COLUMN

Why the quality assurance department should be involved in testing

By John Scarpino 09 Mar 2009 | SearchSoftwareQuality.com Software quality news and advice Digg This!     StumbleUpon     Del.icio.us

John Scarpino

In this sluggish economy, corporate software users are price-conscious, of course, but they also want the best product for the lowest price. So software companies are concentrating on making sure their products excel in performance, security and longevity. This tip's advice and examples show some lessons I've learned about achieving excellence in those areas by beefing up quality assurance (QA).

In recessions or boom times, any organization purchasing and/or implementing a new tool should involve the quality assurance department in the testing process. Doing so improves the assessment and eliminates bias from any one group.

Tools that are purchased for the security and performance environments are usually licensed to a specific department instead of the company at large (even though other departments within the corporation can use it). This is a technicality that can be abused, because a software license gives an entity all the information its needs to install and use the tool and the power to implement the software as it sees fit. Sometimes the licensed department may operate exclusive of other departments that would normally be involved in the software development lifecycle (SDLC). When something like this happens, the QA department is officially out of the picture -- which does not bode well for the future of the product.

More from John Scarpino For more information on using QA throughout the software development lifecycle, check out "Strong quality assurance process adds value to SDLC, ITIL."

Believe it or not, I've witnessed a Web application group validating and testing its own product with software testing tools and without informing QA that it was doing so. I've also seen an infrastructure group hoard performance information from QA and actually change the testing results because the sole validation and verification came from within the group.

Why does this present a problem? There is no objectivity involved in the testing process, because it is all conducted internally with a biased group. The involvement of QA is absolutely imperative during the testing process, because only the QA department has a variety of resources needed to effectively approach different situations and evaluate them.

Really, the issue isn't so much the fact that the Web or infrastructure groups conducted their own testing of security and performance; rather it's that they were the only groups that conducted testing. Just because the Web and infrastructure groups are the only ones using the tool does not mean they also own the software and license, nor is it right for them to test their own definition of "quality." This increases the chance of information being withheld from other groups that need it. It's important that departments do not become "information silos," because QA is ultimately responsible for the outcome of both process and product.

I believe that the best results come when a group tests its own product as a whole unit, and then the QA department tests it again to uphold the product's integrity through objectivity. Moreso, the QA team should use nontraditional testing approaches, such as testing "around" the product to other functionalities that may be affected by the product's implementation, just to cover all the bases. Then the verification and results can be centrally located with all of the other functional and nonfunctional tests for a given release or project.

A good way to centralize testing information is to create a data library for the results, so that every test during the SDLC is documented and accessible to everyone. It should support software requirements by including functional and nonfunctional test results, as well as security, performance and infrastructure implementation or installation updates.

Also, the principles of quality assurance must be weaved throughout the project. I like to arrange the requirements and the test plans by displaying the high-level details of each document in a test management tool or shared network location displaying the functional, nonfunctional, security and performance requirements and test plans with both positive and negative approaches. Then I'll create another folder within the test management system or shared network location for verifications, which contains all phases of my testing along with each phase's results.

Whenever a defect occurs, I note the phase during which the defect took place, and which test plan was created due to that defect. By encompassing security testing and performance testing information in the same place, everything is easy to find and navigate.

About the author: John Scarpino is director of quality assurance and a university instructor in Pittsburgh. You may contact him at Scarpino@RMU.edu.

Tags: Building security into the SDLC (Software development life cycle),  Software testing and quality assurance (QA) fundamentals,  Software performance, load and stress testing,  Functional software testing,  Software security testing and techniques,  Software security testing tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Building security into the SDLC (Software development life cycle) Problems caused by skipping analysis stage of SDLC Inexpensive phase of SDLC to catch and fix bugs GatherSpace beefs up cloud-based requirements management ALM: Best of breed vs. complete systems Software development life cycle phases, iterations, explained step by step The role of quality assurance (QA) pros in software security Common software security risks and oversights How to develop secure applications Secure software development practices 'not rocket science' How to prevent HTTP response splitting Software testing and quality assurance (QA) fundamentals Software Testing: New software testing technologies bring new challenges Testing strategies for complex environments Astronaut's STPCon advice: Teamwork delivers "The Right Stuff" How to make your software tamperproof Software consortium seeks standard quality metrics Demo: Using WebGoat, a free software testing tool Seven steps for a quality change and configuration management program Winning responses to "Why is QA always the bottleneck?" Where to find good methodology guides for software testing 5 ways to answer executives' unfair software test, QA questions Software performance, load and stress testing Software Testing: New software testing technologies bring new challenges Drilling deep into performance testing at STPCon STPCon: Do reality checks on performance test products, panelists advise Ways to approach application performance testing on a tight budget Data warehouse/BI performance testing tool recommendations Software testers facing six big challenges today, StarWest keynoter says Is manually testing a software project for flaws too risky? At the movies: Exploratory, performance, security testing a kiosk Why do performance testers write new scripts so often? The case for software tester, analyst partnerships

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary build  (SearchSoftwareQuality.com) code review  (SearchSoftwareQuality.com) conformance testing  (SearchSoftwareQuality.com) error handling  (SearchSoftwareQuality.com) garbage in, garbage out  (SearchSoftwareQuality.com) load testing  (SearchSoftwareQuality.com) NUnit  (SearchSoftwareQuality.com) quality assurance  (SearchSoftwareQuality.com) stress testing  (SearchSoftwareQuality.com) white box  (SearchSoftwareQuality.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary