Feeds

Test, test and test again

Should testing drive development or development drive testing?

3 Big data security analytics techniques

Almost no-one disagrees with the idea of testing, writes David Norfolk. but many people fail to follow an uncompromising test-centric process. Recently, I had the chance to ask Richard Collins, Development Strategist at a specialist software vendor, why he believes that test-driven development is the way to build better software. Interestingly, most of Richard's ideas probably feature in Comp Sci courses, or did when I did one, which isn't to say Comp Sci grads remember those parts. However, it is good to have it confirmed that "good practice" isn't just dull theory used to pass exams, but actually helps to keep a real software company in business.

Over to you Richard:

Well, would you trust a Comp Sci grad?

Developers are special; special in terms of being outside the usual economic boundaries that constrain the rest of us. I'm thinking particularly of software engineers with a Computer Science background (as opposed to Physics majors who seem to understand which side of a piece of buttered bread to lick).

Working with Computer Science grads in a variety of areas and sectors I've found that they can be intensely competitive [they can be pretty bright too – Ed]; however, when it comes to competition at company level they are liable to hand over the crown jewels to even a half-witted industrial spy. There's not a lot of 'Them and Us' in the average developer mindset [I might disagree with that in part; sometimes, "them" is anybody in the business management hierarchy and "us", as Richard goes on to point out, is anyone in IT; but that situation is often a symptom of poor management – Ed] .

It's partly this idea that "we're all geeks, so we'd better stick together" underlying an anachronistic aspect of the Developer tools sector. People who create software are probably the most enthusiastic customers for things that can make their lives easier – software itself. However, the software components-and-tools industry appears to have very little conception of the idea of a 'customer' being different from 'us.'

If you work in the games sector or in building office desktop applications, say, then you may have a strong understanding that if your output is buggy or non-intuitive to use, it simply won't sell.

But where the end user is a programmer, someone who needs a tool to make a tool, the temptation on the vendors' part is often to assume, "Hey we're all smart guys. You're going to have some fun getting this sucker to work properly. In fact I wouldn't want to patronise you by assuming that you'd need any help in making it work".

Paying customers

Why should software developers be treated as anything other than paying customers? If they're writing commercial code then they have some of the toughest deadlines around, with on-time bonuses attached. Is there something funny with the colour of their money?

The main excuse for not treating them as "real" customers is cost. If test engineering is left out, for example – and a great way to leave it out is to call it QA – then monthly salary bills can be almost halved [I'm not actually sure that this approach is unique to software engineering tools vendors - Ed]. Many companies enjoy this apparent 'cost benefit', only to find it's no benefit at all. In fact, it turns up as an unquantifiable cost: poor reputation, which is likely to cost you more in the long-run than the "overheads" of rigorous test engineering.

Software tools are generally more subject to word-of-mouth (excited recommendation and its opposite, dire warning) than any other branch of IT. It's partly the collegiate way of thinking amongst developers – they have a need to feel part of a cutting-edge peer group and therefore to share information – and it's partly the flipside of this: the relative isolation and lonely nature of knocking out code in a language no-one speaks aloud.

So sending a link, with "Check this out, it's awesome!" to a colleague is then the most natural way to do three things in one: a) make a friend, b) solicit a reciprocal recommendation, and last but not least, c) assert 'insider' status.

Reputation risk

The way for a vendor to ensure that its reputation is (at the very least) untarnished on this word-of-mouth circuit is for it to employ sufficient test engineering talent for customers not to end up feeling like they're doing the vendor's testing for it. Irrespective of the function and ingenuity of a "cool tool", if it hasn't been crashed at high speed a thousand times to see which bits fly off or get jammed, then customers are never going to develop a thoughtless dependence on the product. Being "taken for granted" is, after all, just about the very best a brand can achieve.

However, moving up a gear from 'at least it doesn't crash your machine' and into the positive recommendation space requires more than just keeping an eye on the bugs. It means that at the very beginning, at the back-of-envelope stage of any project, someone important/respected has asked the question: "How do we design this so that bugs, which are probably inevitable, at least have nowhere to hide; anything less wouldn't be fair to our customers. How do we design software so that it is completely transparent?" This key design question distinguishes small software vendors relying on a reputation for reliability and resilience, in order to compete with the big players in this game.

Jonathan Watts is a Lead Test Engineer at Red Gate and has been instrumental in ensuring that its developers design nothing that his test team can't get full access to at any time in the development process. It's a test-driven process, which is, basically, a local, closed-circuit equivalent of the Open Source mantra: 'release early and often'.

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.