Many CM experts are familiar with the guidance found in the IEEE, ISO, and ANSI/EIA industry standards. But if you want to really accelerate your agile development, it is wise to learn what is involved with implementing such industry standards. Bob Aiello explains the different types of standards and how organizations go about creating them.
Going bimodal refers to an enterprise supporting two modes of operation: the first, the stable mode, is the secure, robust, reliable one you already know. The second, the agile mode, is a fast path that exists alongside the first and allows you to get results done quickly and without much fuss while not compromising the integrity of your IT.
Software code audits can be arduous and time-consuming, as today’s software projects use a mix of proprietary, commercial, and open source software. This article outlines a number of methods to simplify and streamline your audit process and understand the best practices in organizing, documenting, labeling, tracking, and managing open source and third-party content brought into software portfolios.
When it comes to DevOps, the fundamentals of CM may be forgotten (erroneously) by some practitioners. DevOps tools can be strategic assets, but they are not as important as established CM standards and process. It's up to us as practitioners to ensure that the DevOps tool chain implementation supports the corporate CM policy.
The ISO/IEC/IEEE 29119 has defined a set of requirements for testing software. As a member of the ISO working group, Jon Hagar wants you to know the basics and why testing teams should consider this recommendation.
In this FAQ column, Claire Lohr discusses the International Software Testing Qualifications Board's (ISTQB) syllabi for topics related to software testing and it's application and usage among those who perform some aspect of testing.
In this FAQ column, Arlen Bankston defines the roles of Scrum and kanban and describes how the two agile methodologies can be complementary, each ideal for different situations, or blended to achieve the desired outcome.
Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.
While Information and Communication Technology (ICT) accessibility for a wider spectrum of users—including the blind—and their interfaces is being required by law across more jurisdictions, testing for it remains limited, naïve, and too late. The consequences of staying ignorant include...
With corporate data breaches occurring at an ever-alarming rate, all levels of organizations are struggling with ways to protect corporate data assets. Rather than choosing one or two of the many options available, Michael Jay Freer believes that the best approach is a combination of tools and practices to address the specific threats. To get you started, Michael Jay introduces the myriad of information security tools companies are using today: firewalls, virus controls, access and authentication controls, separation of duties, multi-factor authentication, data masking, banning user-developed MS-Access databases, encrypting data (both in-flight and at-rest), encrypting emails and folders, disabling jump drives, limiting web access, and more. Then, he dives deeper into data masking and describes a powerful data-masking language.
Many software people look at creating great user experiences as a black art, something to guess at and hope for the best. It doesn't have to be that way! Jennifer Fraser explores the key ingredients for great user experience (UX) designs and shares the techniques she employs early-and often-during development. Find out how Jennifer fosters communications with users and devs, and works pro-actively to ensure true collaboration among UX designers and the rest of the team. Whether your team employs a formal agile methodology or not, Jennifer asserts that you need an iterative and incremental approach for creating great UX experiences. She shares her toolkit of communication techniques-blue-sky brainstorming sessions, structured conversation, and more-to use with different personality types and describes which types may approach decisions objectively versus empathetically.
Compared to traditional functional testing, security testing requires testers to develop the mindset of real attackers and pro-actively look for security vulnerabilities throughout the software development lifecycle. Using live demos, Frank Kim shows you how to think-and act-like a hacker. Rather than just talking about issues such as Cross Site Scripting (XSS), SQL Injection, and Cross Site Request Forgery (CSRF), Frank shows-live and in color-how hackers abuse potentially devastating defects by finding and exploiting vulnerabilities in a live web application. Find out how attackers approach the problem of gaining unauthorized access to systems. Discover the tools hackers have that you don't even know exist and how you can find critical security defects in your production apps. In this revealing session, you'll learn how to become a better tester and find serious security vulnerabilities in your systems before the bad guys do.