record/play and site analysis operations. Complete details are found in the eValid V5 Release Notes: http://www.soft.com/eValid/Products/Documentation.5/release.5.html Version Compatibility V5 will fully replace V4 when you install it, and V4 will replace V5 if you choose to go back to the prior version. V5 is upward compatible with V4. All V4 scripts will play without modification on V5, but some V5 scripts may not work reliably in V4. Also, some of the feature licensing and internal support structures have changed in V5. ======================================================================== 3rd Workshop on Software Quality http://attend.it.uts.edu.au/icse2005/ International Conference on Software Engineering 2005 http://www.cs.wustl.edu/icse05/Home/index.shtml 17 May, 2005 St Louis, Missouri, USA Motivation To develop software quickly, on time and within budget is not good enough if the product developed is full of defects and today, software stakeholders are demanding higher quality software than ever before. As the software market matures, users want to be assured of quality. They no longer accept the claims of the IT department at face value, but expect demonstrations of quality. In recent years, much of the software engineering research has focussed on standards, methodologies and techniques for improving software quality, measuring software quality and software quality assurance. Most of this research is focused on an internal view of quality whereas few measures of the customer view of quality exist. Co-located with the International Conference on Software Engineering (ICSE), the premier software engineering conference, this workshop intends to bring together academic, industrial and commercial communities interested in software quality in order to discuss the different technologies that have been defined and used in the software quality area. The topics of interest in this discussion span the full range of software quality issues, including the following: * Software Product Evaluation and Certification * Tradeoffs in Quality during software development * Software Process Definition, Evaluation and Improvement * Software Quality Education * Introduction of Software Quality Programs * Methods and Tools for Quality Assurance * Quality Metrics (In-process quality and customer views of quality) * Software Quality for different domains (eg agile, web, open source etc) * Software Quality at different stages of the development lifecycle * Total Quality Management * Building quality into software products * Project management and software quality * Testing, Inspections, Walkthroughs and Reviews Organizers: Dr. Barry Boehm, University of Southern California Center for Software Engineering, United States Dr. Sunita Chulani, IBM T.J. Watson Research Laboratory Center, San Jose, United States Dr. June Verner, National Information Computing and Technology Australia (NICTA), Australia Dr. Bernard Wong, University of Technology Sydney, Australia ======================================================================== Fourth International Workshop on Automated Verification of Infinite-State Systems (AVIS'05) Co-located with ETAPS 2005 2nd-3rd April, 2005 Edinburgh, Scotland http://chacs.nrl.navy.mil/projects/AVIS05/ This workshop is a forum for researchers, students, and practitioners interested in the application of formal methods and tools for the automatic verification of large practical systems. Formal methods, in particular model checking, is increasingly being used in industry to automatically establish the correctness of (and to find flaws in) finite-state systems, such as descriptions of hardware and protocols. However, model checking is limited in scope due to the state explosion problem. Most practical system descriptions, notably that of software, are therefore not directly amenable to finite-state verification methods since they have very large or infinite state spaces. For such systems, theorem proving -- a process that requires manual effort and mathematical sophistication to use -- has so far been the only viable alternative. More recently, we have seen the emergence of hybrid techniques that combine the ease-of-use of model checkers with the power of theorem provers. Tools based on these techniques afford users with full automation, and are less sensitive to the size of the state space (which may be infinite or arbitrarily large). There is a growing body of knowledge in this field which has a very exciting future. The intention of this workshop is to build a forum for exchanging ideas and experiences by bringing together theoreticians, tool builders, as well as practitioners who are interested in this emerging area of research in formal verification. The workshop will be co-located with European Joint Conferences on Theory and Practice of Software 2005 2-10 April 2005, in Edinburgh, Scotland. The two day workshop will be held on 2nd and 3rd April 2005. Program Committee Ramesh Bharadwaj (Program Chair) Naval Research Laboratory USA Tevfik Bultan University of California, Santa Barbara USA Supratik Chakraborty IIT, Mumbai IN Michael Colon Naval Research Laboratory USA John Goodenough Software Engineering Institute, CMU USA