• October 30, 2008 30 Oct'08

    Lowered cost for security testing suite

    In response to economic issues and as a way to encourage more companies to test applications for security, Ounce Labs has reduced the cost of its Static Application Security Testing suite. The ...

  • October 30, 2008 30 Oct'08

    Overcoming SOA testing challenges

    This special report takes a look at the challenges of testing SOA applications, as well as blind spots to be aware of. It also provides tips on how to test SOA applications.

  • October 29, 2008 29 Oct'08

    More from the e-voting front

    Two more stories about e-voting machines were reported this week. The first is about a report from Princeton University that says an e-voting machine in New Jersey can be hacked in seven minutes. ...

  • October 29, 2008 29 Oct'08

    SOA applications bring testing challenges

    The complexity of SOA applications creates testing challenges. To address those challenges, experts recommend more collaboration across project teams, earlier involvement by testers and the use of automated tools.

  • October 29, 2008 29 Oct'08

    The consequences of overlooking SOA testing blind spots

    Overlooking SOA application testing blind spots can result in unintended consequences such as buggy, insecure applications. Experts explain what you should keep your eyes open for.

  • October 27, 2008 27 Oct'08

    PCI compliance falls short of assuring website security

    PCI standards fall short of protecting you and your customers. Tighter standards are needed to assure website security, says Greg Reber

  • October 22, 2008 22 Oct'08

    One solution to software requirements challenges

    If you're responsible for making sure stakeholders get the software that they want, then you're probably all-too familiar with the four aspects of software requirements -- elicitation, elaboration, ...

  • October 22, 2008 22 Oct'08

    Agile aims to bridge software requirements communications gap

    Agile software development bridges the software requirements communications gap by embracing flexibility and face-to-face communication rather than depending on documents to communicate, agile practitioners say.

  • October 20, 2008 20 Oct'08

    Simulation software a cure for hospital's requirements validation ills

    The M.D. Anderson Cancer Center relies on iRise's simulation software to validate software requirements with its stakeholders. The visual models eliminate misunderstandings between users and the development team.

  • October 16, 2008 16 Oct'08

    Agile tool tracks app changes

    Even when you think you've elicited and validated all of your stakeholders' requirements, you're still bound to have users who are unhappy with an application or a feature within an application. ...

  • October 15, 2008 15 Oct'08

    Browser security a concern for website development

    The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing.

  • October 15, 2008 15 Oct'08

    Does certification really matter?

    If you want to move ahead in your career, certifications have to be on your radar. But you should learn the material rather than just focusing whatever it takes to pass the test.

  • October 13, 2008 13 Oct'08

    Test development can be agile, too

    Your software development project doesn't need to follow an agile methodology in order for you to do agile test development, Hans Buwalda told attendees at the recent Software Test and Performance Conference. In fact, agile is the only way to ...

  • October 08, 2008 08 Oct'08

    Agile development: It isn't just for small projects

    Most consider agile software development for small projects, but it is possible to use it for large-scale products. In fact, practitioners say agile scales better than traditional methodologies.

  • October 08, 2008 08 Oct'08

    Suggestions for scaling agile

    Scott Ambler and Damon Pool recommend practices to help better scale agile development.

  • October 07, 2008 07 Oct'08

    Countermeasures to e-voting security flaws

    Election security researcher Eric Lazarus and computer security expert Steven Spoonamore explain what can be done to eliminate e-voting security flaws.

  • October 06, 2008 06 Oct'08

    A software quality crisis is brewing

    A large number of companies reportedly have little regard for the quality of their software. This must change, says Colin Armitage.

  • October 06, 2008 06 Oct'08

    E-voting machines still vulnerable in 2008

    Security researchers have concluded that e-voting machines are vulnerable to serious attacks. However, safeguards can be enacted to offset these risks.

  • October 01, 2008 01 Oct'08

    How Google developed the Chrome Web browser

    Google's Darin Fisher, a software engineer on the Chrome project, talks about how the Web browser was developed and tested. As you might suspect, agility, speed, and testing were all critical.

  • September 29, 2008 29 Sep'08

    Manage component dependencies for improved system quality

    Too much coupling of code within a system makes the system hard to understand, integrate, extend, and test. By managing dependencies via 3NF, for example, you can prevent such problems, as well as allow for agility. Kevlin Henney explains what ...

  • September 26, 2008 26 Sep'08

    Traits of good software testers

    I read a post this week on the Software, Technology and More blog about the four unlikely traits of good developers. And some of the traits the writer describes -- creativity, curiosity, finding ...

  • September 24, 2008 24 Sep'08

    Application performance looms large for today's businesses

    The need for better application performance monitoring and management is greater these days as developers and operations groups work to maintain performance levels in multi-tiered environments.

  • September 24, 2008 24 Sep'08

    APM moves up in the development life cycle

    Organizations are recognizing the benefits of using application performance management (APM) earlier in the software development life cycle. Benefits include the lower cost of repairing problems discovered early.

  • September 22, 2008 22 Sep'08

    Keep software projects moving even during holidays

    Michelle LaBrosse offers five management tools that help project managers and their staffs remain productive even during the holidays.

  • September 15, 2008 15 Sep'08

    Introducing the Blog

    After encouraging readers of to start blogs and write about their experiences in QA, software testing, requirements management, and project management, we editors at ...

  • September 10, 2008 10 Sep'08

    Virtual environments ease software development, testing

    Skytap's Virtual Lab environment enables two management software makers to cost-effectively develop and test software, as well as train customers how to use the software.

  • September 10, 2008 10 Sep'08

    Website security improved, but more can be done

    A recent study of website security by WhiteHat Security finds that although efforts are being made to prevent well-known attacks such as cross-site scripting (XSS) and SQL injection, threats of newer attacks are rising.

  • September 03, 2008 03 Sep'08

    Static analysis tool helps software engineers find bugs during builds

    Klocwork Insight allows software engineers to view and correct their own code before it's submitted to QA. Mentor Graphics found this static analysis tool's capabilities fit well with agile development practices.

  • August 22, 2008 22 Aug'08

    Strong software QA has theoretical, technical aspects

    In a software organization, QA professionals need to embody both the technical "doer" and theoretical "thinker" mentality in order to be well-rounded and successful.

  • August 20, 2008 20 Aug'08

    Requirements gathering resources, practices lacking at Fortune 500 companies

    Requirements gathering resources and best practices were found lacking at Fortune 500 companies, a recent study from Voke Inc. found. But if business analysts are equipped with the right tools and enough resources, businesses stand to benefit ...

  • August 15, 2008 15 Aug'08

    Enhanced project scheduling included in Wrike Enterprise

    Wrike's Enterprise version helps you calculate the final date of the project completion, build the schedule, and reschedule tasks if needed.

  • August 11, 2008 11 Aug'08

    IT operations get help testing software, infrastructure changes

    Test Center's automated import of virtual and physical infrastructure components facilitates the process of testing software and infrastructure changes.

  • August 05, 2008 05 Aug'08

    Kaner: Exploratory testing better than scripted testing

    Exploratory testing and its use of checklists is superior to scripted testing. It gives you better tests and testers, said noted software tester Cem Kaner at the recent Conference of the Association for Software Testing.

  • August 01, 2008 01 Aug'08

    Security vulnerabilities found in open source Java projects

    Fortify's Java Open Review researchers say the increasingly popular open source software projects such as Struts, Hibernate, and Geronimo have vulnerabilities that need fixing. Processes, too, are needed to ensure enterprise applications are safe.

  • July 28, 2008 28 Jul'08

    Software testing lessons taken from music

    You may not think so, but software testing and music have similarities. Michael Bolton and Nick Wolf demonstrated this at CAST 2008.

