Ask the Experts

Ask the Experts

• QA pros need effective communication skills

  Working with the business side requires IT professionals to build effective communication skills.  Continue Reading

• A software test results template improves test reporting where needed

  You don't always need test reports in software testing, but when you do, they're crucial. Matt Heusser has a template for software test results.  Continue Reading

• Performance metrics examples present essential performance data

  Software project management expert Matt Heusser presents performance metrics examples that illustrate how to build an excellent performance dashboard.  Continue Reading

• Expert advice on test case management and reporting

  Simplify your test case management reports with this simple, straightforward advice from software test expert Amy Reichert.  Continue Reading

• Manage hybrid cloud environments to optimize application performance

  Kay Diller offers advice to cloud project managers and IT pros about managing hybrid cloud environments.  Continue Reading

• An excellent scorecard means picking the right performance metric

  Requirements expert Robin Goldsmith explains how and why a software performance metric must relate to the type of performance one considers important.  Continue Reading

• Test-first development reduces technical debt, makes code maintainable

  Requirements expert Robin Goldsmith explains why test-first development reduces technical debt.  Continue Reading

• Third-party application security must be tested for vulnerabilities

  Security expert Kevin Beaver offers advice on how to find third-party application security vulnerabilities and how to fix them.  Continue Reading

• Agile test reporting doesn't have to be a headache

  Agile leader Lisa Crispin explains a more organic, more Agile approach to test reporting.  Continue Reading

• IT politics: Why IT auditors and Web developers are disconnected

  Kevin Beaver explains why IT auditors and Web developers don't understand each other, and why they need to.  Continue Reading

• Selling security: Get management to help fix software vulnerabilities

  Application security expert Kevin Beaver explains how to get executive buy-in on securing software vulnerabilities.  Continue Reading

• Mobile access management faces same old security problems

  Kevin Beaver discusses the strengths and weaknesses of passwords and two-factor authentication in mobile access management.  Continue Reading

• How adding controls can actually make for fast software development

  Add controls to the business of delivering software, and teams will scream about delays. However, fast development is often the result.  Continue Reading

• Why effective Web app firewalls are worth the investment

  Web app firewalls offer excellent protection against threats and attacks, but security expert Dan Cornell says investment is required to get results.  Continue Reading

• Agile security: Fitting comprehensive evaluations in short iterations

  Security expert Dan Cornell explains how to use Agile practices such as automated testing and user story development to strengthen Agile security.  Continue Reading

• Prevent Distributed Denial-of-Service attacks with the right services

  Security expert Dan Cornell explains why Distributed Denial-of-Service attacks require more sophisticated protection than in-house development.  Continue Reading

• Managing Agile projects with ALM requires careful balance

  Test expert Amy Reichert discusses the challenges of managing Agile projects with ALM and offers advice on how to keep the two in balance.  Continue Reading

• Agile ALM tools have pitfalls to acknowledge

  While venders only discuss the benefits of using Agile ALM tools, test expert Amy Reichert reveals the possible pitfalls.  Continue Reading

• Automation speeds up testing in Windows Mobile embedded projects

  John Scarpino, VP of QA & Adjunct Professor of Robert Morris University, describes a way to automate testing on Windows Mobile embedded projects.  Continue Reading

• Development teams at risk for making privacy agreement violations

  Security expert Dan Cornell says end-user privacy is a concern for many development teams and gives great advice on how to protect it.  Continue Reading

• Measuring usability: How to gauge an application's user experience

  There are many considerations that need to be taken into account when measuring usability, such as low respondent rates.  Continue Reading

• Industry analyst reports are trustworthy, to a point, says expert

  Kevin Parker discusses the pros and cons of industry analyst reports and advises when it might be best to trust your own instincts.  Continue Reading

• If it ain't broke, application performance monitor it

  Application performance monitoring fixes a system before it breaks. IT strategist Scott Sehlhorst offers insight into preventive performance testing.  Continue Reading

• What is continuous development?

