sss ssss rrrrrrrrrrr ssss ss rrrr rrrr sssss s rrrr rrrr ssssss rrrr rrrr ssssssss rrrr rrrr ssssss rrrrrrrrr s ssssss rrrr rrrr ss sssss rrrr rrrr sss sssss rrrr rrrr s sssssss rrrrr rrrrr +===================================================+ +======= Quality Techniques Newsletter =======+ +======= May 2005 =======+ +===================================================+ QUALITY TECHNIQUES NEWSLETTER (QTN) is E-mailed monthly to subscribers worldwide to support the Software Research, Inc. (SR), eValid, and TestWorks user communities and to other interested parties to provide information of general use to the worldwide internet and software quality and testing community. Permission to copy and/or re-distribute is granted, and secondary circulation is encouraged, provided that the entire QTN document/file is kept intact and this complete copyright notice appears in all copies. Information on how to subscribe or unsubscribe is at the end of this issue. (c) Copyright 2004 by Software Research, Inc. ======================================================================== Contents of This Issue o eValid: Latest News, News, New Features, Updates o 21st Annual UK Performance Engineering Workshop o Security Measurements and Metrics: Quality of Protection 2005 o 2nd International Workshop on Hypermedia and Web Engineering o eValid: Usage Recommendations o Ten Critical QA Traps o Web Engineering Journal o Innovative Testing and Feasible V&V of Software Systems o Visualizing Software for Understanding and Analysis o QTN Article Submittal, Subscription Information ======================================================================== eValid: Latest News, New Features, Updates eValid is the premier WebSite Quality Testing & Analysis Suite. eValid solutions help organizations maintain e-Business presence, improve WebSite quality and performance, reduce down time, prevent customer loss, and control costs. eValid's Web Analysis and Testing Suite is comprehensive, yet scalable and easy to use, and applies to a wide range of web applications. Because eValid is implemented inside an IE-equivalent browser you are guaranteed to get 100% realistic user experience results. Support for ASPs with Commercial License ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ License restrictions often limit how a consultant or a contractor -- or Application Service Providers (ASPs) firm -- can use eValid and deliver the results to clients. eValid's licensing now includes a new option for ASPs that will simplify life, so both you and your clients can benefit from eValid technology: http://www.soft.com/eValid/Products/License/Commercial/asp.support.html Ramping Up of LoadTest Runs ^^^^^^^^^^^^^^^^^^^^^^^^^^^ In server loading experiments a main goals often is to study how the server complex responds to activity load that "steps up" at regular, pre-programmed intervals. Here's how to do this in eValid LoadTest scenarios: http://www.soft.com/eValid/Products/Documentation.5/Loading/ramping.html Playback Startup Sequence ^^^^^^^^^^^^^^^^^^^^^^^^^ To minimize playback de-synchronization as much as possible, the latest eValid builds have a new and more-powerful recording startup sequence. The new startup sequence helps you manage disk cache and cookie processing more reliably: http://www.soft.com/eValid/Products/Documentation.5/Testing/start.recording.html LoadTest Scenario Editor ^^^^^^^^^^^^^^^^^^^^^^^^ eValid now includes a scenario editor that makes the job of setting up a LoadTest simple. It's got: * Ability to create a server loading scenario that focuses attention on how users and user types are allocated. * Ability edit and re-edit existing or new loadtest scenarios. * Capability to automatically generate the underlying *evl page. Complete details on the scenario editor can be found at: http://www.soft.com/eValid/Products/Documentation.5/Loading/scenario.edit.html HTTP Detailed Reporting ^^^^^^^^^^^^^^^^^^^^^^^ An enhanced capability for monitoring detailed HTTP download times and download errors has been added to the eValid playback engine. Users can select to have HTTP errors reported as WARNINGs or ERRORs. In addition, detailed timing logs generated by eValid now include the specific byte size and download time of each page component separately. For complete details see: http://www.soft.com/eValid/Products/Documentation.5/Settings/project.log.filters.html Product Download Details ^^^^^^^^^^^^^^^^^^^^^^^^^ Here is the URL for downloading eValid if you want to start [or re- start] your evaluation: http://www.soft.com/eValid/Products/Download.5/down.evalid.5.phtml?status=FORM Contact Us With Your Questions ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ We welcome your questions about eValid and its applications. We promise a response to every question in ONE BUSINESS DAY if you use the WebSite request form: http://www.soft.com/eValid/Information/info.request.html ======================================================================== 21st Annual UK Performance Engineering Workshop July 14-15 2005 University of Newcastle-upon-Tyne http://www.staff.ncl.ac.uk/nigel.thomas/UKPEW2005/ UKPEW is the leading UK forum for the presentation of all aspects of performance modeling and analysis of computer and telecommunication systems. Original papers are invited on all relevant topics but papers on or related to the subjects listed below are particularly welcome. - Stochastic modeling of computer systems and networks. - Tools for all aspects of performance engineering from workload characterization to operational analysis. - Modeling paradigms including, but not limited to: Stochastic Process Algebras, - Stochastic Petri Nets and Queueing Theory. - Solution and simplification techniques for large Markov processes. - Formal notations for performance modeling. - Modeling and analysis of reliability and performance guarantees. - Performance-oriented design methods. - Novel techniques in computer system simulation. - Case studies and industrial reports. - Experience and evaluation of existing tools and techniques. This workshop is the primary event at which the UK performance community can get together to present and discuss their work. While primarily aimed at UK based performance engineers, we also welcome contributions from researchers working in other countries and those whose interest in performance is derived from experience in other fields. It provides an ideal opportunity for academics, industrialists and PhD students to relate experience and to present both finished work and work in progress. The event has been organized to sustain the atmosphere of informality that previous UKPEW's have fostered. As well as sessions for presenting the papers submitted, it will also be possible to organize a session of short presentations of work in progress. All enquiries should be directed to nigel.thomas@ncl.ac.uk ======================================================================== Security Measurements and Metrics: QUALITY of PROTECTION - QoP 2005 http://dit.unitn.it/~qop/ Milano, Italy, Thu. 15 September 2005. WORKSHOP OVERVIEW Information Security in Industry has matured in the last few decades. Standards such as ISO17799, the Common Criteria, a number of industrial certification and risk analysis methodologies have raised the bar on what is considered a good security solution from a business perspective. Yet, if we compare Information Security with Networking or Empirical Software Engineering we find a major difference. Networking research has introduced concepts such as Quality of Service and Service Level Agreements. Conferences and Journals are frequently devoted to performance evaluation, QoS and SLAs. Empirical Software Engineering has made similar advances. Notions such as software metrics and measurements are well established. Processes to measure the quality and reliability of software exist and are appreciated in industry. Security looks different. Even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature but still have a qualitative flavour. The "QoP field" in WS-Security is just a data field to specify a cryptographic algorithm. Indeed, neither ISO17799 nor ISO15408 (the Common Criteria) addresses QoP sufficiently. ISO17799 is a management standard, not directly concerned with the actual quality of protection achieved; ISO15408 is instead a product assessment standard and yet does not answer the question of how a user of a product assessed by it can achieve a high QoP within his/her operational environment. Both standards cover just one aspect of an effective QoP and even the combination of both would not address the aspect sufficiently. "Best practice" standards, such as the baseline protection standard published by many government agencies, also belong to the category of standards that are useful, but not sufficient, for achieving a good QoP. Security is different also in another respect. A very large proportion of recorded security incidents has a non-IT cause. Hence, while the networking and software communities may concentrate on technical features (networks and software), security requires a much wider notion of "system", including users, work processes, organizational structures in addition to the IT infrastructure. The QoP Workshop intends to discuss how security research can progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics in Empirical Software Engineering. SUBMISSION TOPICS: Original submissions are solicited from industry and academic experts to presents their work, plans and views related to Quality of Protection. The topics of interest include but are not limited to: * Industrial Experience * Security Risk Analysis * Security Quality Assurance * Measurement-based decision making and risk management * Empirical assessment of security architectures and solutions * Mining data from attacks and vulnerabilities repositories * Security metrics * Measurement theory and formal theories of security metrics * Security measurement and monitoring, * Experimental verification and validation of models, * Simulation and statistical analysis, stochastic modeling * Reliability analysis ======================================================================== 2nd International Workshop on Hypermedia and Web Engineering (http://www.hpclab.ceid.upatras.gr/ht05we/) in conjunction with ACM Hypertext 2005, Salzburg, September 6-9, 2005 (http://www.ht05.org/) The goal of this workshop is to bring together researchers and developers from academia and industry to exchange ideas about the problems they are facing during current Web / Hypermedia Projects, and to discuss good practices and successful case studies (concrete examples, designs and applications), as well as recent and innovative results in Web and Hypermedia Engineering. Web and Hypermedia engineering have provided several important research and practical results especially during the last decade. However, very few of them have transferred to real-life projects. Engineers are unable to study all these results, since it is a time consuming task, difficult to be accomplished in the strict timeline of a project. As a consequence, web & hypermedia research results are not used adequately (if