Preparing Software Development Plan
The writing of quality software is more frequently than not the consequence of picky test projecting. A substantial Master Test program works as a route-map for all software examination to be attempted for a plan and points which stages of testing will be admitted at the assorted levels of development. The Master Test Plan should reflect the total Testing scheme which has been composed for the examining function and should be composed by the Test Manager for the plan it refers to.
What Should a Master Test Plan let in?
The Master Test Plan should contemplate the integrated testing methodological analysis, insurances and actions which have been established in the overall Testing scheme papers. The project will abstract how the project squad aims to access the testing needful, so to excercise the software solution exhaustively and understate chance to the business; it will talk about how this examination is to be carried out and the surroundings in which the testing is to be carried out. The program should include the accompanying places:
Introduction - concisely what the doc is, who it is designated for and how it should be applied.
Location of the doc, proprietor and sign off - where the doc is put in on the company net, the possessor of the doc, a number of resources for brushup and sign off and a listing of resources for distribution exclusively.
Ground to the project - concisely what the plan is and how it's occur. You should besides include a listing of docs which have fed into the Master Test Project here such as examination strategy, industry essentials, project creation certification etc.
Any plots from the plan showing the arrangements architecture - this can generally be calculated from documentation manufactured earlier on in the labor lifecycle like technical designs or operational specifications. Plots are specifically useful for the Master Test Program as they could be applied to clearly illustrate elements of integration, 3rd party vendor circumstances and places which are in and out of range. Include several wording to follow the plot and draw particular attention to these components.
What examination is to be attempted - there should be an overview of all the examination stages to be attempted and the deliverables from each. (See the particular incisions on these below).
Third party vendor essaying - if part of the solution is being extradited by a 3rd party, outline it here collectively with particularities of the controls which are going to be in situ to ascertain the quality of code deported by the third party.
Examination environments - this schemes the deal of examination environments and what testing will be carried out in which surroundings. For example unit examination is probable to be carried out in the development surroundings. Note as well any surroundings constraints, for instance if the Functional Test stage and the User Acceptance Test stage share the equal environment and these stages overlap, this can cause information sharing effects which can hamper the confirmation of each team’s examination outcomes.
Roles and provinces - who is creditworthy for every phase?
Timeline - a program of when each form is due to be carried out and any contingency integral.
Defect accounting process/tools - this division details any desert tracking instruments that the plan will use, who will control these, the reporting mechanicses in place plus particularities of any day-after-day meetings to discourse defects. This will as well admit any service grade agreements which are in situ for turnabout of faults from development to trial.
Trial tools/automatized testing - particulars of any test control or mechanization tools like Quality Centre, QTP, Selenium, Load Runner and which stages these will be applied within.
Execution details concerning testing - this shines on the circumstances around execution; for instance, what is the "back away" protocol and how is this to be well-tried? Is software due to be applied on dissimilar platforms at dissimilar times and what examination needs to be attempted to assure that no existing live purposes are impacted by this during the cut-over time period?
Restraints/chances and issues - this division should point any restraints and chances to the project such as limits of the test surroundings, lack of trial resource and so on. Also include a connection to a examination problems log which should be serviced throughout the project. This will be wont to track in progress issues and the solutions which are agreed as the project advances.
Release process - this should point the operation which must be accompanied should it be settled that a test stage is being dropped. If this is already attested within the test scheme then a link to this doc can be offered. Also mark here why it has been determined to drop any test stages which are not needed.
Management accounting - particularities of the metrics to be allowed throughout the examination stages (and at the end of examination) to control the quality of the code/preparation of the resolution for delivery.
What Is to be Included in the Test Stage Divisions of the Master Test Project?
This part of the test project will doc the key characteristics of each stage and why this especial area of testing is being attempted. Note that every examination stage will have its own test project which will expenditure what demands to occur in that phase in subordinate item. At Master Test Project degree, particularities of the phase should be restrictive to an overview as follows:
What the stage is around – key targets of the stage.
What is the entering criteria for every stage? (For instance, no high priority effects great from unit testing prior to starting operational examination).