Ralph Jeffords Naval Research Laboratory USA Supratik Mukhopadhyay West Virginia University USA Abhik Roychoudhury National University of Singapore SG Stefan Schwoon University of Stuttgart D Sandeep Kumar Shukla Virginia Tech USA ======================================================================== John Musa's "Professor's Corner" Email: j.musa@ieee.org Software Reliability Engineering website: The essential guide to software reliability http://members.aol.com/JohnDMusa/ The following might perhaps be of interest to you. I often receive email questions and requests for information on many different aspects of software reliability engineering, and I have provided some of this information on my website. I recently decided to organize this more carefully. In addition to the information I provide about my training and consulting services and new book, I have set up five noncommercial areas of interest to support the general software reliability engineering community. These are: Orientation, the Professors' Corner, the Researchers' Corner, the Practitioners' Corner, and Resources for Everyone. The material includes some material I prepared myself and carefully selected hyperlinks to high quality material appearing elsewhere on the Internet. This website has been in existence for almost 9 years, and I would expect to maintain it for the foreseeable future. The Professors' Corner includes a link to software reliability engineering slides and course materials. The Researchers' Corner include links to software failure data and an enormous archive of debugging histories of programs suitable for reliability research. The Practitioners' Corner includes links to standards and a continually updated bibliography of published articles on actual applications of software reliability engineering. Resources for Everyone includes links to the software reliability estimation program CASRE, the CASRE Forum, CASRE Support, and ISSRE. There is also information on the SRE Network and the Technical Committee on SRE. Please feel free to use this material as indicated and to encourage others to use it. Although some of it is copyrighted, in most cases permission to use is granted as long as it is not sold or commercially exploited and proper credit is given. Also, please let me know of the existence of other high quality material of general interest on software reliability engineering if you think it might be beneficial to include it or provide hyperlinks to it. ======================================================================== Software Engineering for Secure Systems (SESS05) Building Trustworthy Applications http://homes.dico.unimi.it/~monga/sess05.html May 15-16, 2005 St. Louis, Missouri USA An ICSE 2005 workshop http://www.cs.wustl.edu/icse05 Theme and goals Every software application is built and deployed to accomplish some goal pursued by its interested parties. Thus, software engineers aim at designing, implementing, and maintaining valid applications that meet the needs of stakeholders. However, every application can be also potentially misused, that is, used to pursue goals that contrast the ones intended by stakeholders. Therefore, software engineers should try to design applications that, while still valid, are also trustworthy and cannot be misused. Validity and trustworthiness are goals that often cannot be achieved either because they are too costly or because they stem from conflicting needs. Historically, the software engineering community has strived more to obtain validity than trustiness. Nowadays, however, software ubiquity in the creation of critical infrastructures has risen the value of trustworthiness and new efforts should be dedicated to achieve it. The major source of vulnerability of systems has been recognized to be poor-quality software. However, while secure applications are also valid and robust ones, security is a specific non-functional requirement that has to be explicitly and carefully taken into account during analysis, implementation, testing, and deployment. Moreover, some of the most successful techniques used by software engineers may conflict with security objectives. Abstraction, for example, is the invaluable device the designers use in order to cope with complexity, but, since it is rarely applied as a pure mathematical generalization, it could force one to neglect details that can be exploited to misuse an application; late binding, while a fundamental tool in pursuing design for change, could be hijacked to adapt systems to malicious goals; COTS, commercial off-the-shelf components, if they might foster the profitableness of software industry, they also introduce black-box subsystems that are difficult to manage when reasoning about the chain of trust of the whole system. This workshop will provide a venue to discuss techniques that enable the building and validation of secure applications. We are especially interested in (1) design and implementation approaches that make it easier to deal with security requirements, and (2) program analysis techniques that enhance the trustworthiness of applications. Areas of interest include, but are not limited to: o Security requirements management o Architecture and