STARWEST 2006 Keynote Sessions
| Wednesday, October 18, 2006 8:45:00 AM|
How to Build Your Own Robot Army
Harry Robinson, Google, Inc.
Software testing is tough—it can be exhausting and there is never enough time to find all the important bugs. Wouldn't it be nice to have a staff of tireless servants working day and night to make you look good? Well, those days are here. Two decades ago, software test engineers were cheap and machine time was expensive, demanding test suites to run as quickly and efficiently as possible. Today, test engineers are expensive and CPUs are cheap, so it becomes reasonable to move test creation to the shoulders of a test machine army. But we're not talking about the run-of-the-mill automated scripts that only do what you explicitly told them … we're talking about programs that create and execute tests you never thought of and find bugs you never dreamed of. In this presentation, Harry Robinson will show you how to create your robot army using tools lying around on the Web. Most importantly, learn how to take appropriate credit for your army's work!
Harry Robinson is a Software Engineer in Test for Google. He coaches teams around the company in test generation techniques. His background includes ten years at AT&T Bell Labs, three years at Hewlett-Packard, and six years at Microsoft before joining Google in 2005. While at Bell Labs, he created a model-based testing system that won the 1995 AT&T Award for Outstanding Achievement in the Area of Quality. At Microsoft, he pioneered the test generation technology behind Test Model Toolkit, which won the Microsoft Best Practice Award in 2001. He holds two patents in software test automation methods, maintains the site www.model-based-testing.org, and speaks and writes frequently on software testing and automation issues.
| Wednesday, October 18, 2006 10:00:00 AM|
Software Security Testing: It’s Not Just for Functions Anymore
Gary McGraw, Cigital, Inc.
What makes security testing different from classical software testing? Part of the answer lies in expertise, experience, and attitude. Security testing comes in two flavors and involves standard functional security testing (making sure that the security apparatus works as advertised), as well as risk-based testing (malicious testing that simulates attacks). Risk-based security testing should be driven by architectural risk analysis, abuse and misuse cases, and attack patterns. Unfortunately, first generation "application security" testing misses the mark on all fronts. That's because canned black-box probes—at best—can show you that things are broken, but say very little about the total security posture. Join Gary McGraw to learn what software security testing should look like, what kinds of knowledge testers must have to carry out such testing, and what the results may say about security.
Gary McGraw Gary McGraw, Cigital, Inc.'s CTO, is a world authority on software security. Gary is author of several best selling books including: Software Security, Exploiting Software, Building Secure Software, Software Fault Injection, Securing Java, and Java Security. Gary holds a dual Ph.D. in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from University of Virginia. He is a member of the IEEE Security and Privacy Task Force and was recently elected to the IEEE Computer Society Board of Governors. Gary produces the Silver Bullet Security Podcast for IEEE Security & Privacy magazine, writes a monthly column for darkreading.com, and is often quoted in the press. www.cigital.com/~gem
| Wednesday, October 18, 2006 4:30:00 PM|
Dispelling Testing’s Top Ten Illusions
Lloyd Roden, Grove Consultants
Are illusions running your organization—distorting the truth and ultimately limiting testing’s effectiveness? Join Lloyd Roden as he unveils his list of the top ten illusions that we may face as testers and test managers. One illusion that we often encounter is “quality cannot be measured.” While it is difficult to measure, Lloyd believes it can and should be measured regularly, otherwise we never improve. Another illusion Lloyd often encounters is “anyone can test.” Typically when the project is behind schedule, inexperienced people are “drafted” to help with testing. While this gives us the illusion that more hands are better, we know the real impact of inexperienced people on the final product. While it is important to identify illusions when they appear, Lloyd will describe ways to reduce their impact or eliminate them entirely from your organization. Only then can we become ultra-effective test professionals who are respected within our organizations.