  'Continuous development' is still a relatively new and confusing term. Find out what it means beyond the hype.  Continue Reading

• Scaling Agile development calls for defined practices, consultant says

  Agile consultant Mike Bonamassa discusses best practices for scaling Agile development.  Continue Reading

• An approach to test metrics that stands up to scrutiny

  Matt Heusser offers advice on test case tracking that's reliable and when to deem a number untrustworthy.  Continue Reading

• FitNesse testing vs. Selenium testing: Which to use and when

  SearchSoftwareQuality expert Matt Heusser compares FitNesse testing with Selenium testing and explains the advantages of each.  Continue Reading

• Managing software vulnerabilities that threaten security

  Are tools enough to thwart software vulnerabilities? Dan Cornell gives advice on how to identify which weaknesses are serious and how to manage them.  Continue Reading

• Mobile app security testing: Combining tools to take on threat models

  Dan Cornell discusses the three major types of security testing tools required for mobile app security testing: static, dynamic and forensic.  Continue Reading

• The risks of Agile software development: Overcoming feature creep

  Ellen Gottesdiener, founder of EBG Consulting offers insights on managing feature creep, the biggest pitfall of Agile software development.  Continue Reading

• Guiding principles for an automated software test

  An expert in automated software testing offers guiding principles for succeeding at this most challenging of QA projects.  Continue Reading

• How do software quality pros navigate cloud computing security issues?

  Cloud computing security issues pop up when software QA pros play it fast and loose. Learn how to navigate threats and keep from getting burned.  Continue Reading

• What are the hidden mobile app security threats to look out for?

  Mobile app security is a newer field than even Web security. But there are similar gotchas and some common threats that we're already managing.  Continue Reading

• Application portfolio management: How to get started

  Scott Sehlhorst offers strategic guidance on how to approach application portfolio management with a focused vision.  Continue Reading

• How to know when legacy products have reached end-of-life

  It's hard to know when to retire an aging legacy product. Scott Sehlhorst offers some strategic advice for application portfolio managers.  Continue Reading

• Comparing proprietary tools and open source tools

  Learn the two major differences between proprietary tools and open source tools for software security testing.  Continue Reading

• How to ensure secure applications on cloud platforms

  Learn what concerns to look for in ensuring secure applications in cloud platforms and infrastructures.  Continue Reading

• How does Lean process improvement work with Agile project management?

  Guest expert Michael Hackett explains why picking and choosing your Lean processes might be worse than leaving Lean on the shelf.  Continue Reading

• How does application portfolio management tie into ALM?

  Actually, application development veteran Kevin Parker says ALM is really a part of the APM process when you look at it from a distance.  Continue Reading

• Where does an organization start with application portfolio management

  IT veteran Kevin Parker explains application portfolio management (APM) for beginners, including the ties between APM, data analysis and BPM.  Continue Reading

• What gets business leaders involved in the ALM governance process?

  Getting business leaders to contribute to the ALM governance process is a must. IT veteran Kevin Parker gives his advice for project managers.  Continue Reading

• Why do project managers want enterprise ALM governance policies?

  IT veteran Kevin Parker explains how enterprise ALM governance policies increase cooperation between business stakeholders, development and SQA.  Continue Reading

• What software tester skills bring us past just the technical

  Veteran software quality pro Peter Walen explains what software tester skills are really necessary in today's enterprise organizations.  Continue Reading

• How to write test scripts other testers can follow

  Software testing veteran Peter Walen explains how software testers can write test scripts that others can follow without having to test by rote.  Continue Reading

• 'Secure containers' offer incomplete security for mobile applications

  While the name sounds strong, 'secure containers' have limitations as to how much security they really provide for mobile applications.  Continue Reading

• How does an iOS jailbreak affect mobile application security?

  The jailbreaking of iOS devices has a huge affect on security. It opens the door for malicious hackers, and not just via adventurous consumers.  Continue Reading

• Maintaining a test environment is the first software testing challenge

  Building and keeping a testing environment is the very first challenge that a software QA team faces, but many don't even realize it.  Continue Reading

• What is the biggest pitfall when performing cloud database testing?

  Software testers must learn what to avoid as they move into cloud database testing, where complex databases meet off-premises infrastructure.  Continue Reading

• What are the most effective Agile project estimation techniques?

  Recurring project estimation techniques improve the Agile team's ability to deliver increasingly accurate estimates over the course of the project.  Continue Reading

• Give slow Agile projects a boost with root cause analysis methods

  Root cause analysis methods help Agile practitioners weed out the source of problems in Agile projects that aren't delivering the value they should.  Continue Reading

• Who should drive Agile planning and software requirements analysis?

