JANUARY 2018
SECURITY TESTING KEY TRENDS
20th March 2018 Park Inn by Radisson – London Heathrow
Book your place now for only £349 per delegate at www.devopsfocusgroups.com
T E S T M a g a z i n e | J a n u a r y 2 01 8
1
C O N T E N T S
T E S T C O V E R
M A G A Z I N E
S T O R Y:
S H I E L D I N G
|
J A N U A R Y
T H E
M O N E Y
2 0 1 8
S U P E R M A R K E T
NEWS
Are You Prepared For This Year's GDPR ........... 4
28
Dark Web Database Hackers ............................ 8 Councils Waste Charging Opportunity .......... 10 Britain's Train Tech Incentive ......................... 11 THOUGHT LEADERSHIP
Digital Disruption ........................................... 12 Challenges Faced By A Modern Enterprise ... 14 DATA MANAGEMENT
MARKING THE END OF AN ERA
Transforming Away From Tech Debt Without Breaking The Business Operationally ............ 18 SECURITY IN THE FINANCE SECTOR
Shielding The Money Supermarket .............. 22 INDUSTRY TRENDS
8
New Year, New Mindset ................................. 24
GDPR
Marking The End Of An Era ........................... 28 CYBER SECURITY
Connected Vehicles ........................................ 32 TEST AUTOMATION
Bringing The Modern Software Factory ......... 36 USER EXPERIENCE
Free Up Testers To Find Defects .................... 40
DARK WEB
4
DATABASE HACKERS HIJACK PERSONAL PROPAGANDA
THE EUROPEAN SOFTWARE TESTING AWARDS
Showcasing Hard Work Pays Off ................... 42
44
A WA R D S WINNERS
Awards Winners ............................................ 44
T E S T M a g a z i n e | J a n u a r y 2 01 8
Manual Testing
Public Cloud
T E S T M a g a z i n e | J a n u a r y 2 01 8
Private Cloud --------
Crowd Testing
-----------
Device Farm
---------
-----------
-----------
- - -- -- -- ---- ---- -- - - - - - - - -- - - - - - - ---------- - - - - - -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------- ----------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - -- -- -- -- - - -- -- -- -- -- -- -- - - - - - - - - - - ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- - - - - - -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - -------- - - - - - - - ------ - - - - - - - - ------ - - - - - - - -------- - - - - - - - -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- -- - - ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- - ------- -- -- -- -- -- -- ---- - - -- -- -- -------------- - -- -- -- -- -- - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -- - ------ -- -- -- -- -- ------ -- -- -- -- ------------ - -- -- -- -- - --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- ------ -- -- -- -- -- - --------------- -- -- -- ------------- - -- -- -- -- -- -- -- - - - - ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- -- -- -- -- - - -------------- -- -- -- -- -- -- -- -- - - - - ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- - ------- -- -- -- -- -- -- --------------------------- - -- -- -- -- -- -- -- -------------- - -- -- ---------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - ---------------------- - --------------------------- -- -- -- -- -- -- -- -- ----------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - -- ------------------------ - --------------------------- -- ----- -- -- -- -- -- ----------------- --------- - - - - - - - ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - -- ------------------------ - --------------------------- -- ----------- -- -- -- ----------------- --------- -- -- - - - - - ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------- -------------------- - -------------------- ---------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- - ------- -- -- -- -- -- -- --------------------------- - -- --------------------- -- -- -- -- -- -------- ------------------ -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - ------------------------ - --------------------------- -- -------------- -- -- ----------------- --------- -- -- -- - - - - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- ------------------- - --------------------------- -- -------- -- -- -- -- ----------------- -------- -- - - - - - - -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- ------------- - --------------------------- -- -- -- -- -- -- -- -- ----------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- - ------- -- -- -- -- -- -- --------------------------------------- - -- -- -- -- -- - -- -- -- -- -- -- -- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- -- -- -- -- - - ----------------- -- -- -- -- -- -- -- -- - - - ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- -- -- -- -- - - - -- ------ -- -- -- -- -- -- -- -- - - - - - -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- -- -- -- - - -- -- -- -- -- -- -- - - - - -- -- -- -- -- -- -- - - - -- - - -- -- -- -- -- -- - - - - - - - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------- -- ------------------- - -------------------- - ------------------ - -------------------- - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - ------------------------ -------------------- ---------------------- ---------------------- -------------------------------------------------------------------------------------------------------------- ---------------------- -------------------- ---------------------- ---------------------- -------------------------------------------------------------------------------------------------------- -------------------- -------------------- ---------------------- ---------------------- ----------------------------------------------------------------------------------------------------------------------- -------------------- ---------------------- ---------------------- --------------------------------------------------------------------------------------------------------------- -------------------- ---------------------- ------------------------------------------------------------------------------------------------------------------------------- -------------------- ---------------------- ------------------------ -------------------- ---------------------- ------------------------------------------------------------------------------------------------------------------- -------------------- ---------------------- ----------------------------------------------------------------------------------------------------------- -------------------- ---------------------- --------------------------------------------------------------------------------------------------- -------------------- ---------------------- --------------------------------------------------------------------------------------------------------------------------------------- -------------------- -------------------------------------- -- -- -- ----------------------- - - - - - --------- - - -- - - - - - - - - - - - - - - - - - - 2
Your Mobile App
Test Velocity Multi-Folds with
Mobile App Testing Capabilities
Automation Testing
Bot Testing
Choose A Right Mobile Device Lab for Your Need
On-Premise Cloud
2450 Peralta Blv. Suite # 202 Fremont, CA – 94536, USA info@pcloudy.com +1 (510) 460-1868
E D I T O R ' S
C O M M E N T
3
------ - -------------------- ------------------------ -------------------- -------------------- -------------------- ---------------- -------------------- ------------ -------------------- -------- -------------------------- ---------------------- ------------------ -------------- --------------
WHAT'S IN THE PIPELINE FOR 2018?
