sss ssss rrrrrrrrrrr ssss ss rrrr rrrr sssss s rrrr rrrr ssssss rrrr rrrr ssssssss rrrr rrrr ssssss rrrrrrrrr s ssssss rrrr rrrr ss sssss rrrr rrrr sss sssss rrrr rrrr s sssssss rrrrr rrrrr +===================================================+ +======= Quality Techniques Newsletter =======+ +======= October 2002 =======+ +===================================================+ QUALITY TECHNIQUES NEWSLETTER (QTN) is E-mailed monthly to Subscribers worldwide to support the Software Research, Inc. (SR), TestWorks, QualityLabs, and eValid user communities and other interested parties to provide information of general use to the worldwide internet and software quality and testing community. Permission to copy and/or re-distribute is granted, and secondary circulation is encouraged by recipients of QTN provided that the entire document/file is kept intact and this complete copyright notice appears with it in all copies. Information on how to subscribe or unsubscribe is at the end of this issue. (c) Copyright 2002 by Software Research, Inc. ======================================================================== Contents of This Issue o Even More Difficult Questions in a Difficult Time o Disabilities Acto Doesn't Cover Web (Article Excerpt) o SQRL Report: Parnas and Soltys o eValid Ver. 4.0 Now Available for Pre-Release Evaluation o Software Development: Reality Bytes, By Warrne Keuffel o Secuity Testing: 20 Most Common Vulnerabilities o QTN Article Submittal, Subscription Information ======================================================================== Even More Difficult Questions in a Difficult Time by Edward Miller Last year I asked QTN readers, and especially QW/QWE speakers and the QW/QWE Advisory Board Members, to suggest what they thought were the main concerns for the times regarding the general area of software quality. The questions concerned Quality Technology, Issues about the Web, Industry Awareness of Quality Issues, XP, Process Methodologies such as CMM and SPICE and ISO/9000, and Security and Integrity concerns. There was a summary of the responses in the December 2001 issue of QTN (see <http://www.soft.com/News/QTN-Online/qtndec02.html>). As good as those responses were -- and they were "right on" in many cases -- it seems to me in the present business and technological climate there are some even deeper questions that present some unique challenges. So, below are some really hard questions that, I believe, need to be asked within the software quality community -- and might be the basis for some very good discussions. Not to even think about these things is to avoid reality, and that can't be a good thing to do. To think about them may bring better focus onto the real issues facing the community. So, here goes * TECHNICAL ISSUES. It's hard to believe "everything has been invented", but could it be true? What are the real technical issues facing the software quality community? Are there really any problems remaining that need to be solved that are not addressed by current methods? * MANAGERIAL ISSUES. Test/QA people are, in many instances, "second class citizens" -- is this news to any of our readers? What keeps there from being more emphasis on systematic QA & Test? How do we "get respect?" * ECONOMIC ISSUES. Everying in the QA/Test community is suffering -- is this news to any of our readers? What are the factors holding back QA & Test business. What do YOU think? Please send your responses -- and, of course, any additional "tough questions" -- to me at <miller@sr-corp.com>. ======================================================================== Disabilities Act Doesn't Cover Web By Declan McCullagh Staff Writer, CNET News.com Note: This article is an excerpt of the published item. The complete item is at: <http://news.com.com/2100- 1023-962761.html>. This issue is important because assuring ADA compliance of websites may be an important economic issue. October 21, 2002, 3:04 PM PT A federal judge ruled Friday that Southwest Airlines does not have to revamp its Web site to make it more accessible to the blind. In the first case of its kind, U.S. District Judge Patricia Seitz said the Americans with Disabilities Act (ADA) applies only to physical spaces, such as restaurants and movie theaters, and not to the Internet. "To expand the ADA to cover 'virtual' spaces would be to create new rights without well-defined standards," Seitz wrote in a 12-page opinion dismissing the case. "The plain and unambiguous language of the statute and relevant regulations does not include Internet Web sites." If Southwest had lost this case, and the decision had been upheld on appeal, the outcome would have had far-reaching effects by imposing broad new requirements on companies hoping to do business online. Access Now, an advocacy group for the blind, and a blind man named Robert Gumson filed the lawsuit in an attempt to compel Southwest to redesign its Web site to make it easier for blind people to navigate. They admitted that it was possible for the blind to buy tickets on Southwest's site, but argued it was "extremely difficult." Gumson, who said he had a screen reader with a voice synthesizer on his computer, asked the judge to order Southwest to provide text that could serve as an alternative to the graphics on its site and to redesign the site's navigation bar to make it easier for him to understand. He and his lawyers also asked for attorney fees and costs. The ADA says that any "place of public accommodation" must be accessible to people with disabilities. The law, enacted in 1990, lists 12 categories, including hotels, restaurants, shopping centers, universities and bowling alleys. Seitz said that because Congress was so careful to