  • July 25, 2008 25 Jul'08

    Automated tool offers improved project risk assessment

    CAST's Application Intelligence Platform 6.2 features advanced analytics, integration with third-party code analyzers, CAST's new "Action Plan" feature, as well as expanded rules coverage.

  • July 25, 2008 25 Jul'08

    Why code quality matters

    Poor code quality is a disaster waiting to happen. For example, making changes to bad code can result in broken code. Kevlin Henney explains the importance of catching problems in code at the source so that they don't manifest into large problems ...

  • July 23, 2008 23 Jul'08

    Test software early and often to ensure quality, says Burton Group

    Software testing, already essential, is becoming even more critical as environments become more complex, according to a recent Burton Group report.

  • July 23, 2008 23 Jul'08

    Software testing triage: Parallels in labor triage

    Software testers often use triage to determine which steps to take in the testing process. Rob and Anne Sabourin explained to an audience at the Conference of the Association of Software Testing (CAST) how lessons from labor triage can be applied to...

  • July 22, 2008 22 Jul'08

    Application lifecycle management moves up the executive ladder

    Borland, HP, and Mainsoft have recently forged new products each intended in some way to give non-development team members a better view into project status and quality. It seems software delivery is becoming a cross-company undertaking. Will CEOs ...

  • July 21, 2008 21 Jul'08

    Grab your career by the horns

    You can't rely on others to manage your career. It's up to you to mold it and make it what you want it to be. Michelle LaBrosse outlines some ways to get started.

  • July 16, 2008 16 Jul'08

    Critical security issues found in the Spring Framework

    Ounce Labs recently discovered two security vulnerabilities that can affect Java Web applications that use the Spring Framework. The company is working with SpringSource to ensure developers know how to protect against these security issues.

  • July 16, 2008 16 Jul'08

    Parasoft enhances its Application Security Solution

    Parasoft Corp. has enhanced its Application Security Solution to help companies identify run-time security vulnerabilities and monitor security policy compliance.

  • July 14, 2008 14 Jul'08

    Workbench helps get your software requirements house in order

    Blueprint Requirements Center 2009 offers specialized modules for requirements elicitation, elaboration, validation, and acceptance. The software can hook into HP Quality Center, and thus helps streamline creation of test cases.

  • July 09, 2008 09 Jul'08

    HP Test Manager supports early SOA testing

    HP Service Test and Service Test Management software target service-oriented architectures. One medical industry user says the software supports testing earlier in the SDLC, when server software may be ready but waiting for client software ...

  • July 07, 2008 07 Jul'08

    IBM Rational and Microsoft tango in the ALM moonlight

    IBM Rational and Microsoft have been doing something of a tango dance in recent years, trying to come up with a killer application lifecycle management (ALM) platform.

  • July 02, 2008 02 Jul'08

    PCI compliance help via Fortify software

    Fortify Software facilitates compliance with PCI DSS requirement 6.6 with the addition to Fortify 360 that highlights issues that violate PCI DSS.

  • July 01, 2008 01 Jul'08

    Software development groups take many routes to Agile

    More software development groups are implementing Agile methodologies, but their routes to adoption are far from straight and narrow. Many select parts of Agile methodologies that work for them, such as Scrum and XP, while others hold on to ...

  • June 30, 2008 30 Jun'08

    Tools of the Agile trade

    Index cards have long been a core tool in Agile software development, but practitioners also consider automated testing tools, bug tracking tools, and requirements management tools essential.

  • June 27, 2008 27 Jun'08

    Agile practitioners face challenges, but see process improvements

    Despite challenges to using Agile development,'s 2008 Agile Trends survey found that 67% of Agile practitioners have seen process improvements. Those improvements include faster time to market and increased productivity.

  • June 27, 2008 27 Jun'08

    Survey: Agile interest high, but waterfall still used by many

    While there's a strong interest in new software development techniques and processes,'s 2008 Agile Trends survey found that many people still follow waterfall practices.