What is the procedure for every phase? (Refer to the examination strategy doc where this should be completely elaborated).
What are the deliverables for every stage? - "Deliverables from every Test Phase" for particular of what should be admitted here.)
Who is creditworthy for controlling, handing over and signing off every trial phase?
Deliverables from every Test Stage
In your Master Trial Program you will require to point at a upper-level the deliverables which you anticipate to see from apiece examination phase. Deliverables could dissent between test stages contingent on the nature of a plan nevertheless, here is an instance of what may be included.
What Should a Master Test Plan let in?
The Master Test Plan should contemplate the integrated testing methodological analysis, insurances and actions which have been established in the overall Testing scheme papers. The project will abstract how the project squad aims to access the testing needful, so to excercise the software solution exhaustively and understate chance to the business; it will talk about how this examination is to be carried out and the surroundings in which the testing is to be carried out. The program should include the accompanying places:
Introduction - concisely what the doc is, who it is designated for and how it should be applied.
Location of the doc, proprietor and sign off - where the doc is put in on the company net, the possessor of the doc, a number of resources for brushup and sign off and a listing of resources for distribution exclusively.
Ground to the project - concisely what the plan is and how it's occur. You should besides include a listing of docs which have fed into the Master Test Project here such as examination strategy, industry essentials, project creation certification etc.
Any plots from the plan showing the arrangements architecture - this can generally be calculated from documentation manufactured earlier on in the labor lifecycle like technical designs or operational specifications. Plots are specifically useful for the Master Test Program as they could be applied to clearly illustrate elements of integration, 3rd party vendor circumstances and places which are in and out of range. Include several wording to follow the plot and draw particular attention to these components.
What examination is to be attempted - there should be an overview of all the examination stages to be attempted and the deliverables from each. (See the particular incisions on these below).
Third party vendor essaying - if part of the solution is being extradited by a 3rd party, outline it here collectively with particularities of the controls which are going to be in situ to ascertain the quality of code deported by the third party.
Examination environments - this schemes the deal of examination environments and what testing will be carried out in which surroundings. For example unit examination is probable to be carried out in the development surroundings. Note as well any surroundings constraints, for instance if the Functional Test stage and the User Acceptance Test stage share the equal environment and these stages overlap, this can cause information sharing effects which can hamper the confirmation of each team’s examination outcomes.
Roles and provinces - who is creditworthy for every phase?
Timeline - a program of when each form is due to be carried out and any contingency integral.
Defect accounting process/tools - this division details any desert tracking instruments that the plan will use, who will control these, the reporting mechanicses in place plus particularities of any day-after-day meetings to discourse defects. This will as well admit any service grade agreements which are in situ for turnabout of faults from development to trial.
Trial tools/automatized testing - particulars of any test control or mechanization tools like Quality Centre, QTP, Selenium, Load Runner and which stages these will be applied within.
Execution details concerning testing - this shines on the circumstances around execution; for instance, what is the "back away" protocol and how is this to be well-tried? Is software due to be applied on dissimilar platforms at dissimilar times and what examination needs to be attempted to assure that no existing live purposes are impacted by this during the cut-over time period?
Restraints/chances and issues - this division should point any restraints and chances to the project such as limits of the test surroundings, lack of trial resource and so on. Also include a connection to a examination problems log which should be serviced throughout the project. This will be wont to track in progress issues and the solutions which are agreed as the project advances.
Release process - this should point the operation which must be accompanied should it be settled that a test stage is being dropped. If this is already attested within the test scheme then a link to this doc can be offered. Also mark here why it has been determined to drop any test stages which are not needed.
Management accounting - particularities of the metrics to be allowed throughout the examination stages (and at the end of examination) to control the quality of the code/preparation of the resolution for delivery.
What Is to be Included in the Test Stage Divisions of the Master Test Project?
This part of the test project will doc the key characteristics of each stage and why this especial area of testing is being attempted. Note that every examination stage will have its own test project which will expenditure what demands to occur in that phase in subordinate item. At Master Test Project degree, particularities of the phase should be restrictive to an overview as follows:
What the stage is around – key targets of the stage.
What is the entering criteria for every stage? (For instance, no high priority effects great from unit testing prior to starting operational examination).
What is the procedure for every phase? (Refer to the examination strategy doc where this should be completely elaborated).
What are the deliverables for every stage? - "Deliverables from every Test Phase" for particular of what should be admitted here.)
Who is creditworthy for controlling, handing over and signing off every trial phase?
Deliverables from every Test Stage
In your Master Trial Program you will require to point at a upper-level the deliverables which you anticipate to see from apiece examination phase. Deliverables could dissent between test stages contingent on the nature of a plan nevertheless, here is an instance of what may be included.
Opera says demand up as Microsoft opens EU market
Opera Software said on Wednesday it had seen a surge in downloads of its browser after Microsoft started to give Europeans the option of choosing smaller rivals' browsers.
"Since the browser choice screen rollout, Opera downloads have more than tripled in major European countries, such as Belgium, France, Spain, Poland and the UK," said Rolf Assev, Opera's chief strategy officer.
On December 16 European Union regulators accepted Microsoft's pledge to give European consumers better access to rival Internet browsers in Windows, ending a long antitrust dispute with the U.S. software maker.
Since the start of this week Microsoft has allowed users to select from among 12 browsers including its own Internet Explorer, Mozilla's Firefox, Apple Inc's Safari and Google Inc's Chrome on more than 100 million old and new PCs.
(Reporting by Tarmo Virki; Editing by David Holmes)
"Since the browser choice screen rollout, Opera downloads have more than tripled in major European countries, such as Belgium, France, Spain, Poland and the UK," said Rolf Assev, Opera's chief strategy officer.
On December 16 European Union regulators accepted Microsoft's pledge to give European consumers better access to rival Internet browsers in Windows, ending a long antitrust dispute with the U.S. software maker.
Since the start of this week Microsoft has allowed users to select from among 12 browsers including its own Internet Explorer, Mozilla's Firefox, Apple Inc's Safari and Google Inc's Chrome on more than 100 million old and new PCs.
(Reporting by Tarmo Virki; Editing by David Holmes)
DFX Audio Enhancer 9.211 For foobar2000/WMP/Winamp/Realplayer/Mus
Give your digital music files more vibrancy with DFX Audio Enhancer. DFX enhances your music listening experience by improving the sound quality of MP3, internet radio, Windows Media and other music files. Renew stereo depth, add 3D surround sound, restore sound clarity, boost your audio levels, and produce deep, rich bass sounds. DFX also features optimization for headphones usage, audio spectrum analyzer, finely-tuned music presets, powerful music and speech audio modes, and many free stylish skins. With DFX you can transform the sound of your PC into that of an expensive stereo system placed in a perfectly designed listening environment.
CA extends identity management to Salesforce.com apps
Additions to CA Identity Manager aim to simplify the provisioning and de-provisioning of enterprise users of Salesforce.com's Sales Cloud 2
At the RSA Conference today, CA is expected to announce additions to its enterprise identity management product that will allow customers to extend access and provisioning controls to the Salesforce.com Sales Cloud 2 application.
CA Identity Manager can now be used to automate processes, such as associating a user to a role to gain access to Sales Cloud 2, the sales forecasting application from Salesforce.com, says Lina Liberti, vice president in CA's security business unit. This added functionality for CA Identity Manager, done in cooperation with Salesforce.com, is intended to simplify the provisioning and de-provisioning of enterprise users of Sales Cloud 2 and alleviate the need to apply manual processes to grant access, Liberti says.
[Some say cloud security fears are overblown, but Cisco's CEO calls cloud computing a 'security nightmare.' | Keep up with all the latest cloud news with David Linthicum's Cloud Computing blog.]
Top 10 RSA Conference security innovators
"In most cases, customers have to go through heavy manual processes," Liberti says. For instance, customers typically have to provision access to Sales Cloud 2 and later manually de-provision when an employee leaves the firm or changes jobs. But with support for Sales Cloud 2 access and provisioning under the auspices of CA Identity Manager, that process can now be automated as it might be with any of the customer's internal applications, through a Web service.