  Many application testers wonder who exactly is responsible for driving software requirements analysis and planning to ensure high-quality software.  Continue Reading

• Is 'Agile software documentation' an oxymoron?

  Some software quality pros get the impression picking up Agile means letting go of software documentation, but that's not necessarily so.  Continue Reading

• Software developers: Dealing with untrusted Wi-Fi connections

  Expert Dan Cornell explains how to ensure mobile apps behave securely -- even when they encounter untrusted Wi-Fi or Bluetooth connections.  Continue Reading

• A guide to platform-specific security for the mobile developer

  It's essential for the mobile developer to understand the security features of the different mobile operating systems. Dan Cornell explains the basics.  Continue Reading

• Software product success: Maintain customer focus

  SearchSoftwareQuality expert Scott Sehlhorst explains why maintaining customer focus is crucial to delivering high quality software products.  Continue Reading

• Mobile apps development: New threats or same security rules apply?

  Two security experts get up on their soap box about the steps software teams should take to secure applications throughout the apps' lifecycle.  Continue Reading

• Product failure: Software too complicated to use

  Analysis shows that product failure can occur when software isn't easy to use. How do you meet the needs of novices without driving experts away?  Continue Reading

• Code signing: Why it matters for mobile developers

  Code signing creates a system of trust among mobile users, but it doesn't bolster the security of the app itself, says expert Dan Cornell.  Continue Reading

• Mobile apps development: Managing updates

  ALM expert Kevin Parker explains a key challenge of mobile apps development: managing the constant updates these business-critical apps demand.  Continue Reading

• Threat modeling: Crucial early step in software development cycle

  Security expert Dan Cornell explains why the practice of threat modeling early in the software development cycle is crucial for mobile developers.  Continue Reading

• Agile management: Avoiding pitfalls of multi-team projects

  Amy Reichert explains why eliminating external distractions is an essential Agile management practice for leaders heading multi-team projects.  Continue Reading

• Mobile apps development: Dealing with tight release cycles

  Mobile apps development projects require shorter release cycles. Kevin Parker explains how automation can help teams cope with the tight time frame.  Continue Reading

• Scrum process: Understanding how to use story points

  Agile expert Yvette Francino explains how the concept of story points -- a gauge of complexity -- works in the Scrum process of software development.  Continue Reading

• Can managers perform root cause analysis before product launch?

  Product management expert Scott Sehlhorst explains how to perform root cause analysis focused on user needs to prevent potential product failures.  Continue Reading

• How does the buyer persona affect the product management process?

  End users ultimately decide the worth of an enterprise product, but not before products pass a buyer persona first.  Continue Reading

• Mobile apps: Devising software requirement specifications

  Expert Scott Sehlhorst identifies three mobile app types and explains the unique challenges each poses around software requirement specifications.  Continue Reading

• Web-based application testing versus desktop application testing

  Project managers need to understand the major differences between Web-based application testing and testing traditional desktop applications.  Continue Reading

• Do in-house testers beat an outsourced security testing service?

  Security testing is very specialized. Is it better to outsource this effort or should in-house testers be responsible for security testing?  Continue Reading

• Mobile testing: Crowd sourcing a good fit for enterprise apps?

  Crowd sourcing can be a key piece of a test strategy for enterprise mobile apps aimed at customers, not employees.  Continue Reading

• A well-developed software requirements specification is easy to test

  SearchSoftwareQuality expert Scott Sehlhorst discusses how to avoid writing a software requirements specification that is too vague to be tested.  Continue Reading

• SDLC process: What will ALM of the future do?

  Future application lifecycle management suites must support the increasingly complex SDLC process -- where constant software updates will be the norm.  Continue Reading

• Software lifecycle: BYOD means more mobile updates

  Bring-your-own-device policies have profound implications for enterprise mobile release management. Can your team handle the constant updates?  Continue Reading

• Does completing a PCI compliance checklist ensure security?

  PCI DSS guidelines are a good place to start, but checking off boxes on the PCI compliance checklist will not ensure your organization is secure.  Continue Reading

• Can universities give young developers application security training?