  • June 27, 2008 27 Jun'08

    Teams turn to use cases, user stories to ease requirements gathering challenges

    The requirements gathering task remains complex and troubling, according to's 2008 Agile Trends survey. User stories are the technique of choice for Agile practitioners tackling this task, but use cases remain the most ...

  • June 25, 2008 25 Jun'08

    Strong quality assurance process adds value to SDLC, ITIL

    The quality assurance (QA) department needs to be involved with software and Infrastructure changes to ensure the functionality, security, and performance.

  • June 23, 2008 23 Jun'08

    Continuous integration reduces bugs, increases productivity

    Development teams can use continuous integration (CI) to find and fix bugs, share knowledge and generally work better together, Agile coach Jared Richardson told attendees at the Better Software conference.

  • June 20, 2008 20 Jun'08

    Agile tool maker Rally revs test management software

    Rally recently enhanced its Rally Quality Manager module to provide better visibility of test-related development artifacts.

  • June 18, 2008 18 Jun'08

    Software quality assurance more than just testing

    Software quality may seem like an elusive goal, but it can be reached by following a comprehensive quality program that spans the software development lifecycle (SDLC), quality expert Linda Westfall told a packed audience at the Better Software ...

  • June 16, 2008 16 Jun'08

    On-demand software testing service pays off for three startups, and Second Rotation turned to uTest to help test their software and say the on-demand service found bugs they otherwise would have had trouble locating.

  • June 16, 2008 16 Jun'08

    Cenzic Web application security tool targets CSRF attacks

    Cenzic, a provider of Web application security vulnerability assessment tools, released 5.7 of Cenzic Hailstorm Enterprise ARC and Cenzic Hailstorm Professional. Attacks added to the library include cross-site request forgery (CSRF).

  • June 12, 2008 12 Jun'08

    UML gains nod for Microsoft Visual Studio Team System edition

    Domain-Specific Languages have been the principal tune coming out of the Visual Studio Team System group at Microsoft for years. But the Unified Modeling Language (UML) may be making a comeback there, at the same time the company forges a new Oslo ...

  • June 09, 2008 09 Jun'08

    Ruby on Rails security audit service available

    Relevance, a Ruby on Rails software development practice, recently launched its Rails Security Audit. The service helps companies identify security vulnerabilities in Rails apps.

  • June 09, 2008 09 Jun'08

    CMM founder: Focus on the product to improve quality

    Bill Curtis, co-author of the Capability Maturity Model (CMM), previously spoke about the history of quality efforts. Now we pick up with what he says development groups should do now: Focusing on the architectural/quality attributes of a system so ...

  • June 06, 2008 06 Jun'08

    CMMI: Good process doesn't always lead to good quality

    Having a process such as CMMI in place doesn't guarantee quality software or systems, says Bill Curtis, co-author of the Capability Maturity Model (CMM). You can still have defects.

  • June 03, 2008 03 Jun'08

    IBM announces collaborative SDLC initiative, Jazz product suite

    IBM rolled out parts of its Jazz platform for developer collaboration and also disclosed an emerging effort to connect diverse development tools using REST-based data integrations at the IBM Rational conference.

  • June 02, 2008 02 Jun'08

    Beyond 'Just Do It': Manager's guide to completing projects

    Once a project is in motion, many things can slow it down -- feature creep, project changes, poor team dynamics. Michelle LaBrosse explains how to eliminate such problems.

  • May 28, 2008 28 May'08

    HP software security suite treats vulnerabilities as defects

    HP announced the first major updates to HP Application Security Center since its purchase last year of software security specialist SPI Dynamics. The suite, now available as SaaS, supports a process that handles security vulnerabilities as just ...

  • May 28, 2008 28 May'08

    Ivar Jacobson: Useful app dev practices trump full-blown processes

    In this profile article, Ivar Jacobson, the father of use cases and a founder of UML, advocates adopting useful software development practices over full-blown processes such as RUP and CMMI.