The extended functionality, available at no additional cost in CA Identity Manager, represents one of CA's first efforts to bring security controls into the cloud. CA's SiteMinder single sign-on function is already integrated into Saleforce.com, according to Liberti.
Improving security and privacy controls for cloud-based applications is the main topic that CA will take up at the RSA Conference. Dave Hansen, corporate senior vice president and general manager of the security and compliance business unit at CA, will host a panel discussing security and privacy in cloud-based applications. (Check out our podcast with Hansen.)
Representatives from Amazon Web Services, Lockheed Martin, Acxiom and Ponemon Institute are expected to join Hansen to discuss perceived challenges in security and privacy in cloud-based computing environments. The discussion may encompass a look at some service models, such as extending security controls from the enterprise to the cloud, and how cloud service providers themselves deploy security internally.
Read more about infrastructure management in Network World's Infrastructure Management section.
Network World is an InfoWorld affiliate.
At the RSA Conference today, CA is expected to announce additions to its enterprise identity management product that will allow customers to extend access and provisioning controls to the Salesforce.com Sales Cloud 2 application.
CA Identity Manager can now be used to automate processes, such as associating a user to a role to gain access to Sales Cloud 2, the sales forecasting application from Salesforce.com, says Lina Liberti, vice president in CA's security business unit. This added functionality for CA Identity Manager, done in cooperation with Salesforce.com, is intended to simplify the provisioning and de-provisioning of enterprise users of Sales Cloud 2 and alleviate the need to apply manual processes to grant access, Liberti says.
[Some say cloud security fears are overblown, but Cisco's CEO calls cloud computing a 'security nightmare.' | Keep up with all the latest cloud news with David Linthicum's Cloud Computing blog.]
Top 10 RSA Conference security innovators
"In most cases, customers have to go through heavy manual processes," Liberti says. For instance, customers typically have to provision access to Sales Cloud 2 and later manually de-provision when an employee leaves the firm or changes jobs. But with support for Sales Cloud 2 access and provisioning under the auspices of CA Identity Manager, that process can now be automated as it might be with any of the customer's internal applications, through a Web service.
The extended functionality, available at no additional cost in CA Identity Manager, represents one of CA's first efforts to bring security controls into the cloud. CA's SiteMinder single sign-on function is already integrated into Saleforce.com, according to Liberti.
Improving security and privacy controls for cloud-based applications is the main topic that CA will take up at the RSA Conference. Dave Hansen, corporate senior vice president and general manager of the security and compliance business unit at CA, will host a panel discussing security and privacy in cloud-based applications. (Check out our podcast with Hansen.)
Representatives from Amazon Web Services, Lockheed Martin, Acxiom and Ponemon Institute are expected to join Hansen to discuss perceived challenges in security and privacy in cloud-based computing environments. The discussion may encompass a look at some service models, such as extending security controls from the enterprise to the cloud, and how cloud service providers themselves deploy security internally.
Read more about infrastructure management in Network World's Infrastructure Management section.
Network World is an InfoWorld affiliate.
Microsoft exec: Infected PCs should be quarantined (Q&A)
In his keynote at the RSA security conference on Tuesday, Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks.
In a follow-up interview afterward, Charney elaborated on his vision for reducing the damage from botnets and explains how infected computers should be kept off the Internet just like doctors quarantine sick people and smokers are restricted as to where they can light up in public.
Q: So you teased us with references to a system of quarantining computers during your keynote but didn't provide details. Can you explain what you have in mind?
Scott Charney: When people get diseases and they run the risk of contaminating other people the medical community has devised mechanisms to help ensure the public's health. It's a combination of inspection, quarantine, and treatment. I remember going to Asia during the SARS epidemic and as soon as I got off the plane they were standing there with these little guns that took your temperature as you got off the plane and if they registered that you had a temperature they would talk to you and if they thought you might have SARS they would quarantine you and treat you. We've done this with other kinds of illnesses over generations actually. In the enterprise in computers we do it today, we have Network Access Protection...The theory is if a machine is known to be infected do you want it to connect to the network and infect everyone else? Or do you want to clean the machine and then let it connect? So, the concept isn't that complicated but the challenge is once you move into the consumer environment you raise a lot of interesting issues.