  While the greater application development community understands the importance of application security, computer science majors lack this training.  Continue Reading

• Automated applications deployment: DevOps, no matter what you call it

  Automated applications deployment is essentially the same thing as DevOps—no matter what name is used.  Continue Reading

• How do we define user experience design requirements for mobile apps?

  User experience design is a huge part of building successful mobile applications. Gathering requirements for UX design is a must.  Continue Reading

• Convince executives to be a part of writing business requirements

  To get requirements gathering right, reluctant executives have to be convinced to take part in the process of writing business requirements.  Continue Reading

• Top IT job skills for DevOps managers

  The ability to analyze information and communicate clearly are among the top IT job skills the emerging role of DevOps manager requires.  Continue Reading

• BYOD policies pose mobile app testing challenges

  How do you meet mobile app testing challenges without the right of mix of smartphones and other devices on hand?  Continue Reading

• Knowledge transfer plan: Now is a good time to get one

  The best time to implement a knowledge transfer plan is continually. Cross-training is a best practice for all projects and project managers.  Continue Reading

• Can security support help developers write code?

  At best, development frameworks support the creation of secure code. They do not, however, prevent the creation of insecure code.  Continue Reading

• Agile planning: Focus on average time over many iterations

  When it comes to Agile planning, average time over many iterations is a more important metric than individual story estimates.  Continue Reading

• Application security plan: Who is responsible for testing?

  Step one in devising an application security plan is determining whether the development team or the security group is responsible for testing.  Continue Reading

• Scrum team commitments: More harm than good

  Most inexperienced Scrum teams overcommit on what they will deliver, and when. Agile leader Lisa Crispin says that does more harm than good.  Continue Reading

• Project management skills: Earn the technical respect of the team

  Your project management skills won't take you far if you can't earn the technical respect of developers and testers on your IT team.  Continue Reading

• Social media surveys: A tool for better requirements?

  Social media surveys make it easier to conduct conversations with experts to help define requirements for software development projects.  Continue Reading

• Cloud-based ALM: Does it make sense for your team?

  It's a reasonable approach -- cloud-based ALM -- especially if the application under development will be deployed there.  Continue Reading

• Requirements definition: Get developers involved early

  It pays for business analysts to engage developers early in the requirements definition process -- better communication means better requirements.  Continue Reading

• ALM process: Why poor integration among tools hurts team productivity

  Fragile integrations among point tools in application lifecycle management suites prevent software teams from realizing ALM process gains.  Continue Reading

• Project managers should boost team collaboration for greater success

  Project managers must facilitate team collaboration. Doing so may require new tools and techniques in today's distributed workplace.  Continue Reading

• Stamp out XSS cross scripting vulnerabilities with proactive measures

  Cross-site scripting -- XSS cross scripting -- vulnerabilities and SQL injection attacks are problems for Web app security. Learn to curb these risks.  Continue Reading

• Does test-driven development fall into project manager duties?

  A project manager must understand and facilitate testing, but how closely do project manager duties align with test-driven development efforts?  Continue Reading

• Maintaining SaaS data security while negotiating with vendors

  SaaS applications can cause security concerns. Learn how to reduce the risk of losing data in transit by increasing SaaS data security.  Continue Reading

• Evaluating IT activities: When is it time to replace old software?

  ALM expert Kevin Parker discusses four factors for measuring your IT activities to determine if your current systems and applications need to be replaced.  Continue Reading

• How to protect digital assets while executing code changes

  In response to swift industry changes, ALM expert Kevin Parker calls for strict version control of all code to protect digital assets.  Continue Reading

• Translating business requirements and understanding team roles

  Lisa Crispin offers several tools and techniques for translating business requirements and gaining insight into team members' roles on project teams.  Continue Reading

• Why user interface testing is important

  User interface testing is essential for ensuring a positive user experience, according to Agile expert Lisa Crispin.  Continue Reading

• How to set priorities: A software project team exercise

  Everyone on a software project team struggles at times with setting priorities. Our requirements expert offers advice for effective prioritization.  Continue Reading

• The whole team approach to QA/test time

  QA/test role does not just belong to the test manager. In the whole team approach, the responsibility is spread throughout the team.  Continue Reading

• How does the role of project manager change in the cloud?

  Agile and ALM expert Yvette Francino discusses how the role of project manager may change when applications are developed and tested in the cloud.  Continue Reading