at all) during the development of current Hypermedia / Web Information Systems. As more research results come up every year, they constitute a very complex information space that itself need to be engineered, in order to be provided to developers in a meaningful and comprehensive way. The main objective of this workshop is to survey, evaluate and discuss the current practices, techniques and theory in the engineering of modern Web / Hypermedia Information Systems. We especially encouraging submissions that emphasize the "work" aspect based on concrete examples and designs, to facilitate discussions among participants. The expected outcome of the workshop would be a set of recommendation for methodologists, designers, and applications developers regarding the main technical problems in developing Hypermedia and Web Applications. TOPICS OF INTEREST - project management: process and product models - systems architecture and modelling - application development - metrics (quality assurance, performance) - technologies and tools survey & evaluation - design patterns and good practices - integration (methodologies, practices and tools) WORKSHOP ORGANISERS Dr. Sotiris Christodoulou High Performance Information Systems Lab. Computer Engineering and Informatics Dept. University Of Patras, Greece Phone: +302610993805 Fax: +302610997706 e-mail: spc@hpclab.ceid.upatras.gr Web: http://www.hpclab.ceid.upatras.gr/spc/ Dr. Michail Vaitis Department of Geography University of the Aegean GR-811 00 Mytilene, Greece Phone: +30 22510 36433 Fax: +30 22510 36409 e-mail: vaitis@aegean.gr Web: http://www.aegean.gr/Geography/eng/staff/cv/vaitis-eng.htm ======================================================================== eValid -- Some General Recommendations Here are common eValid problem areas and references to pages that provide general good-practice recommendations. * Functional Testing Recording and playing scripts, with validation, is a sure way to confirm operation of a web site or web application. o Protecting Login Account Names and Passwords If you are recording logging into a site, eValid will need to make a record of your account name and password. For the best security, you should record login and password details in encrypted form. There's an option in the Script Window Dialog to turn on the Encoded Input option that protects critical private information. See: http://www.soft.com/eValid/Products/Documentation.5/Testing/encode.input.html> o Initial State Being a fully stateful recording and playback engine, eValid is very sensitive to the initial state when playback begins. Here are some recommendations about to manage your test's Initial State effectively. See: http://www.soft.com/eValid/Products/Documentation.5/Testing/initial.conditions.html o Session Cookies Session cookies are remembered inside eValid and the surest way to clear them is to close eValid and launch it again. o Modal Dialogs/Logins Because of the nature of modal dialogs you may not be able to use them directly. Instead, eValid provides a way to construct a reliable script by creating the correct commands via the Script Window Dialog. Check the documentation on modal dialog support and on testing modal logins: http://www.soft.com/eValid/Products/Documentation.5/Testing/modal.html http://www.soft.com/eValid/Products/Documentation.5/Testing/modal.hints.html o Opaque Objects Certain objects are opaque relative to eValid's internal view of web page properties, and have to be treated differently. These object types include Java Applets and FLASH objects, discussed here: http://www.soft.com/eValid/Applications/java.applet/index.html http://www.soft.com/eValid/Products/Documentation.5/Advanced.Testing/flash.cookbook.html In addition, it may be helpful to see how to use eValid's Application Mode: http://www.soft.com/eValid/Products/Documentation.5/Advanced.Testing/application.mode.html * Server Loading eValid applies load to a server with multiple eValid browser instances. o Machine Adjustments If you want to get more than ~25 eValid copies running at on time you probably need to make Machine Adjustments to optimize your computer as a server loading engine. See: http://www.soft.com/eValid/Products/Documentation.5/Loading/machine.html o Ramping LoadTest Runs The most common form of application includes ramping up server load so you can study how the server performance degrades due to increasing load. http://www.soft.com/eValid/Products/Documentation.5/Loading/ramping.html * Site Analysis eValid site analysis runs are a powerful way to confirm website properties. o Avoid Logout During Scan A common problem during a site analysis scan is that eValid logs you out before the scan is done! This happens when you start the scan after logging into a protected area and the eValid search spider navigates you to the "logout" page. The way to avoid this is to make sure that your Blocked URLs List includes "logout" and "signoff". See: http://www.soft.com/eValid/Products/Documentation.5/Mapping/exclude.html ======================================================================== Ten Critical QA Traps Quality assurance isn't what it used to be. It isn't where or when it used to be, either. Whether you're talking about applications for internal use for software products for market, the development cycle has changed considerably in recent years. The following is a list of 10 common QA traps. Now, they may seem like common sense, but in our almost twenty years of testing experience, we have often seen great companies with great products fall into these traps. 1. Unclear ownership of product quality. 