sss ssss      rrrrrrrrrrr
                      ssss    ss       rrrr   rrrr
                     sssss     s       rrrr    rrrr
                     ssssss            rrrr    rrrr
                      ssssssss         rrrr   rrrr
                          ssssss       rrrrrrrrr
                    s      ssssss      rrrr  rrrr
                    ss      sssss      rrrr   rrrr
                    sss    sssss       rrrr    rrrr
                    s  sssssss        rrrrr     rrrrr
         +===================================================+
         +=======    Quality Techniques Newsletter    =======+
         +=======             October 2002            =======+
         +===================================================+

QUALITY TECHNIQUES NEWSLETTER (QTN) is E-mailed monthly to
Subscribers worldwide to support the Software Research, Inc. (SR),
TestWorks, QualityLabs, and eValid user communities and other
interested parties to provide information of general use to the
worldwide internet and software quality and testing community.

Permission to copy and/or re-distribute is granted, and secondary
circulation is encouraged by recipients of QTN provided that the
entire document/file is kept intact and this complete copyright
notice appears with it in all copies.  Information on how to
subscribe or unsubscribe is at the end of this issue.  (c) Copyright
2002 by Software Research, Inc.

========================================================================

                       Contents of This Issue

   o  Even More Difficult Questions in a Difficult Time

   o  Disabilities Acto Doesn't Cover Web (Article Excerpt)

   o  SQRL Report: Parnas and Soltys

   o  eValid Ver. 4.0 Now Available for Pre-Release Evaluation

   o  Software Development: Reality Bytes, By Warrne Keuffel

   o  Secuity Testing: 20 Most Common Vulnerabilities

   o  QTN Article Submittal, Subscription Information

========================================================================

         Even More Difficult Questions in a Difficult Time
                          by Edward Miller

Last year I asked QTN readers, and especially QW/QWE speakers and
the QW/QWE Advisory Board Members, to suggest what they thought were
the main concerns for the times regarding the general area of
software quality.

The questions concerned Quality Technology, Issues about the Web,
Industry Awareness of Quality Issues, XP, Process Methodologies such
as CMM and SPICE and ISO/9000, and Security and Integrity concerns.
There was a summary of the responses in the December 2001 issue of
QTN (see <http://www.soft.com/News/QTN-Online/qtndec02.html>).

As good as those responses were -- and they were "right on" in many
cases -- it seems to me in the present business and technological
climate there are some even deeper questions that present some
unique challenges.  So, below are some really hard questions that, I
believe, need to be asked within the software quality community --
and might be the basis for some very good discussions.

Not to even think about these things is to avoid reality, and that
can't be a good thing to do.  To think about them may bring better
focus onto the real issues facing the community.  So, here goes

* TECHNICAL ISSUES.  It's hard to believe "everything has been
  invented", but could it be true?  What are the real technical
  issues facing the software quality community?  Are there really
  any problems remaining that need to be solved that are not
  addressed by current methods?

* MANAGERIAL ISSUES.  Test/QA people are, in many instances, "second
  class citizens" -- is this news to any of our readers?  What keeps
  there from being more emphasis on systematic QA & Test?  How do we
  "get respect?"

* ECONOMIC ISSUES.  Everying in the QA/Test community is suffering
  -- is this news to any of our readers?  What are the factors
  holding back QA & Test business.

What do YOU think?

Please send your responses -- and, of course, any additional "tough
questions" -- to me at <miller@sr-corp.com>.


========================================================================

                 Disabilities Act Doesn't Cover Web
                        By Declan McCullagh
                    Staff Writer, CNET News.com

      Note: This article is an excerpt of the published item.
      The complete item is at:  <http://news.com.com/2100-
      1023-962761.html>.  This issue is important because
      assuring ADA compliance of websites may be an important
      economic issue.

October 21, 2002, 3:04 PM PT

A federal judge ruled Friday that Southwest Airlines does not have
to revamp its Web site to make it more accessible to the blind.

In the first case of its kind, U.S. District Judge Patricia Seitz
said the Americans with Disabilities Act (ADA) applies only to
physical spaces, such as restaurants and movie theaters, and not to
the Internet.

"To expand the ADA to cover 'virtual' spaces would be to create new
rights without well-defined standards," Seitz wrote in a 12-page
opinion dismissing the case. "The plain and unambiguous language of
the statute and relevant regulations does not include Internet Web
sites."

If Southwest had lost this case, and the decision had been upheld on
appeal, the outcome would have had far-reaching effects by imposing
broad new requirements on companies hoping to do business online.

Access Now, an advocacy group for the blind, and a blind man named
Robert Gumson filed the lawsuit in an attempt to compel Southwest to
redesign its Web site to make it easier for blind people to
navigate.  They admitted that it was possible for the blind to buy
tickets on Southwest's site, but argued it was "extremely
difficult."

Gumson, who said he had a screen reader with a voice synthesizer on
his computer, asked the judge to order Southwest to provide text
that could serve as an alternative to the graphics on its site and
to redesign the site's navigation bar to make it easier for him to
understand. He and his lawyers also asked for attorney fees and
costs.