design of trustworthy systems o Architecture and design of protection systems o Separation of the security concern in complex systems o Secure programming o Black box components trustworthiness o Security testing o Trustworthiness verification and clearance o Defining and supporting the process of building secure software o Deployment of secure applications Organizers Danilo Bruschi, Universita' degli Studi di Milano, Italy Bart De Win, Katholieke Universiteit Leuven, Belgium Mattia Monga, Universita' degli Studi di Milano, Italy ======================================================================== The eValid Suite: A Quick Feature Summary http://www.e-valid.com eValid technology incorporates virtually every quality and testing functionality in a full-featured browser. Here is a summary of the main eValid benefits and advantages. o InBrowser(tm) Technology. All the test functions are built into the eValid browser. eValid offers total accuracy and natural access to "all things web." If you can browse it, you can test it. And, eValid's unique capabilities are used by a growing number of firms as the basis for their active services monitoring offerings. o Mapping and Site Analysis. The built-in WebSite spider travels through your website and applies a variety of checks and filters to every accessible page. All done entirely from the users' perspective -- from a browser -- just as your users will see your website. o Functional Testing, Regression Testing. Easy to use GUI based record and playback with full spectrum of validation functions. The eV.Manager component provides complete, natural test suite management. o LoadTest Server Loading. Multiple eValid's play back multiple independent user sessions -- unparalleled accuracy and efficiency. Plus: No Virtual Users! Single and multiple machine usages with consolidated reporting. o Performance Tuning Services. Outsourcing your server loading activity can surely save your budget and might even save your neck! Realistic scenarios, applied from multiple driver machines, impose totally realistic -- no virtual users! -- loads on your server. o Web Services Testing/Validation. eValid tests of web services start begin by analyzing the WSDL file and creating a custom HTML testbed page for the candidate service. Special data generation and analysis commands thoroughly test the web service and automatically identify a range of failures. o Desktop, Enterprise Products. eValid test and analysis engines are delivered at moderate costs for desktop use, and at very competitive prices for use throughout your enterprise. o HealthCheck Subscription. For websites up to 1000 pages, eValid HealthCheck services provide basic detailed analyses of smaller websites in a very economical, very efficient way. o eValidation Managed Service. Being introduced soon. the eValidation Managed WebSite Quality Service offers comprehensive user-oriented detailed quality analysis for any size website, including those with 10,000 or more pages. Resellers, Consultants, Contractors, OEMers Take Note We have an active program for product and service resellers. We'd like to hear from you if you are interested in joining the growing eValid "quality website" delivery team. We also provide OEM solutions for internal and/or external monitoring, custom-faced testing browsers, and a range of other possibilities. Let us hear from you! Use this request form: http://www.soft.com/eValid/Information/question.request.html ======================================================================== Fifth International Workshop on Web Based Collaboration (WBC'05) August 22 - 26, 2005 Copenhagen (Denmark) http://www.kti.ae.poznan.pl/dexa_wbc2005/. In the last few years, the applicability and functionality of systems for collaboration support has expanded, leading to their growing application in organizational, communication, and cooperation processes. This provides opportunities to study their technical, business and social impacts. Usually an integration of incoming technology with existing organizational practices is very challenging. The knowledge gained from such experiences is a valuable resource for all those who plan to develop software tools to support team interaction. At the same time we observe a growing influence of World-Wide Web. WWW - by now the most popular service over the Internet - evolves rapidly, from a simple, read-only data storage system, as it was a few years ago, to nowadays universal, distributed platform for information exchange. New Web-based applications with freely distributed data, end-users, servers, and clients, operating worldwide, are central topics of many research activities. Recently the WWW has also been perceived as an attractive base for a distributed computer system supporting cooperative work, since the Internet is the most flexible network with the architecture that could support group activities to maximum extent. In parallel to the WWW evolution we observe a growing impact of new technologies: agent systems, mobile computing, workflow, and ubiquitous computing. We can expect that these technologies will also exert a large influence on group/organizational structures and processes. All the aforementioned