6. 6
âIt is not the strongest of the species that
survives, nor the most intelligent that survives.
It is the one that is most adaptable to change.â
9. 9
Some Great Lightning Talks Lined Up
1. Ensuring A Quality-first Approach In Software Development And
Implementation -- A Manager's Perspective with Amy Sawyer
2. Cybersecurity by Design Without Compromising UX and Quality
with John Klassen
3. Why Testers Belong at the Hackathon with Rachael Lovallo
4. New Age of Test Automation with Iryna Suprun
5. Useful UAT with Robin Goldsmith
6. From 3 to 1 Easier Said Than Done with Shiva Srinivasan
7. Automation Does Not Replace Collaboration with Stephen Kilbourn
#PNSQC2021
2020 Awards-Refreshments/Networking
Closing and Happy Hour
17. Kudos to last yearâs security talks!
â˘Daniel Kranowski: Security as the new Non-Functional
Requirement (NFR)
â˘Bhushan Gupta: Be Agile with Security
18.
19. Cybersecurity, UX, and Software Quality
Pick 2
â Why isnât every system Secure by Design?
â If you make security hard, people may work around it.
â What is the quality of your software supply chain?
â Cybersecurity, UX and Software Quality have become
interwoven. What are the ramifications?
20. Security cannot be an Afterthought
â The internet took off because of an open-trust model. But
that has also been a key failure from a security standpoint.
â Itâs not as if the hacking threat is new; itâs been going on,
and its scope and possible fixes have been known, for a
very long time.
â In April 1967, just before the ARPANETâs rollout, an
engineer named Willis Ware wrote a paper called
âSecurity and Privacy in Computer Systemsâ
21. Kick the can down the road
â The ARPANET dev team was annoyed. They begged their leader not to
saddle them with a security requirement.
â Letâs do this step by step, the team said. It had been hard enough to get
the system to work; the Russians wouldnât be able to match it for decades.
â So vast systems and networks would sprout up throughout the U.S. and
much of the world, without any provisions for security.
â Some security provisions would be backfitted later, but the vulnerability
that Ware and the later studies observed was built into the technology.
â And the Russians did catch up.
22. Get it working, then secure it
Security takes a backseat to new features, reliability, performance,
scalability, ease of use, integration, etc.
â Email
â Microsoft Windows
â Web Browser
âIf the Greeks were creating the Trojan Horse today, it would be a
web browser.â
23. âDetect not Preventâ Legacy
â Security isnât intrinsic and flaws are easy to introduce into products, so
we resort to scanning each file with 3rd
party tools to detect malware.
Thatâs not enough.
â Think evil, do good. Penetration testing is a good start.
â âWe didnât focus on how you could wreck this system intentionally,â said
Vinton G. Cerf, a parent of the Internet
â âCybersecurity is kind of like safe sex. Thereâs this sense that the
[Internet] providerâs not going to protect you. The governmentâs not
going to protect you. Itâs kind of up to you to protect yourself.â
- Janet Abbate, the Virginia Tech historian
24. Usable Cybersecurity
â Gold Standard for UX Security: Your users can still do everything they
did before installing [Security Tool] but now theyâre protected.
â No change to user behavior
â Imperceptible latency
â Does not block users from getting to the internet resources they need
to do their work
â "Ultimately for the user, security should be automatic and barely
noticeable.â*
25. Supply Chain Security
â Russians use known vulnerabilities to attack customers of SolarWinds by
adding malicious code to SolarWindsâ product* before updates are sent to
customers.
â Most software providers regularly send out updates to their systems,
whether it's fixing a bug or adding new features. SolarWinds is no
exception. Beginning as early as March 2020, SolarWinds unwittingly
sent out software updates to its customers that included the hacked code.
â The code created a backdoor to customer's systems, which hackers then
used to install even more malware that helped them spy on companies
and organizations.
â The idea is not new, just the hackerâs ability to execute.
27. Is it safe?
â Do you test software updates from your security vendors before you
install them?
â Or do you trust the security vendor to test for cybersecurity issues
before releasing their releases and patches?
â McAfee team Beaverton Oregon runs a multi-vendor âSoak Testâ
before sending code to customers
28. The Takeaway
Attackers are financially motivated, innovative and
persistent. Tools we use for good they use for evil.
Cybersecurity, UX and Software Quality have become
interwoven.
⢠Security canât be an island, a set of features to kick down the road.
⢠Security isnât effective if users refuse to use it
⢠Software Quality for Security: Think evil, do good.