A
-- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - ---------------------------------------------------------------------------------------------------- - - - - - - -- -- - - - - -------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------
s 2017 drew to a close I received many insights on what 2018 will bring to the world of testing. Last year the Chancellor of Exchequer announced considerable UK investment in emerging technologies, placing an emphasis on artificial intelligence (AI) development; basic application testing became mainstream; agile and continuous delivery increased as a trend; and IoT became more mature and stable through AI and machine learning (ML). This year organisations will be part of a digital transformation – open source tools will "win over the world"; AI will break through (even more so); more testers will adopt a DevOps and agile culture, resulting in high quality outcomes through automation; virtual reality will be lending a helping hand to the healthcare sector; voice technology will lead the way as it's integrated into more products; hacking will be taken more seriously; and driverless vehicles will be taking over roads while being heavily tested, according to Dik Vos, CEO of SQS (page 28). Touching upon recent software testing news, I believe 2018 will witness more electric car charging points, removing the barrier between autonomous vehicles entering the transport mainstream (page 10); Apple will become the world’s first trillion-dollar firm, hitting its almighty target; and broadband speeds will improve before the new law for 2020 in response to bad press (www.softwaretestingnews. co.uk). Another major change in the industry includes the new European General Data Protection Regulations (EU GDPR), which will be replacing the 22-year-old EU Data Protection Directive on the 25 May 2018 (page 4). Fines for non-compliance could cost up to EU€20,000,000. You, the tester, will need to make sure steep fines are dodged by collecting and processing an
JANUARY 2018
SECURITY TESTING KEY TRENDS
LEAH ALGER JOURNALIST
individual’s data securely with consent, issuing personal data when asked, deleting data under legal grounds if required, and any data breach incidents must be reported to the correct authorities as soon as noticed – are YOU prepared? We at 31 Media are keeping busier than ever this year, to supply you with knowledge and networking opportunities regarding pressing industry topics. Firstly, we will be kick-starting the year with TEST Focus Groups in February – a dynamic event that provides a solid platform for testers to discuss and debate issues; DevOps Focus Groups will then be held in March, consisting of syndicate rooms, a small exhibition, and a relationship building arena; The National Software Testing Conference and The DevOps Conference NORTH will be held in April and June, providing practical presentations and content from a variety of testing assets; The Software Testing Conference NORTH will then hit York in September, before Scotland hosts its first ever European Software Testing Summit in October, alongside London's National DevOps Conference. We will then end 2018 by celebrating significant industry achievements at The European Software Testing Awards and The DevOps Industry Awards in October and November – the perfect way to toast to triumph with employees and clients. The more we stay in touch, share ideas, and collaborate, the better the industry. I hope you enjoy this issue and I look forward to meeting and interacting with you throughout the year.
JANUARY 2018 | VOLUME 9 | ISSUE 6 © 2018 31 Media Limited. All rights reserved. TEST Magazine is edited, designed, and published by 31 Media Limited. No part of TEST Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor of TEST Magazine or its publisher, 31 Media Limited. ISSN 2040‑01‑60 EDITORIAL DEPARTMENT editor@31media.co.uk +44 (0)203 056 4599 JOURNALIST Leah Alger leah.alger@31media.co.uk +44 (0)203 668 6948 ADVERTISING ENQUIRIES Shivanni Sohal shivanni.sohal@31media.co.uk +44 (0)203 668 6945 PRODUCTION & DESIGN Ivan Boyanov ivan.boyanov@31media.co.uk 31 Media Ltd, 41‑42 Daisy Business Park 19‑35 Sylvan Grove London, SE15 1PD +44 (0)870 863 6930 info@31media.co.uk www.testingmagazine.com PRINTED BY Pensord, Tram Road, Pontllanfraith, Blackwood, NP12 2YA
softwaretestingnews @testmagazine TEST Magazine Group
T E S T M a g a z i n e | J a n u a r y 2 01 8
4
ARE YOU PREPARED FOR THIS YEAR’S GDPR?