emerging new technologies are exciting in their own right, but their technological and organizational integration to support collaboration raises many interesting questions and is a challenging, new research agenda. WBC'2005 is a continuation of the previous successful workshops on Web Based Collaboration, organized in September 2001 in Munich, Germany, in September 2002 in Aix-en-Provence, France, in September 2003 in Prague, Czech Republic and recently in September 2004 in Zaragoza, Spain. WBC'2005 attempts to integrate two themes of practice and research: the functional, organizational, and behavioral issues and the modeling or implementation issues associated with collaborative Web based work. WBC'2005 brings together practitioners and researchers from different domains working on design, development, management, and deployment of Web-based systems supporting teamwork within organizations. emphasis on their relation to collaboration. The Relevant topics may include the following (but not limited to): - Collaborative Systems: strategies of human cooperation over the Web, computer platforms and architectures in support of remote cooperation, mediators, wrappers, design and implementation issues of collaborative applications; - Agent Technologies: agents supporting cooperation, agents for finding, collecting and collating data on the Web, brokering agents, agent-communication languages; - Software Engineering: modelling languages and tools of collaborative systems, programming languages concepts and paradigms supporting cooperation,facilities and environments for implementing collaborative systems, languages for the descriptions of collaboration, cooperation and coordination between agents; - Interoperability Infrastructures: compositional software architectures in support of collaboration, combining distributed object management platforms with Web and Java for cooperative applications, middleware infrastructures, describing metadata on the Web, providing semantic interoperability through metadata, emerging interoperability standards; - Dataweb Technology and Database Infrastructure for collaboration: Web access to databases including Java Database Connectivity, database Web servers, Web interfaces to databases, database Web applications; - Workflow Systems: workflow architectures in support of collaboration processes, modeling of cooperation processes, truly distributed enactment services and interoperability of workflow engines, dynamic modification of running workflows; - Electronic Business: establishment of contacts, suppliers search and negotiation, contract negotiations, Business-to-Business and Business-to-Employee cooperation support, establishment and coordination of virtual enterprises, shared business processes. Program Committee Co-Chairs Prof. Waldemar Wieczerzycki (w.wieczerzycki@ae.poznan.pl, http://www.klit.ae.poznan.pl) Dr Jarogniew Rykowski (rykowski@kti.ae.poznan.pl, http://www.kti.ae.poznan.pl) The Poznan University of Economics Al. Niepodleglosci 10 60-967 Poznan POLAND ======================================================================== ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------ ======================================================================== QTN is E-mailed around the middle of each month to over 10,000 subscribers worldwide. To have your event listed in an upcoming issue E-mail a complete description and full details of your Call for Papers or Call for Participation at <http://www.soft.com/News/QTN-Online/subscribe.html> QTN's submittal policy is: o Submission deadlines indicated in "Calls for Papers" should provide at least a 1-month lead time from the QTN issue date. For example, submission deadlines for "Calls for Papers" in the March issue of QTN On-Line should be for April and beyond. o Length of submitted non-calendar items should not exceed 350 lines (about four pages). Longer articles are OK but may be serialized. o Length of submitted calendar items should not exceed 60 lines. o Publication of submitted items is determined by Software Research, Inc., and may be edited for style and content as necessary. DISCLAIMER: Articles and items appearing in QTN represent the opinions of their authors or submitters; QTN disclaims any responsibility for their content. TRADEMARKS: eValid, HealthCheck, eValidation, InBrowser TestWorks, STW, STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR, eValid, and TestWorks logo are trademarks or registered trademarks of Software Research, Inc. All other systems are either trademarks or registered trademarks of their respective companies. ======================================================================== -------->>> QTN SUBSCRIPTION INFORMATION <<<-------- ======================================================================== To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please use the convenient Subscribe/Unsubscribe facility at: <http://www.soft.com/News/QTN-Online/subscribe.html>. QUALITY TECHNIQUES NEWSLETTER Software Research, Inc. 1663 Mission Street, Suite 400 San Francisco, CA 94103 USA Phone: +1 (415) 861-2800 Toll Free: +1 (800) 942-SOFT (USA Only) FAX: +1 (415) 861-9801 Web: <http://www.soft.com/News/QTN-Online>