The ADA says that any "place of public accommodation" must be
accessible to people with disabilities. The law, enacted in 1990,
lists 12 categories, including hotels, restaurants, shopping
centers, universities and bowling alleys.

Seitz said that because Congress was so careful to specify what
kinds of physical spaces are covered by the ADA, it's clear the act
does not apply to the Internet. She noted that the World Wide Web
Consortium had drafted accessibility guidelines, but said the
document was over three years old and there is no indication that
the guidelines are "a generally accepted authority."

========================================================================

         SQRL Report No. 7: David Parnas and Michael Soltys

The web address for downloading reports is:
<http://www.cas.mcmaster.ca/sqrl/sqrl_reports.html> Contact:
<burns@raid.cas.mcmaster.ca>

Abstract:  This paper discusses the issue of what constitutes "basic
science" for a Software Engineering program.  Accredited Enginering
programs all have a significant "basic science" component. For
traditional Engineering disciplines, this covers the physical
Sciences. While the physical sciences are also relevant for
Engineers specializing in software intensive products, additional
material is relevant. This paper proposes that certain areas of
"theory" are quite relevant to Software Engineering and should be
considered as basic science for that field.  Numerous illustrations
are included.

========================================================================

      eValid Ver. 4.0 Now Available for Pre-Release Evaluation
                      <http://www.e-valid.com>

The latest release of the popular eValid web site testing suite is
ready.  Ver 4.0 includes many new and powerful features:

  * Multi-Window Recording.  eValid is ready for XML and complex
    sites that use loads of JavaScript. Ver. 4.0 handles multi-
    window sites with full browser mode support.

  * Dashboard.  Confused about how eValid really works?  Now there
    is a new floating control dashboard that lets you run the main
    eValid modes without having to access the main eValid browser
    window.

  * Menu Options.  Now you can have a single-pulldown with every
    feature, or a set of separate pulldowns for the main eValid
    operating modes.

  * Preferences.  You'll love the way Ver. 4.0 handles user
    preference settings, with a single interface and standard
    format.  Yes, the powerful profile feature has been kept!

  * Interactive Site Analysis.  If you're used to using the site
    analyzer "spider in the browser" feature to review a website,
    you'll love the new capability to pause at each new page for 1
    or 10 seconds, or until you click a key.

Please see the Release Notes for complete details:
<http://www.soft.com/eValid/Products/Documentation.40/release.4.0.html>

There'll you find a description of other new features such as:

  > Validate and Save Screen Images.
  > Thin and Lite Playback Options.
  > Save & Validate Screens.
  > 3D Site Map.
  > Extended Mapping Filters.
  > Synthesized Input Data.
  > Special Memory Minimization Commands.
  > Extended System Interfacing Commands.
  > Unbeatable New Bundle and Feature Pricing.

eValid 4.0 licenses start at $495 for a basic record/playback
capability.  Separate licenses in various combinations are
available.  A complete license with all eValid functionality
(SiteMap, Functional Testing, Data Generation, Loading,
Timing/Tuning and is available at very attractive bundle price.

Demonstration versions available at:
<http://www.soft.com/eValid/Products/Download.40/down.evalid.40.phtml?status=FORM>

Or, send your license request to <licenses@e-valid.com> and we'll
get an eValid Ver. 4.0 key out to you right away.

For a limited time -- until the general announcement in mid-November
-- an upgrade from your eValid 3.n installation to Ver. 4.0 is
available for just $349.  Contact <info@evalid-com> to request an
upgrade quotation (please include your CID).

                      Software Research, Inc.
                         eValid Division,
                   1663 Mission Street, Suite 400
                   San Francisco, CA  94103  USA

                      Phone: +1 415.861.2800.
                       FAX: +1 415.861.9801.
                      Email: info@e-valid.com

========================================================================

                Software Development: Reality Bytes
                         By Warren Keuffel

      Summary: Putting process back into pedagogy, Lawrence
      Bernstein, David Klappholz and Catherine Kelley use hard
      knocks to teach student developers about programming in
      the real world.

What's the best way to train future software developers? To many
teachers, students and prospective employers, a computer science
degree is a good place to start.  Regardless of the pedagogical
path, however, there's something missing in most developers'
education: verisimilitude.

Lawrence Bernstein and David Klappholz of the Stevens Institute of
Technology and Catherine Kelley of Farleigh-Dickinson University
understand what kinds of educational experiences neophyte software
engineers need.  Earlier this year, I caught their presentation,
"Overcoming Aversion to Software Process through Controlled
Failure," at the Software Technology Conference held in Salt Lake
City, Utah-and was intrigued by their innovative methods for
teaching real-world software engineering.

                          Imposing Process

Bernstein, Klappholz and Kelley begin with the oft-stated premise
that large numbers of software projects bite the dust due to factors
such as failure to meet stake-holder requirements or to withstand
production loads, and are canceled before completion for a multitude
of reasons. They attribute this sorry state of affairs to those
currently employed in the industry not having accepted the benefits
of imposing a process on software projects. To this they add an
indictment of computer science (CS) faculty who, they assert, are
generally disdainful of software engineering and more interested in
state-of-the-art technology. This mix, they claim, produces
undergraduate students who are proficient in solving small, well-
defined problems-but inadequate in group dynamics and in addressing
problems requiring a long-term perspective.