Lloyd Roden has been involved in the software industry since 1980, studying computer science at Leicester University. He has worked as a programmer with Pearl Assurance, as a Senior Independent Test Analyst for Royal Life, and a project manager for the Product Assurance department at Peterborough Software. In 1999 he joined Grove Consultants where he provides consultancy and training in all aspects of testing, specializing in test management, people issues in testing, and testautomation. Lloyd is a lively and enthusiastic speaker at conferences and seminars including EuroSTAR, AsiaSTAR, STAREAST, Software Test Automation, Test Congress, and Unicom conferences, as well as Special Interest Groups in Software Testing in a variety of different countries.
| Thursday, October 19, 2006 8:30:00 AM|
What Every Tester Needs to Know to Succeed in the Agile World
Jean Tabaka, Rally Software Development Corporation
Agile methodologies may be coming soon to a project near you. Agile software development holds the promise of faster development, less cost, fewer defects, and increased customer value, all while maintaining a sustainable work pace in a high morale environment. As a tester, you may be wondering, "How will agile affect me?" We’ve all heard stories that agile methodologies have no place for testers. In this presentation, Jean Tabaka changes that perspective. She will highlight the fundamental tenets of agile software development, the project management frameworks that support these tenets, and the engineering disciplines that naturally fit in these frameworks. For some testers, the agile approach can be a jolt to their long-held beliefs of how testing should be done. Jean will help you adapt to this new world by explaining how to make tests talk, using testing as a communications mechanism, eliminating defect logs, and identifying what you will not commit to do. In addition, she will provide guidance on avoiding common traps that newly commissioned agile testers encounter.
Jean Tabaka An agile coach with Rally Software, Jean Tabaka specializes in creating, coaching, and mentoring agile software teams. Jean brings more than twenty-five years of experience in software development to the agile plate in a variety of organizational contexts including internal IT departments, ISVs, government agencies, and consulting organizations. Jean’s work has spanned industries and continents, and she has implemented both plan-driven and agile development approaches for a variety of large and small ventures. A Certified Scrum Master, Certified Scrum Trainer, and Certified Professional Facilitator, Jean holds a Masters in Computer Science from Johns Hopkins University and is the author of Collaboration Explained: Facilitation Skills for Software Project Leaders.
| Thursday, October 19, 2006 4:15:00 PM|
Say Yes—or Say No? What to Do When You’re Faced with the Impossible
Johanna Rothman, Rothman Consulting Group, Inc.
The ability to communicate is a tester's—and test manager's—most important skill. Imagine this scenario. You’re a test manager. Your team is working as hard as they can. You’re at full capacity, trying to find time to test the new system your boss just gave you. And now your boss is in your office, asking you to take on one more assignment. What do you do? Say “Yes” or say “No”? Johanna Rothman shows you how to make a compelling case and communicate effectively the work you have and the work you can accomplish, making an impossible situation possible.
Johanna Rothman consults on managing high-technology product development. She uses pragmatic techniques for managing people, projects, and risk to create successful teams and projects. She’s helped a wide variety of organizations hire technical people, manage projects, and release successful products faster. Johanna is the co-author of the pragmatic Behind Closed Doors, Secrets of Great Management, author of the highly acclaimed Hiring the Best Knowledge Workers, Techies & Nerds: The Secrets & Science of Hiring Technical People, and is a regular columnist on StickyMinds.com.
| Friday, October 20, 2006 8:30:00 AM|
Session-Based Exploratory Testing: A Large Project Adventure
Bliss, Captaris, Inc.
Session-based exploratory testing has been proposed as a new and improved approach to software testing. It promotes a risk-conscious culture that focuses on areas where there are likely to be defects and allows for rapid course corrections in testing plans to accommodate testing “discoveries”, feature-creep, and schedule changes. How can a test manager take a highly talented manual testing team, accustomed to running test scripts, and introduce the agility of an exploratory approach? What can be done to communicate the risks inherent in feature-creep and schedule changes to senior stakeholders in a meaningful way? Bliss will demonstrate how he successfully implemented session-based exploratory testing while maintaining and even improving the code quality. Using the tool he developed (available for free download) and metrics available with this approach, stakeholders get real-time testing status reports and begin to understand their responsibilities in the process. They then learn how their decisions actually affect the quality of the product. With their new awareness, project stakeholders are more willing to negotiate changes that they might otherwise impose on the engineering teams. With session-based exploratory testing, you will discover that quality rapidly becomes everyone’s concern.
Bliss has worked in the software industry for fifteen years, beginning as a software engineer in 1991, development manager in 1993, and entering the Quality Assurance arena in 1998. Working for Captaris since 1996, he led the Quality Assurance Department until taking the role of RightFax Engineering Manager. Studying Geology at Western Kentucky University, he worked for the Center for Cave and Karst Studies exploring and mapping beneath Bowling Green, Kentucky. Bliss received a BS degree in Computer Science and Mathematics in 1991 from Grand Valley State University. He also works with Minor Planet Research discovering Potentially Hazardous Asteroids (PHAs).