The new European General Data Protection Regulations (EU GDPR) will replace the 22-year-old EU Data Protection Directive on the 25 May 2018. Fines for noncompliance could cost up to EU€20,000,000 – are YOU prepared?
T E S T M a g a z i n e | J a n u a r y 2 01 8
5
N E W S
A
report carried out by Proofpoint found that, while 77% of UK businesses believe they will be fully compliant with the new rules by May 2018, only 5% have all the necessary data governance strategies in plaCe. THE NEW DATA GOVERNANCE STRATEGIES INCLUDE: • Companies are subject to the requirements of GDPR if personal data and behavioural information is collected in the EU • Companies need a ‘legal basis’ for collecting and processing an individual’s data • Companies must have consent to hold someone’s information • Individuals can request all information that is held about them • Individuals can request that their data is deleted under a number of legal grounds • Any data breaches and other cyber security incidents must be reported to the correct authorities as soon as noticed. According to Dan Martland, Head of Technical Testing at Edge Testing Solutions, obvious data sources will be investigated, such as corporate billings and CRM systems. Places where personal data could be lurking also need to be considered, including emails, marketing lists and shared spreadsheets. Martland continued: “Businesses need to ensure that data is protected, managed and only used for purposes in which the data subject has given consent and likely to entail changes to systems for processing customer data. “If data is passed to a third party, the business needs to ensure it’s managed within the GDPR, which may become a major issue for firms that operate their business processes offshore.” Out of the countries surveyed by Proofpoint, France appears to be more aware of this new paradigm compared to other European countries. 78% of French IT decision makers surveyed believe their business is likely to suffer a data breach, while 46% of German respondents believe they are the least likely to experience an EU personal data breach. Additionally, almost 25% of UK IT decision makers have purchased cyber insurance, implying they fear current strategies are not sufficient enough to comply with the new regulations.
TEST DATA MANAGEMENT
If data is passed to a third-
“Testers will need to change the way they approach test data management, which will lead to greater emphasis on generating non-production data sets and synthetic data that can be shared across businesses and IT teams,” added Martland. The report highlights that data breaches are significantly on the rise. More than 36% of UK businesses suffered a data breach in the last two years, with 23% suffering a data breach multiple times. Adenike Cosgrove, EMEA Cyber Security Strategist at Proofpoint, continued: “It’s clear that when it comes to GDPR readiness there is a disconnect. While the majority of UK businesses are bullish about their ability to meet the compliance deadline, our research shows that, for many, the basic requirements are not met. “With data breaches becoming the new normal and with the deadline less than five months away, the time now is to identify and protect all personal EU data. Failure to do so could lead to financiallysignificant fines, broken customer trust, and in turn, potentially crippling disruption to the business.” Proofpoint’s research also found that more than 56% of respondents have a user awareness programme on data protection, 46% have encryption for all personal EU data, and 49% have implemented advanced security solutions to prevent data breaches. Martland advised: “We believe that data management within the development process, particularly test data management, is the greatest source of risk for GDPR compliance.
to ensure it's managed
‘MONITOR, DETECT AND RESPOND’ “Access to realistic or representative data is an essential part of the development process: analysts need real data to investigate and elaborate requirements, developers need representative data in order to design and build the code, and testers probably need the largest data sets in order to create and execute their tests.” But according to Proofpoint’s
party, businesses need within the GDPR – this may become a major issue for firms that operate their business processes offshore
DAN MARTLAND HEAD OF TECHNICAL TESTING PRACTICE EDGE TESTING SOLUTIONS
Test Professional who believes in collaboration, creative solutions and assuring business benefits. Experience of all aspects of software testing from requirements gathering (including agile expressions of requirements) through to technical testing of integrated solutions.
T E S T M a g a z i n e | J a n u a r y 2 01 8
N E W S
6
With data breaches becoming the new normal, and with the deadline less than five months away, the time now is to identify and protect all personal EU data
JASON TOOLEY VICE PRESIDENT VERITAS NORTHERN EUROPE
Jason brings an extensive customer network and a passion for externally focusing on customers and partners, bringing a renewed context around a number of our biggest customers.