2. No overall test program design or goals. 3. Non-existent or ill-defined test plans and cases. 4. Testing that focuses narrowly on functional cases. 5. No ad hoc, stress or boundary testing.=20 6. Use of inconsistent or incorrect testing methodology. 7. Relying on inexperienced testers. 8. Improper use of tools and automation, resulting in lost time and reduced ROI. 9. No meaningful metrics for tracking bugs and driving quality back into development. 10. Incomplete regression cycle before software release. To avoid these traps, it is important to incorporate best practices into your quality assurance process. The process should include an evaluation of where you are with quality assurance today, what your QA goals are, what the gaps are in the process, and finally you should build a roadmap to obtain your goals. Only after these steps have been taken can you avoid these quality assurance traps. (Note: This piece was included in the VeriTest Spring 2005 Newsletter). ======================================================================== Web Engineering Journal The International Journal of Information Technology and Web Engineering An official publication of the Information Resources Management Association Published: Quarterly (Print and Electronic) Deadline: July 15 Editor-in-Chief David C. Rine Professor of Computer Science George Mason University Drine@gmu.edu Co-Editor-in-Chief Ghazi I. Alkhatib Senior Lecturer of MIS Qatar College of Technology alkhatib.JITWENG@qu.edu.qa Organizations are continuously overwhelmed by a variety of new information technologies, many Web based. These new technologies are capitalizing on the widespread use of network and communication technologies for seamless integration of various issues in information and knowledge sharing within and among organizations. This emphasis on integrated approaches is unique to this journal and dictates cross platform and multidisciplinary strategy to research and practice. Among topics to be included (but not limited to) are the following: - Web systems architectures, including distributed, grid computer, and communication systems processing - Web systems engineering design - Web systems performance engineering studies - Web user interfaces design, development, and usability engineering studies - RFID research and applications in web engineered systems - Mobile, location-aware, and ubiquitous computing - Ontology and semantic Web studies - Software agent-based applications - Integrated user profile, provisioning, and context-based processing - Security, integrity, privacy and policy issues - Quality of service and service level agreement issues among integrated systems - Information filtering and display adaptation techniques for wireless devices - Metrics-based performance measurement of IT-based and Web-based organizations - Data analytics for business and government organizations - Integrated heterogeneous and homogeneous workflows and databases within and across organizations and with suppliers and customers - Case studies validating Web-based IT solutions - Data and knowledge capture and quality issues - Data and knowledge validation and verification - Knowledge structure, classification and search algorithms or engines - Strategies for linking business needs and IT - IT readiness and technology transfer studies - IT Education and Training - Human factors and cultural impact of IT-based systems - Virtual teams and virtual enterprises: communication, policies, operation, creativity, and innovation - Competitive/intelligent information systems Publisher The International Journal of Information Technology and Web Engineering will be published by Idea Group Inc., publisher of Idea Group Publishing, Information Science Publishing, IRM Press, Cybertech Publishing, and Idea Group Reference imprints. For additional information regarding manuscript submission and subscriptions, please contact the Co-Editor-in-Chief at, alkhatib.JITWENG@qu.edu.qa, DavidCRine@aol.com, or contact the publisher at cchandler@idea-group.com or visit their website at http://www.idea-group.com. ======================================================================== Innovative Testing and Feasible Verification & Validation of Software Systems VVSS2005 Testing is confronted with a demand for reducing its cost. Therefore it should provide more explicitly its added value to its users. This requires more intelligent testing that clearly shows its effectiveness and efficiency. At the same time we see a growing interest in formal methods, e.g., to address problems of software application in the automotive industry. But the question still remains on the feasibility of V&V methods and techniques in industrial practices. At the VVSS2005 symposium we will address both: Testing as well as Verification and Validation. The symposium will include invited presentations, tool exhibitions and poster sessions. It will be organized on the 24th of November 2005 at Technische Universiteit Eindhoven. VVSS 2005 is offering its speakers a unique opportunity to present problems, solutions and experiences with Testing and Verification & Validation of Software Systems. We invite practitioners, customers as well as researchers for a presentation in one of our 8 tracks. The timeframe for a presentation is 45 minutes or 30 minutes, including 10 respectively 5 minutes for questions. The Symposium is organized by the Laboratory for Quality Software (Laquso; www.laquso.com <http://www.laquso.com/> ) which is a joint activity of Technische Universiteit Eindhoven and Radboud University of