36. Break, Drinks, and
#PNSQC2020 Award Ceremony
⢠Communication is Key: Lessons Learned from Testing in
Healthcare Technology - Rachael Lovallo
#PNSQC2021
⢠Iron Chef Cucumber: Cooking Up Software
Requirements That Get Great Results - Chris Cowell
⢠Of Machines and Men - Iryna Suprun
40. New Age of Test Automation
Iryna Suprun
Xand, NYC
41. Why it is so hard?
1. Still a challenging task after many many years of doing this.
2. Automation code should be better than software under test code. More
stable, more reliable, more trustworthy.
3. Growing complexity of the software under tests
42. Homegrown VS third-party
1. Homegrown tools a tailored suit - ďŹts you perfectly and looks great if
a. The people who build have adequate set of skills
b. There is enough time
c. The language and supporting technologies are selected correctly
2. Third party testing tool
a. Will never check all the boxes unless you building something trivial
and very standard
b. Good tool might be costly, you might need more than one
43. New(er) players on the market
â Why newer, not new? Too risky. Too many tried to solve automation
problems and failed
â âIndustry-Leadingâ, âGame changingâ, âTrusted by manyâ, âAI-basedâ,
âFuture of testingâ, âFully Autonomousâ
44. Easier but not easy
Visual Testing*
â Applitools https://applitools.com/
â Percy https://percy.io
â SmartBear https://crossbrowsertesting.com/
â SauceLabs https://saucelabs.com/
AI - based (test recording and automatic test generation)
â Test.ai https://www.test.ai/
â Mabl https://www.mabl.com/
â TestIm https://www.testim.io/
â Appvance IQ https://www.appvance.ai/
45. New approaches
Test generation based on production Data
â ProdPerfect Prodperfect.com - E2E test suites based on data-driven,
machine-led analysis of live user trafďŹc
Selenium alternative
â Cypress https://www.cypress.io/
46. New Problems to solve
Data quality testing
â BigEval https://bigeval.com/
â iCEDQ https://icedq.com/
AI-bias
â AI BRAT (AI Bias Risk Assesment Tool) http://bias.test.ai/
â Google What-If https://pair-code.github.io/what-if-tool/
47. Will it ever be easy?
â When software development will be easy
â New technologies can improve automation quality and speed
â We can use tools to make some processes easier and some less time
consuming
49. Useful UAT
- 49
Š2021 GO PRO MANAGEMENT, INC.
Useful UAT
GO PRO MANAGEMENT, INC.
SYSTEM ACQUISITION & DEVELOPMENT
QUALITY/TESTING
PRODUCTIVITY
22 CYNTHIA ROAD
NEEDHAM, MA 02494-1461
INFO@GOPROMANAGEMENT.COM
WWW.GOPROMANAGEMENT.COM
(781) 444-5753
Robin F. Goldsmith, JD
50. Useful UAT
- 50
Š2021 GO PRO MANAGEMENT, INC.
Whatâs Acceptance Testing
and Why Do Users Need to Do It?
Self-defense:
Acceptance Testing is the userâs chance
and duty to confirm the system works
properly, when used in a real manner,
from the userâs standpoint, before users
and the organization rely upon it.
Canât we just trust the developers to do their jobs right?
51. Useful UAT
- 51
Š2021 GO PRO MANAGEMENT, INC.
Traditional Development and Testing Gurus Tend
to Miss the Boat on UAT
⌸ Consider UAT a test to confirm productâs system
requirements--often expect a rubber stamp
⌸ Some testing books/courses say
⌸ UAT should be only positive/valid proof-of-concept tests to
demonstrate normal functionality
⌸ UAT should be a repeated subset of the System Test, run by
users
⌸ UAT simply needs one test for each functional requirement or
use case scenario
Yet, organizations continually rely on UAT to catch many missed problems
52. Useful UAT
- 52
Š2021 GO PRO MANAGEMENT, INC.
In Agile, Demo Purports to Be UAT
www.pixabay.com
53. Useful UAT
- 53
Š2021 GO PRO MANAGEMENT, INC.
Most Acceptance Testing Is Reactive
â At the end, based on system as
written
â Unplanned, unanticipating
â A lot of work, often with little payback
â Doesnât find many of the errors
â Adversarial, arguments
â Too late to fix errors anyhow
54. Useful UAT
- 54
Š2021 GO PRO MANAGEMENT, INC.
Users Often Lack Confidence in
How to Perform Acceptance Testing
â Donât know how to test (and often neither do
developers)
â âPlay with itâ
â âTry it outâ
â Donât know how to use system or how itâs
supposed to work
â âPush this buttonâ Why?
â Isnât this the developerâs job?
â Feel like they broke it
â User view often compromised
Proactive Testingâ˘
provides the basis for more
confident and effective user
participation
55. Useful UAT
- 55
Š2021 GO PRO MANAGEMENT, INC.