specify what kinds of physical spaces are covered by the ADA, it's clear the act does not apply to the Internet. She noted that the World Wide Web Consortium had drafted accessibility guidelines, but said the document was over three years old and there is no indication that the guidelines are "a generally accepted authority." ======================================================================== SQRL Report No. 7: David Parnas and Michael Soltys The web address for downloading reports is: <http://www.cas.mcmaster.ca/sqrl/sqrl_reports.html> Contact: <burns@raid.cas.mcmaster.ca> Abstract: This paper discusses the issue of what constitutes "basic science" for a Software Engineering program. Accredited Enginering programs all have a significant "basic science" component. For traditional Engineering disciplines, this covers the physical Sciences. While the physical sciences are also relevant for Engineers specializing in software intensive products, additional material is relevant. This paper proposes that certain areas of "theory" are quite relevant to Software Engineering and should be considered as basic science for that field. Numerous illustrations are included. ======================================================================== eValid Ver. 4.0 Now Available for Pre-Release Evaluation <http://www.e-valid.com> The latest release of the popular eValid web site testing suite is ready. Ver 4.0 includes many new and powerful features: * Multi-Window Recording. eValid is ready for XML and complex sites that use loads of JavaScript. Ver. 4.0 handles multi- window sites with full browser mode support. * Dashboard. Confused about how eValid really works? Now there is a new floating control dashboard that lets you run the main eValid modes without having to access the main eValid browser window. * Menu Options. Now you can have a single-pulldown with every feature, or a set of separate pulldowns for the main eValid operating modes. * Preferences. You'll love the way Ver. 4.0 handles user preference settings, with a single interface and standard format. Yes, the powerful profile feature has been kept! * Interactive Site Analysis. If you're used to using the site analyzer "spider in the browser" feature to review a website, you'll love the new capability to pause at each new page for 1 or 10 seconds, or until you click a key. Please see the Release Notes for complete details: <http://www.soft.com/eValid/Products/Documentation.40/release.4.0.html> There'll you find a description of other new features such as: > Validate and Save Screen Images. > Thin and Lite Playback Options. > Save & Validate Screens. > 3D Site Map. > Extended Mapping Filters. > Synthesized Input Data. > Special Memory Minimization Commands. > Extended System Interfacing Commands. > Unbeatable New Bundle and Feature Pricing. eValid 4.0 licenses start at $495 for a basic record/playback capability. Separate licenses in various combinations are available. A complete license with all eValid functionality (SiteMap, Functional Testing, Data Generation, Loading, Timing/Tuning and is available at very attractive bundle price. Demonstration versions available at: <http://www.soft.com/eValid/Products/Download.40/down.evalid.40.phtml?status=FORM> Or, send your license request to <licenses@e-valid.com> and we'll get an eValid Ver. 4.0 key out to you right away. For a limited time -- until the general announcement in mid-November -- an upgrade from your eValid 3.n installation to Ver. 4.0 is available for just $349. Contact <info@evalid-com> to request an upgrade quotation (please include your CID). Software Research, Inc. eValid Division, 1663 Mission Street, Suite 400 San Francisco, CA 94103 USA Phone: +1 415.861.2800. FAX: +1 415.861.9801. Email: info@e-valid.com ======================================================================== Software Development: Reality Bytes By Warren Keuffel Summary: Putting process back into pedagogy, Lawrence Bernstein, David Klappholz and Catherine Kelley use hard knocks to teach student developers about programming in the real world. What's the best way to train future software developers? To many teachers, students and prospective employers, a computer science degree is a good place to start. Regardless of the pedagogical path, however, there's something missing in most developers' education: verisimilitude. Lawrence Bernstein and David Klappholz of the Stevens Institute of Technology and Catherine Kelley of Farleigh-Dickinson University understand what kinds of educational experiences neophyte software engineers need. Earlier this year, I caught their presentation, "Overcoming Aversion to Software Process through Controlled Failure," at the Software Technology Conference held in Salt Lake City, Utah-and was intrigued by their innovative methods for teaching real-world software engineering. Imposing Process Bernstein, Klappholz and Kelley begin with the oft-stated premise that large numbers of software projects bite the dust due to factors such as failure to meet stake-holder requirements or to withstand production loads, and are canceled before completion for a multitude of reasons. They attribute this sorry state of affairs to those currently employed in the industry not having accepted the benefits of imposing a process on software projects. To this they add an indictment of computer science (CS) faculty who, they assert, are generally disdainful of software engineering and more interested in state-of-the-art technology. This mix, they claim, produces undergraduate students who are proficient in solving small, well- defined problems-but inadequate in group dynamics and in addressing problems requiring a long-term perspective. With rapier wit, the