Nijmegen. Dr. Ir. Teade Punter - ICT Consultant LaQuSo - Laboratory for Quality Software HG 5.91 Campus Technische Universiteit Eindhoven P.O. Box 513, 5600 MB Eindhoven Tel: +31 40(0) 2472526 (direct: 2473735) Mail: t.punter@laquso.com Laquso webpage: http://www.laquso.com Personal webpage: http://www.teadepunter.nl ======================================================================== VISSOFT 2005 3rd IEEE International Workshop on Visualizing Software for Understanding and Analysis Budapest, Hungary September 25th, 2005 http://www.sdml.info/vissoft05/ The VISSOFT 2005 workshop will focus on visualization techniques that draw on aspects of software maintenance, program comprehension, reverse engineering, and reengineering. This event will gather tool developers, users and researchers in a unique format to learn about, experience, and discuss techniques for visualizing software for understanding and analysis. The goals of the workshop are to work towards being able to answer the question of what is a good representation for a given situation, data availability, and required tasks. POSITIONN PAPERS: We solicit thought-provoking position style papers that will be presented and used for discussion during the workshop. Criteria for selection will be based on the clarity of the paper and the appropriateness of the topic for a group discussion. Note we strongly encourage tool users to submit papers that discuss what they would like to see the tool designers deliver in their tools, as well as position papers from tool designers. Position papers will be available in advance of the workshop and attendees will be encouraged to browse them beforehand to improve the discussion. Position papers should have a maximum of 6 pages in IEEE proceedings format. Papers accepted to the workshop will be published in a Computer Society Press Proceedings. Note that the proceedings will be printed in black and white. TOOL DEMONSTRATIONS: Interested tool designers should submit a description of their tool and how it can be used to enhance understanding. Submissions should have a maximum of 2 pages with additional 2 pages with the description of the demonstration and screen captures if needed). The number of tools demonstrated will be limited (by the size of the room). Criteria for selection will be on the maturity of the tool (for example, can the participants try it), innovative aspects and the quality of the description of the tool and the tasks it supports. We are particularly interested in software visualization tools that assist in understanding the static and dynamic aspects of the software during software maintenance and development. TOOL COMPETITION: In order to encourage collaboration and coordination between presentations, we suggest that participants consider demonstrating their software tool using a similar software system. Details on the software system and available data will be posted on the workshop website at www.sdm.info/vissoft05/ . ORGANIZERS Stephane Ducasse, University of Berne, Switzerland and Universiti de Savoie, France ducasse@iam.unibe.ch Michele Lanza, University of Lugano, Switzerland michele.lanza@unisi.ch Andrian Marcus, Wayne State University, USA amarcus@wayne.edu Jonathan I. Maletic, Kent State University, USA jmaletic@cs.kent.edu Margaret-Anne Storey, University of Victoria, Canada mstorey@uvic.ca ======================================================================== ======================================================================== ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------ ======================================================================== QTN is E-mailed around the middle of each month to over 10,000 subscribers worldwide. To have your event listed in an upcoming issue E-mail a complete description and full details of your Call for Papers or Call for Participation at <http://www.soft.com/News/QTN-Online/subscribe.html> QTN's submittal policy is: o Submission deadlines indicated in "Calls for Papers" should provide at least a 1-month lead time from the QTN issue date. For example, submission deadlines for "Calls for Papers" in the March issue of QTN On-Line should be for April and beyond. o Length of submitted non-calendar items should not exceed 350 lines (about four pages). Longer articles are OK but may be serialized. o Length of submitted calendar items should not exceed 60 lines. o Publication of submitted items is determined by Software Research, Inc., and may be edited for style and content as necessary. DISCLAIMER: Articles and items appearing in QTN represent the opinions of their authors or submitters; QTN disclaims any responsibility for their content. TRADEMARKS: eValid, HealthCheck, eValidation, InBrowser TestWorks, STW, STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR, eValid, and TestWorks logo are trademarks or registered trademarks of Software Research, Inc. All other systems are either trademarks or registered trademarks of their respective companies. ======================================================================== -------->>> QTN SUBSCRIPTION INFORMATION <<<-------- ======================================================================== To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please use the convenient Subscribe/Unsubscribe facility at: <http://www.soft.com/News/QTN-Online/subscribe.html>. QUALITY TECHNIQUES NEWSLETTER Software Research, Inc. 1663 Mission Street, Suite 400 San Francisco, CA 94103 USA Phone: +1 (415) 861-2800 Toll Free: +1 (800) 942-SOFT (USA Only) FAX: +1 (415) 861-9801 Web: <http://www.soft.com/News/QTN-Online>