  • May 27, 2008 27 May'08

    Web app load testing tool monitors user experience

    Gomez's Reality Load XF Web application load testing tool detects failures in user experiences not caught by traditional load testing tools.

  • May 26, 2008 26 May'08

    The role of architecture in agile development

    Reading through some of the writing on agile development it is easy to be left with a sense that architecture is unimportant or something that just emerges serendipitously. Kevlin Henney clarifies the significance of architecture, what it means in a...

  • May 21, 2008 21 May'08

    The testing certification debate continues

    Software testing certification has been a contentious issue for many years. Recently, this debate has been reignited by a damning blog post from a noted tester.

  • May 21, 2008 21 May'08

    Parasoft focuses on application security analysis

    With the release of its new Application Security Solutions product at JavaOne, Parasoft Corp. is moving beyond application testing to focusing on security-based analysis and standards compliance, according to Wayne Ariola, vice president of ...

  • May 19, 2008 19 May'08

    PCI DSS compliance: Web application firewall or code review?

    If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions.

  • May 14, 2008 14 May'08

    Five agile testing perils to watch out for

    Agile testing is full of perils, but if you are aware of them and watch for them you can prevent them from becoming problems. Consultant Janet Gregory explains what to look out for and how to handle situations should they occur.

  • May 12, 2008 12 May'08

    Shining a light on application performance in virtual environments

    Using Quest Software's Foglight, the BECU credit union successfully monitors and manages its applications, as well as servers, in virtualized environments.

  • May 12, 2008 12 May'08

    Book Review: Just Enough Requirements Management

    Alan M. Davis's Just Enough Requirements Management strikes at the heart of the problem of eliciting software requirements and helps to bridge the gap between development and business users' objectives.

  • May 08, 2008 08 May'08

    Testing software in the dark is problematic

    Testing late in development and without software artifacts such as the design, architecture and code, makes it difficult to catch and repair bugs and ensure quality software.

  • May 07, 2008 07 May'08

    Dynamic analysis tool from Coverity looks at concurrency defects

    Concurrent programs loom as a major developer and tester challenge as multicore processors grow in use. A dynamic analysis tool for Java from Coverity may automatically detect multithreading deadlocks and race conditions, while incurring low ...

  • May 06, 2008 06 May'08

    BMC tool helps resolve problems in Java and .NET applications

    With BMC Software's Application Problem Resolution 7.0, testers can find and resolve problems in both .NET and Java EE applications.

  • April 29, 2008 29 Apr'08

    Application performance management today, part 4: The challenges of Ajax performance testing

    The birth of Ajax and RIA has not really changed the basic problems of client-side performance, but the nature and amount of change in presentation architectures is beginning to tax the skills of testers.

  • April 23, 2008 23 Apr'08

    Unlocking Java performance myths

    Best methods of object allocation, garbage collection and synchronization change as the Java Virtual Machine evolves, and this means performance tuning truisms change as well. Improvements may even position the Java language as a speedier ...

  • April 23, 2008 23 Apr'08

    Veracode provides security audits for externally sourced code

    Summary: If your company outsources development or uses commercial off-the-shelf software, it can be difficult to ensure that the code is secure. Veracode hopes to facilitate that with its SecurityReview, an automated, subscription-based auditing ...

  • April 21, 2008 21 Apr'08

    Performance monitor watches Java in real time

    Server appliance maker Azul Systems has fashioned an innovative performance monitoring system for special code optimization and application tuning needs. Embedded in Azul's specialized Java Virtual Machine, it continually monitors applications, ...

  • April 21, 2008 21 Apr'08

    Automated functional testing boosts productivity at Arizona Federal

    Using Compuware's TestPartner, an automated testing tool, Arizona Federal significantly reduced the number of people needed to test software developed outside the company and improved the software's quality.

  • April 17, 2008 17 Apr'08

    Uncover Web application security vulnerabilities with these techniques

    Static and dynamic analysis -- manual or automated -- can help uncover Web app security flaws. Learn how to use the techniques to make sure your applications aren't open to attack.

