Release Management

Conference Presentations

Successful Teams are TDD Teams

Test-Driven Development (TDD) is the practice of writing a test before writing code that implements the tested behavior, thus finding defects earlier. Rob Myers explains the two basic types of TDD: the original unit-level approach used mostly by developers, and the agile-inspired Acceptance-Test Driven Development (ATDD) which involves the entire team. Rob has experienced various difficulties in adopting TDD: developers who don't spend a few extra moments to look for and clean up a new bit of code duplication; inexperienced coaches who confuse the developer-style TDD with the team ATDD; and waffling over the use of TDD, which limits its effectiveness. The resistance (overt or subtle) to these practices that can help developers' succeed is deeply rooted in our brains and our cultures.

Rob Myers, Agile Institute
The Many Styles of Pair Programming

Joining an agile team can be very challenging-new programming styles, new coding standards, new check-in requirements, new leadership styles, and more. Adding pair programming to the mix can be "the straw that broke the camel's back" or it can be key to team empowerment. Paul Julius has been a dedicated pair programmer since 1999, working on many projects with 100 percent pairing. Paul has distilled a set of positive and negative patterns that can develop when teams attempt pair programming. He begins by discussing the most frequent objections to pairing and then outlines why pair programmers deliver better applications. Paul demonstrates the techniques and skills you-or members of your team-need to become a successful pair programmer.

Paul Julius, Willowbark Consulting
Defining Software Quality

"Quality" is one of the most misunderstood and elusive aspects of system development. Ask five people to define quality and you'll probably get five different answers. Although everyone thinks he knows what it is, very few can really define it in context. High quality software doesn't just happen-quality must be built in from the start. In this highly interactive presentation, Tom Staab defines quality and explains why quality planning is important. Join in the discussion about where most defects are injected into software, how to establish meaningful quality metrics, ways to communicate results to management in language they understand, and how to calculate the return-on-investment that can be expected from quality improvement activities. Quality must be defined in a project's specific context, quantified at the beginning of the project, and measured throughout the development lifecycle.

Thomas Staab, Windridge International LLC
Scaling Agile Processes

Agile processes are revolutionizing the software development industry. Projects embracing agile development are expected to be faster and more efficient than traditional software development. Agile processes enable developers to embrace requirement changes during the project, deliver working software in frequent iterations, and focus on the human factors in software development. Unfortunately, most agile processes were designed for small or mid-sized software development projects-bad news for large teams. Having worked with many larger teams transitioning to agile processes, Jutta Eckstein shares her insights into ways to tune your practices as you scale up to larger projects. Harness the adaptability of agile software development for large projects to ensure frequent releases even with several teams working together.

Jutta Eckstein, Jutta Eckstein
Welcome to the Mainstream

As agile software development leaves the early adoption stage and moves solidly into the mainstream, Mary Poppendieck reminds us that fads in software development have come and gone before. What makes us think that agile is different? Unless we learn from previous attempts to improve development practices, we are destined to repeat the mistakes of the past. Mary describes three proven paths to failure: (1) Copy what successful companies are doing-You don't get to be world class by chasing after best practices, you get there by inventing them; (2) Force everyone to follow the standard process-The best path to success is leveraging the intelligence of "ordinary" people in the relentless improvement of your current process; and (3) Focus on technical success-Technical success is a euphemism for business failure.

Mary Poppendieck, Poppendieck LLC
Even Cavemen Can Do It: Find 1,000 Defects in 1,000,000 Lines of Code in 30 Days

Due to the increased emphasis on computer security, great advances have been made in static analyzer tools that can detect many code errors that often elude programmers, compilers, test suites, and visual reviews. Traditional tools such as "lint" detectors are plagued with high false positive rates. Gregory Pope discusses the steps his organization used to evaluate and select a static analyzer tool and pilot its implementation. He describes how they rolled out the tool to developers and how it is being used today. Greg shares the results they achieved on real code (C, C++, and Java) and the valuable code metrics they obtained as a byproduct of its use. Greg discusses the skills needed to use the tools, ways to interpret the results, and techniques they used for winning over developers.

  • The features of static code analyzers
  • Defects that can be found with these tools
Gregory Pope, William Oliver and Kimberly Ferrari, Lawrence Livermore National Laboratory
Quantitative and Statistical Management Applications

There is no longer any question that-when appropriately used-quantitative measurement and management of software projects works. As with any tool, the phrase "appropriately used" tells the tale. Drawing on his experiences using quantitative and statistical measurement, Ed Weller provides insights into the key phrase "appropriate use." Ed offers cases of useful-and not so useful-attempts to use the "high maturity" concepts in the Capability Maturity Model Integration® (CMMI®) to illustrate how you can either achieve a high return on your investment in these methods or fail miserably. After an introduction to the theory of statistical measurement, Ed presents examples of the successful use of statistical measures and discusses the traps and pitfalls of their incorrect implementation.

Edward Weller, Integrated Productivity Solutions, LLC
Static Analysis and Secure Code Reviews

Security threats are becoming increasingly more dangerous to consumers and to your organization. Paco Hope provides the latest on static analysis techniques for finding vulnerabilities and the tools you need for performing white-box secure code reviews. He provides guidance on selecting and using source code static analysis and navigation tools. Learn why secure code reviews are imperative and how to implement a secure code review process in terms of tasks, tools, and artifacts. In addition to describing the steps in the static analysis process, Paco explains methods for examining threat boundaries, error handling, and other "hot spots" in software. Find out about the analysis techniques of Attack Resistance Analysis, Ambiguity Analysis, and Underlying Framework Analysis as ways to expose risk and prioritize remediation of insecure code.

  • Why secure code reviews are the right approach for finding security defects
Paco Hope, Cigital
Improving Code Quality with Eclipse and its Java Plug-ins

One of the features that makes Eclipse so popular within the Java community is the abundance of easy to use plug-ins. Many of these are freely available open-source tools. Plug-ins are available for virtually anything from implementing database connectivity to instant messaging. Because code quality is a critical aspect of production software applications, Eclipse has built-in tools that help developers write and deliver high quality code. Levent Gurses has employed a number of external plug-ins, including PMD, CheckStyle, JDepend, FindBugs, Cobertura, CPD, Metrics, and others to transform Eclipse into a powerhouse for writing, testing, and releasing high quality Java code. Levent shows you how to use Eclipse to improve your team's coding habits, enforce organizational standards, and zap bugs before they reach the client.

  • The standard quality check tools available in Eclipse
Levent Gurses, Stelligent
Open Source Tools for Web Application Performance Testing

OpenSTA is a solid open-source testing tool that, when used effectively, fulfills the basic needs of performance testing of Web applications. Dan Downing will introduce you to the basics of OpenSTA including downloading and installing
the tool, using the Script Modeler to record and customize performance test scripts, defining load scenarios, running tests using Commander, capturing the results using Collector, interpreting the results, as well as exporting captured performance data into Excel for analysis and reporting. As with many open source tools, self-training is the rule. Support is not provided by a big vendor
staff but by fellow practitioners via email. Learn how to find critical documentation that is often hidden in FAQs and discussion forum threads. If you are up to the support challenge, OpenSTA is an excellent alternative to high-priced commercial tools.

  • Learn the capabilities of OpenSTA
Dan Downing, Mentora Inc


CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.