researchers sardonically point out that staying up late hacking and eating pizza is fun-certainly more so than following state-of-the-practice software engineering discipline. They conclude that most CS students resist learning the benefits of process because they're not aware that they're likely to fail without it. Walking the Talk To awaken an appreciation of software engineering process, Bernstein, Klappholz and Kelley first asked their students to read case studies of failed projects. But this caused them only to recognize the stupidity of others. The solution? Make the students live through a case history in order to experience the vital importance of process, including appropriate requirements engineering, risk and contingency plans, and adequate documentation. The problem given to the students is disarmingly simple: Create an overdue book-notice system for a 500-student elementary school library. However, the system must be developed by using a single, non-networked computer borrowed from the university computer lab-and data may not be left on the computer from week to week. After delivering a first-cut solution, students are sent back to the drawing board with additional requirements that don't surface until testing revealed their need. Then, with diabolical genius, Bernstein, Klappholz and Kelley identify the best developer in each student team and reassign that individual to another team-is the sound you hear that of something hitting too close to home? Irate Customers, Opaque Problems In another exercise, students are required to analyze what's gone wrong with a new system that had recently been turned on. Initially, system performance was satisfactory, but after a few weeks, the system died, and after restarting, performed sluggishly. Students must deal with the real-world simulation of irate customers and opaque problems. All CS students would do well to share Bernstein, Klappoholz and Kelley's understanding that what happens in the real world of software development isn't always about writing a program, but rather about dealing with changing requirements, employee turnover and demanding customers. Then, we hope, they'll leave school realizing that coding is only part of this business we call software engineering. For more information, you can contact Lawrence Bernstein at <lbernstein@ieee.org>, David Klappholz at <d.klappholz@att.net> or Catherine Kelley at <clkelley@fdu.edu>. Write Warren Keuffel directly at <wkeuffel@acm.org>, or post a message for all to read at <http://www.SDmagazine.com>'s Interface forum. Warren Keuffel is senior contributing editor for Software Development. ======================================================================== Security Testing -- 20 Most Common Vulnerabilities "...three government agencies and the private SANS Institute released a list of the 20 most common security vulnerabilities." The article is found at: <http://story.news.yahoo.com/news?tmpl=story&ncid=581&e=1&cid=581&u=/nm/20021002/tc_nm/tech_security_dc> The updated list is at: <http://www.sans.org/top20/> ======================================================================== ======================================================================== ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------ ======================================================================== QTN is E-mailed around the middle of each month to over 10,000 subscribers worldwide. To have your event listed in an upcoming issue E-mail a complete description and full details of your Call for Papers or Call for Participation to <qtn@sr-corp.com>. QTN's submittal policy is: o Submission deadlines indicated in "Calls for Papers" should provide at least a 1-month lead time from the QTN issue date. For example, submission deadlines for "Calls for Papers" in the March issue of QTN On-Line should be for April and beyond. o Length of submitted non-calendar items should not exceed 350 lines (about four pages). Longer articles are OK but may be serialized. o Length of submitted calendar items should not exceed 60 lines. o Publication of submitted items is determined by Software Research, Inc., and may be edited for style and content as necessary. DISCLAIMER: Articles and items appearing in QTN represent the opinions of their authors or submitters; QTN disclaims any responsibility for their content. TRADEMARKS: eValid, STW, TestWorks, CAPBAK, SMARTS, EXDIFF, STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR logo are trademarks or registered trademarks of Software Research, Inc. All other systems are either trademarks or registered trademarks of their respective companies. ======================================================================== -------->>> QTN SUBSCRIPTION INFORMATION <<<-------- ======================================================================== To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please use the convenient Subscribe/Unsubscribe facility at: <http://www.soft.com/News/QTN-Online/subscribe.html>. As a backup you may send Email direct to <qtn@sr-corp.com> as follows: TO SUBSCRIBE: Include this phrase in the body of your message: subscribe <Email-address> TO UNSUBSCRIBE: Include this phrase in the body of your message: unsubscribe <Email-address> Please, when using either method to subscribe or unsubscribe, type the <Email-address> exactly and completely. Requests to unsubscribe that do not match an email address on the subscriber list are ignored. QUALITY TECHNIQUES NEWSLETTER Software Research, Inc. 1663 Mission Street, Suite 400 San Francisco, CA 94103 USA Phone: +1 (415) 861-2800 Toll Free: +1 (800) 942-SOFT (USA Only) Fax: +1 (415) 861-9801 Email: qtn@sr-corp.com Web: <http://www.soft.com/News/QTN-Online>