With rapier wit, the researchers sardonically point out that staying
up late hacking and eating pizza is fun-certainly more so than
following state-of-the-practice software engineering discipline.
They conclude that most CS students resist learning the benefits of
process because they're not aware that they're likely to fail
without it.

                          Walking the Talk

To awaken an appreciation of software engineering process,
Bernstein, Klappholz and Kelley first asked their students to read
case studies of failed projects. But this caused them only to
recognize the stupidity of others. The solution? Make the students
live through a case history in order to experience the vital
importance of process, including appropriate requirements
engineering, risk and contingency plans, and adequate documentation.

The problem given to the students is disarmingly simple: Create an
overdue book-notice system for a 500-student elementary school
library. However, the system must be developed by using a single,
non-networked computer borrowed from the university computer lab-and
data may not be left on the computer from week to week.

After delivering a first-cut solution, students are sent back to the
drawing board with additional requirements that don't surface until
testing revealed their need. Then, with diabolical genius,
Bernstein, Klappholz and Kelley identify the best developer in each
student team and reassign that individual to another team-is the
sound you hear that of something hitting too close to home?

                  Irate Customers, Opaque Problems

In another exercise, students are required to analyze what's gone
wrong with a new system that had recently been turned on. Initially,
system performance was satisfactory, but after a few weeks, the
system died, and after restarting, performed sluggishly. Students
must deal with the real-world simulation of irate customers and
opaque problems.

All CS students would do well to share Bernstein, Klappoholz and
Kelley's understanding that what happens in the real world of
software development isn't always about writing a program, but
rather about dealing with changing requirements, employee turnover
and demanding customers. Then, we hope, they'll leave school
realizing that coding is only part of this business we call software
engineering.

      For more information, you can contact Lawrence Bernstein
      at <lbernstein@ieee.org>, David Klappholz at
      <d.klappholz@att.net> or Catherine Kelley at
      <clkelley@fdu.edu>.  Write Warren Keuffel directly at
      <wkeuffel@acm.org>, or post a message for all to read at
      <http://www.SDmagazine.com>'s Interface forum.  Warren
      Keuffel is senior contributing editor for Software
      Development.


========================================================================

         Security Testing -- 20 Most Common Vulnerabilities

"...three government agencies and the private SANS Institute
released a list of the 20 most common security vulnerabilities."

The article is found at:
<http://story.news.yahoo.com/news?tmpl=story&ncid=581&e=1&cid=581&u=/nm/20021002/tc_nm/tech_security_dc>

The updated list is at:  <http://www.sans.org/top20/>

========================================================================


========================================================================
    ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------
========================================================================

QTN is E-mailed around the middle of each month to over 10,000
subscribers worldwide.  To have your event listed in an upcoming
issue E-mail a complete description and full details of your Call
for Papers or Call for Participation to <qtn@sr-corp.com>.

QTN's submittal policy is:

o Submission deadlines indicated in "Calls for Papers" should
  provide at least a 1-month lead time from the QTN issue date.  For
  example, submission deadlines for "Calls for Papers" in the March
  issue of QTN On-Line should be for April and beyond.
o Length of submitted non-calendar items should not exceed 350 lines
  (about four pages).  Longer articles are OK but may be serialized.
o Length of submitted calendar items should not exceed 60 lines.
o Publication of submitted items is determined by Software Research,
  Inc., and may be edited for style and content as necessary.

DISCLAIMER:  Articles and items appearing in QTN represent the
opinions of their authors or submitters; QTN disclaims any
responsibility for their content.

TRADEMARKS:  eValid, STW, TestWorks, CAPBAK, SMARTS, EXDIFF,
STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR logo are
trademarks or registered trademarks of Software Research, Inc. All
other systems are either trademarks or registered trademarks of
their respective companies.

========================================================================
        -------->>> QTN SUBSCRIPTION INFORMATION <<<--------
========================================================================

To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to
CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please
use the convenient Subscribe/Unsubscribe facility at:

       <http://www.soft.com/News/QTN-Online/subscribe.html>.

As a backup you may send Email direct to <qtn@sr-corp.com> as follows:

   TO SUBSCRIBE: Include this phrase in the body of your message:
           subscribe <Email-address>

   TO UNSUBSCRIBE: Include this phrase in the body of your message:
           unsubscribe <Email-address>

Please, when using either method to subscribe or unsubscribe, type
the <Email-address> exactly and completely.  Requests to unsubscribe
that do not match an email address on the subscriber list are
ignored.

		QUALITY TECHNIQUES NEWSLETTER
		Software Research, Inc.
		1663 Mission Street, Suite 400
		San Francisco, CA  94103  USA

		Phone:     +1 (415) 861-2800
		Toll Free: +1 (800) 942-SOFT (USA Only)
		Fax:       +1 (415) 861-9801
		Email:     qtn@sr-corp.com
		Web:       <http://www.soft.com/News/QTN-Online>