The Internet is so many things for consumers. It's a way to engage in free speech, to engage in online commerce, to get education, to seek health care information. Their lives center around this technology in so many important ways. And they're used to the PC being in their home. It's considered a very private device in a way. And it may be storing a lot of private sensitive data, like your diary or your tax records. But what we've seen is that when people get infected they may not be the ultimate victim. They are a victim. The ultimate victim might be the person who receives the spam directed by the botnet or the site or service shut down by the denial-of-service attack. I'm a big fan of consumer education and we've been doing it for 20 years, but it doesn't work at scale. You can tell people make sure you've updated your machines, you're running antivirus, and you're backing up your data. Yet we still see a lot of people just don't do that. So, the question becomes how do you create a less infected Internet?
If the access provider just made sure you're not carrying any disease and you're not going to infect the community we'll let you connect with no further ado. But if you are infected with something we recognize and have a signature for, let's clean you up and allow you to connect.
I wondered what is the rational basis for doing this to consumers and I started thinking about smoking. People smoked for the longest time even after we knew it causes many types of cancer, heart disease. Society said you have a right to smoke. Even though you're going to add cost to the health care system that we're all going to have to pay for, if you're going to risk lung cancer that's your right. Then the EPA came out with the secondhand smoke report and suddenly smoking was banned in a lot of public places. The philosophy is simple--you may have the right to risk your own life and risk disease, but you don't have a right to sicken the person next to you. So when we started in Internet security we said to consumers, run antivirus, update your software, and back up your data, and many people didn't. The problem with botnets is you're not just risking yourself any more, you're risking everybody else in the community. It's just like smoking.
You mentioned the need in such a system to protect consumers from privacy intrusions. What do you mean?
Charney: Well, there is the question of public acceptance. To make it work you really have to focus on cleaning known malware and having a regime that doesn't allow access providers to look for other stuff, like copyrighted material. Maybe you shouldn't be violating copyrights, but that's not a public health issue. You have to limit it to the true purpose. The second thing you have to do is to think about how you pay for this. I don't know what the right funding model is but I know what some options are. One is market forces. Comcast is doing some of this because it's cheaper to clean their machines than it is to lose the bandwidth on their network created by all the bots...If you can't do it through market forces, then you could go to a use tax. For instance, everyone who has a telephone pays a universal access fee so that you can have phone service in rural communities. Because it is good for everyone to have phone service we fund it. And there is a security tax on airline tickets to pay for the extra security post-September 11. So one argument is the people who use the technology should pay for the cost of making the technology safe. Another argument is if this is a public safety issue it should be paid for out of general taxes.
Will we see anything like this soon?
Charney: Will the government undertake this soon? In the next two to five years will there be discussions and some activity, yes. There are many things to work out along the way. One of the things to work out is the notion of social acceptance.
So, you are recommending government regulation, right?
Charney: Ultimately if you want social acceptance, with one caveat. If these market forces (are adequate) it might just work on its own. And in general if the market is working then you don't need government regulation. However, I can see a real a government role particularly if the market doesn't sustain this. There might be a role for government to ensure that the rules are fair and evenhanded and enforced. But is it absolutely necessary? We don't know yet.
But Internet service providers have in general been resistant to calls in the past to do anything on their end to proactively block malware.
Charney: And that's another reason for government intervention. The government could say if you do these things and you have to pick your standard you're in a safe harbor.
Last year following his speech at RSA, Charney discussed the threats to PCs on the Internet in a videotaped interview with CNET's Ina Fried.
Elinor Mills http://news.cnet.com/
In a follow-up interview afterward, Charney elaborated on his vision for reducing the damage from botnets and explains how infected computers should be kept off the Internet just like doctors quarantine sick people and smokers are restricted as to where they can light up in public.
Q: So you teased us with references to a system of quarantining computers during your keynote but didn't provide details. Can you explain what you have in mind?
