One of the best things about attending technology conferences is that they keep me from falling prey to the idea that perception is reality.
This is especially true when it comes to the techniques and tools that real-world software organizations actually use. The gap between the tools and technologies that dominate the headlines and those that organizations are actively working with today is huge. This has always been the case. But when I sit in my office interviewing experts on mobile testing, Agile development, application security -- and a host of other topics relevant to software professionals, it's easy to lose sight of this truth.
Talking to test pros at the recent STAREAST 2013 event in Orlando and at other conferences has served as a good reality check for me. I met testers who aren't doing mobile testing because they aren't developing mobile apps. I met test pros who work in software organizations where Waterfall, not Agile, is the dominant development methodology. I met test pros who were pretty certain that such security vulnerabilities as SQL injections could be found and fixed by running virus protection software.
In this installment of Quality Time, I'll test the idea that perception is reality when it comes to mobile testing, Agile development, and application security.
Mobile testing perception. Software development teams -- including testers -- are actively engaged in building enterprise mobile applications. They recognize that testing mobile apps is more complex than testing Web and desktop software. They are working hard to figure out which set of devices, running which versions of which operating systems, will result in the most effective test coverage for their user base. These teams also are devising strategies to determine the locations where an app is most likely to be used, in order to strategically place testers in the field to provide better mobile performance.
Mobile testing reality. Many software teams have not yet begun work on mobile projects. One test manager I talked to at STAREAST said her organization is "thinking about doing a mobile version of our Web site," but plans are still in the discussion phase. It's not surprising to hear this from a company that doesn't sell to consumers. But this test manager works for a national retailer that operates more than 300 stores, has a strong Web presence and runs an ad campaign on national TV.
In another conversation at STAREAST, an attendee who works for a mobile app development consultancy told me, "We don't really worry about mobile performance because we have no control over the locations and connectivity conditions under which the mobile app is used."
Agile development perception. Virtually all development projects under way today employ Agile techniques -- even if the team isn't practicing Agile with a capital A. Agile has been so widely adopted that some thought leaders at the recent STP conference in San Diego argued that Agile is no longer a trend, it's the norm.
Another widespread perception: Large-scale, multi-location Agile projects are commonplace, and organizations have developed successful strategies to manage these challenging projects.
Agile development reality. A test manager who works for a government agency told me at STAREAST that his organization recently began work on its first Agile projects. Most of the agency's teams still practice Waterfall development. Some test pros who previously reported to this test manager now report to Agile project managers, and they miss the camaraderie they had when they worked solely with their fellow testers, the test manager said.
Another Agile myth was busted when I began research a couple of months ago on an article on managing large-scale, multi-location projects. It was challenging to uncover real experts with actual experience managing these projects. I was able to find some good sources. But the relative lack of useful information on this topic fell short of my perception that there were well-established ways of working to ensure success of large Agile projects.
Application security. My perception of where software teams stand when it comes to application security has never been all that rosy. The difficulty of getting developers and testers to take responsibility for application security testing is well established. My understanding is that software pros recognize that application security testing is important, but many believe they lack the time and/or the skills to conduct it.
Reality fell short of even my not-so-rosy perception, when an attendee at a STARWEST session on application security testing last fall raised his hand and asked the instructor, "Doesn't virus software find stuff like SQL injections?"
That's an admittedly extreme example, and I'm not suggesting that one guy's question is indicative of the norm. But it's a useful reminder that conferences serve as a reality check for the writers and editors who cover them and for the consultants and software vendors who deliver presentations.
When it comes to politics, "perception is reality" might be words to live by. But when it comes to software testing, reality is what's actually happening. And it's our job to find that out.