  • April 15, 2008 15 Apr'08

    Automated software builds save time, money for Portico

    Looking to improve its software development process with automation, Portico turned to AnthillPro from Urbancode. With it, the company now has consistent builds and faster problem resolution.

  • April 11, 2008 11 Apr'08

    Borland renews Silk test suite with RIA test scripting capability

    Borland Software released a new version of its software testing product, SilkTest, which includes an Open Agent feature that records objects and generates test scripts.

  • April 11, 2008 11 Apr'08

    Software requirements sign-off essential for solid QA

    Not properly signing off on a software project's requirements limits the quality assurance (QA) team's ability to ensure that the software does as it's intended.

  • April 08, 2008 08 Apr'08

    End-user focus, virtualization stress application performance management techniques

    Expert Bernd Harzog says tools that monitor CPU, memory and network resources must be supplemented with tools that measure end-user experiences. The advent of greater virtualization, too, will require new approaches to performance management.

  • April 04, 2008 04 Apr'08

    Project management advances stress collaboration on projects

    Project management is heading into a new phase in which projects have more collaboration and project management tasks are eliminated, freeing project managers to be project visionaries rather than taskmasters. Andrew Filev, founder of Wrike, ...

  • April 02, 2008 02 Apr'08

    Using iterations to help balance priority and risk

    Iterative development allows you to get feedback on requirements, which allows you to determine the priority of a requirement and reduce the risk and uncertainty in a project.

  • March 31, 2008 31 Mar'08

    Agile development: Not just for 'agilists' anymore

    Agilist Scott Ambler says adoption of agile software development may be hitting a plateau, but a Forrester Research study shows agile adoption increased 53% year-over-year between 2006 and 2007 -- and there's still room to grow.

  • March 27, 2008 27 Mar'08

    Improved software design with test-driven development (TDD)

    Although test-driven development (TDD) has a large learning curve, it can lead to simpler and better designed software that delivers business value and has fewer defects.

  • March 27, 2008 27 Mar'08

    Application security enters uncharted regions

    The revelation that pacemakers can be hacked illustrates how software makers have to start thinking differently about application security and quality.

  • March 27, 2008 27 Mar'08

    Zephyr facilitates test management

    Zephyr announced the availability of its Next Generation Test Management System.

  • March 25, 2008 25 Mar'08

    Case study: Monitoring JVM-based applications in production

    Simple performance monitoring tools are not enough for Java Virtual Machine (JVM) applications. Development teams need tools that provide much more visibility.

  • March 25, 2008 25 Mar'08

    New project management tool from Genius Inside

    Genius Inside announced the creation and launch of Genius Project, an on-demand, collaborative portfolio and project management (PPM) solution.

  • March 18, 2008 18 Mar'08

    Ten ways project management can move your career forward

    Project managers have skills that most employers are looking for. Michelle LaBross explains what they are and how to use them to get your career into high gear.

  • March 17, 2008 17 Mar'08

    Application performance management today, part 3: SOA performance

    Web services, service-oriented architectures (SOA) and other modern technologies present new challenges that test and performance management planners must hurdle.

  • March 17, 2008 17 Mar'08

    Enhanced application protection in Dotfuscator Professional 4.3

    Dotfuscator Professional 4.3 has enhanced application protection and heuristics that automatically extend to applications that use advanced Microsoft .NET Framework components.

  • March 17, 2008 17 Mar'08

    Is there really an IT labor shortage in the U.S.?

    Last week we heard again from IT executives saying there's a shortage of IT workers in the U.S. Is there really or are U.S. companies looking for cheap labor overseas.

  • March 12, 2008 12 Mar'08

    Test-driven development and the ethics of quality

    Software quality should be a constant concern of developers and testers, Robert Martin told his audience at the FutureTest 2008 conference. He explained how to incorporate quality into the SDLC through test-driven development practices.