Scott Charney: When people get diseases and they run the risk of contaminating other people the medical community has devised mechanisms to help ensure the public's health. It's a combination of inspection, quarantine, and treatment. I remember going to Asia during the SARS epidemic and as soon as I got off the plane they were standing there with these little guns that took your temperature as you got off the plane and if they registered that you had a temperature they would talk to you and if they thought you might have SARS they would quarantine you and treat you. We've done this with other kinds of illnesses over generations actually. In the enterprise in computers we do it today, we have Network Access Protection...The theory is if a machine is known to be infected do you want it to connect to the network and infect everyone else? Or do you want to clean the machine and then let it connect? So, the concept isn't that complicated but the challenge is once you move into the consumer environment you raise a lot of interesting issues.
The Internet is so many things for consumers. It's a way to engage in free speech, to engage in online commerce, to get education, to seek health care information. Their lives center around this technology in so many important ways. And they're used to the PC being in their home. It's considered a very private device in a way. And it may be storing a lot of private sensitive data, like your diary or your tax records. But what we've seen is that when people get infected they may not be the ultimate victim. They are a victim. The ultimate victim might be the person who receives the spam directed by the botnet or the site or service shut down by the denial-of-service attack. I'm a big fan of consumer education and we've been doing it for 20 years, but it doesn't work at scale. You can tell people make sure you've updated your machines, you're running antivirus, and you're backing up your data. Yet we still see a lot of people just don't do that. So, the question becomes how do you create a less infected Internet?
If the access provider just made sure you're not carrying any disease and you're not going to infect the community we'll let you connect with no further ado. But if you are infected with something we recognize and have a signature for, let's clean you up and allow you to connect.
I wondered what is the rational basis for doing this to consumers and I started thinking about smoking. People smoked for the longest time even after we knew it causes many types of cancer, heart disease. Society said you have a right to smoke. Even though you're going to add cost to the health care system that we're all going to have to pay for, if you're going to risk lung cancer that's your right. Then the EPA came out with the secondhand smoke report and suddenly smoking was banned in a lot of public places. The philosophy is simple--you may have the right to risk your own life and risk disease, but you don't have a right to sicken the person next to you. So when we started in Internet security we said to consumers, run antivirus, update your software, and back up your data, and many people didn't. The problem with botnets is you're not just risking yourself any more, you're risking everybody else in the community. It's just like smoking.
You mentioned the need in such a system to protect consumers from privacy intrusions. What do you mean?
Charney: Well, there is the question of public acceptance. To make it work you really have to focus on cleaning known malware and having a regime that doesn't allow access providers to look for other stuff, like copyrighted material. Maybe you shouldn't be violating copyrights, but that's not a public health issue. You have to limit it to the true purpose. The second thing you have to do is to think about how you pay for this. I don't know what the right funding model is but I know what some options are. One is market forces. Comcast is doing some of this because it's cheaper to clean their machines than it is to lose the bandwidth on their network created by all the bots...If you can't do it through market forces, then you could go to a use tax. For instance, everyone who has a telephone pays a universal access fee so that you can have phone service in rural communities. Because it is good for everyone to have phone service we fund it. And there is a security tax on airline tickets to pay for the extra security post-September 11. So one argument is the people who use the technology should pay for the cost of making the technology safe. Another argument is if this is a public safety issue it should be paid for out of general taxes.
Will we see anything like this soon?
Charney: Will the government undertake this soon? In the next two to five years will there be discussions and some activity, yes. There are many things to work out along the way. One of the things to work out is the notion of social acceptance.
So, you are recommending government regulation, right?
Charney: Ultimately if you want social acceptance, with one caveat. If these market forces (are adequate) it might just work on its own. And in general if the market is working then you don't need government regulation. However, I can see a real a government role particularly if the market doesn't sustain this. There might be a role for government to ensure that the rules are fair and evenhanded and enforced. But is it absolutely necessary? We don't know yet.
But Internet service providers have in general been resistant to calls in the past to do anything on their end to proactively block malware.
Charney: And that's another reason for government intervention. The government could say if you do these things and you have to pick your standard you're in a safe harbor.
Last year following his speech at RSA, Charney discussed the threats to PCs on the Internet in a videotaped interview with CNET's Ina Fried.
Elinor Mills http://news.cnet.com/