Proactive User Acceptance Criteriaâ˘--Not Just
Reacting to the Requirements
â What the users/customers/stakeholders (may be multiple perspectives)
must have demonstrated to be confident the delivered system works
â 5 categories
â Bet their jobs relying on the system
â Determination will be made whether or not it is conscious, planned, or
explicit
â True empowerment builds cooperation
â Ability to accept or reject delivered system
â Just asking for how decision will be made
56. Useful UAT
- 56
Š2021 GO PRO MANAGEMENT, INC.
Go Pro Management, Inc. Seminars/Consulting--Relation to Life Cycle
Proactive Systems/Software Quality Assurance (SQA)â˘
Feasibility
Analysis
Systems
Analysis
System
Design
Develop-
ment Implement-
ation Operations
Maintenance
Proactive Testing:
Risk-Based Test Planning,
Design, and Management
Testing Early in the Life Cycle
Credibly Managing Projects and Processes with Metrics
21 Ways to Test Requirements
Making You a Leader
Managing Software Acquisition and Outsourcing:
> Purchasing Software and Services
> Controlling an Existing Vendorâs Performance
Proactive User Acceptance Testing
Reusable Test Designs
Test Estimation
Risk
Analysis
Defining and Managing Business
Requirements
Writing Right Agile User Story and Acceptance
Test Requirements Right
System Measurement Test Process Management
ROI
57. Useful UAT
- 57
Š2021 GO PRO MANAGEMENT, INC.
Robin F. Goldsmith, JD
www.gopromanagement.com robin@gopromanagement.com
â President of Go Pro Management, Inc. consultancy since 1982, working directly with and training professionals in business engineering, requirements
analysis, software acquisition, project management, quality and testing.
â Partner with ProveIT.net in REAL ROI⢠and ROI Value Modelingâ˘.
â Previously a developer, systems programmer/DBA/QA, and project leader with the City of Cleveland, leading financial institutions, and a âBig 4â
consulting firm.
â Degrees: Kenyon College, A.B.; Pennsylvania State University, M.S. in Psychology; Suffolk University, J.D.; Boston University, LL.M. in Tax Law.
â Published author and frequent speaker at leading professional conferences.
â Formerly International Vice President of the Association for Systems Management and Executive Editor of the Journal of Systems Management.
â Founding Chairman of the New England Center for Organizational Effectiveness.
â Member of the Boston SPIN and SEPGâ95 Planning and Program Committees.
â Attendee Networking Coordinator for STAR, Better Software, and Test Automation Conferences.
â Chair of record-setting attendance BOSCON 2000 and 2001, ASQ Boston Sectionâs Annual Quality Conferences.
â Member IEEE Std. 829 for Software Test Documentation Standard Revision Committee.
â Member IEEE P730 standard for Software Quality Assurance Revision Committee.
â International Institute of Business Analysis (IIBA) Business Analysis Body of Knowledge (BABOK) subject expert.
â TechTarget SearchSoftwareQuality.com requirements and testing expert.
â Admitted to the Massachusetts Bar and licensed to practice law in Massachusetts.
â Author of book: Discovering REAL Business Requirements for Software Project Success
â Author of forthcoming book: Cut CreepâWrite Right Agile User Stories and Acceptance Tests
58. Welcome
(6) From 3 to 1 Easier Said Than Done
- Shiva Srinivasan
#PNSQC2021
61. Todayâs Speakers â Thank You!
The speakers today are your colleagues
with a story to tell.
If you enjoyed their presentation,
connect with and thank them.
#PNSQC2021
62. âWhat Do You Want To Go Today?â
62
What Do You Want To Learn Today?
63. Give us feedback
Let us know how to
improve your learning
effectiveness
â What content?
â What delivery
mechanism?
PNSQC
Your Learning Platform
63
65. PNSQC 2020 Diversity Scholarships
Thank you Partners!
Women Who Code
PDX Blacks in Tech
Latinx Tech PDX
Future Ada
#PNSQC2021
Thank You Scholarship Sponsors!
66. Ways To Get Involved with PNSQC
⢠Volunteer your services
â Edit technical blogs
â Review papers
â Work with your company to become a sponsor
â Organize volunteers & events
â Website mods
â Adwords
⢠Become an author at our annual conference
â or a contributor to our online blog and article
archive
⢠Support us on social media
⢠Become the program chair, or other chair-board
member
#PNSQC2021
69. Call for Volunteers
Please step up and volunteer at PNSQC
⢠BeneďŹts of volunteering:
⢠Professional development
⢠Contribution to industry
⢠Recognition by peers
Contact Us: Email Robert Anderson to get a free t-shirt!
Or add your name to the conference survey or contact us via PNSQC.org
PNSQC
is a non-proďŹt managed
by volunteers passionate
about software quality.
Our mission
is to enable knowledge
exchange to produce
higher quality software
#PNSQC2021