T E S T M a g a z i n e | J a n u a r y 2 01 8
findings, only 50% of respondents know what personal EU data their organisations currently hold. Cosgrove added: “Over the next five months, organisations must invest in solutions that will enable them to have clearer visibility over EU personal data, solutions that prevent breaches of identified data, as well as implement solutions that enable them to monitor, detect, and respond to any regulatory violations.” Similarly, Veritas carried out a survey, which found that the new GDPR has the potential to drive major cultural changes in businesses worldwide. According to the Veritas 2017 GDPR Report 88% of organisations worldwide plan to drive employee GDPR behavioural changes through training, rewards, penalties and contracts. Almost 50% of businesses said they will go so far as to add mandatory GDPR policy adherences into employment agreements. Jason Tooley, Vice President at Northern Europe Veritas, added: “The deadline for GDPR is fast-approaching. Almost 50% of companies are going as far as imposing mandatory GDPR policy adherences into employment agreements. “Failure to adhere to contractual guidelines could have significant implications for staff. Nearly half (41%) of companies plan to implement employee disciplinary procedures if GDPR policies are violated, while a quarter of businesses (25%) would consider withholding benefits – including bonuses – from employees found to be noncompliant.
CREATING A CULTURE OF DATA CONFIDENCE “Companies are focusing on making all of their employees the custodians of data and want them to collectively demonstrate good information governance practice. This strategy is foundational to creating a culture of data confidence with customers, which, in turn, should allow improved service delivery. “While mandatory contractual obligations are a good start to ensuring every employee understands the company data policy to reduce risks, companies need to make data hygiene part of business-as-usual activities in managing risk as well as a unique selling point in generating business. This means ensuring employees have the right tools and training to support their data management needs. “The real opportunities associated with a successful GDPR programme, which puts data at the centre of a company’s business model, should be improved customer relationships and retention, differentiation of business models through personalisation and increased share of wallet from existing customers.” The reports conclude the new GDPR compliance risks could be minimised by implementing a robust test data management strategy. By ensuring on-going assessment of GDPR as part of the test strategy, businesses can reduce issues by ensuring that a focus on compliance is maintained.
N E W S
End-to-End SaaS based Test Management
7
One tool that
Drives Selenium automation Integrates with Jira Supports Agile testing Links user stories to test cases Is customizable for every team Transitions from legacy tools Plutora Test is a powerhouse of functionality with an intuitive, consumer-facing interface. It’s a modern enterprise test management tool that supports the complete software testing process across all types of development methodologies, from traditional Waterfall to Continuous Delivery. It uses a single instance for all projects by consolidating testing design, planning, manual and automated execution, defect tracking, and progress reporting to improve efficiency every step of the way.
Start your free trial now
www.plutora.com T E S T M a g a z i n e | J a n u a r y 2 01 8
8
DARK WEB
DATABASE HACKERS HIJACK PERSONAL PROPAGANDA With newbie hackers having the ability to access sensitive information via an underground community forum in the deep and dark web, it appears cyber crime is becoming more and more problematic
T E S T M a g a z i n e | J a n u a r y 2 01 8
9
N E W S
A
ccording to the online publishing platform Medium Corporation, 4iQ have discovered the largest aggregate database in the dark web – a single file of 1.4 billion clear text credentials, consisting of leaked and lost data. This 412GB database dump is double the size of the famous Exploit.in breach, which exposed 797 million records. The identity theft provider found decrypted passwords from LinkedIn, credential lists from Anti Public and Exploit.in, and breaches from Pastebin and Bitcoin websites. Medium Corporation found data comparison regarding the Eploit.in and Anti Public breaches:
The list of top 40 passwords found by Medium Corporation included:
With 256 corpuses listed, the dump includes a file named “imported.log” which consists of 133 new breaches and data from Anti Public dumps and Exploit.in. Here is a list of other breaches found by 4iQ, published by Medium Corporation:
The data appears to be assembled alphabetically and fragmented in 1,981 pieces, representing cases of trends in how people reuse and set passwords, creating repetitive patterns over time. Here is an example of how the data is sorted into two and three level directories by Medium Corporation:
4iQ found that searching "admin”, “administrator” and “root” on the database returned 226,631 passwords of admin members in a matter of seconds. Given that many people reuse passwords across their emails, social media, banking, e-commerce and work accounts, this breach gave hackers the opportunity to take over personal accounts “faster and easier than ever before”.
4iQ also found that, although most of these breaches are known within the hacker community, hackers did not decrypt 14% of exposed usernames and passwords, which are now available in clear text. This breach also adds 385 million new credential pairs, 318 million unique users, and 147 million passwords involved with previous dumps. To prevent your account from being hijacked, 4iQ created a portal (http://verift.4iq.com) where you can enter your email address and receive truncated passwords back to the account. Despite Bitcoin and Dogecoin wallets being included for donation, there is no indication of who authored the tools and database.
T E S T M a g a z i n e | J a n u a r y 2 01 8
10
N E W S
COUNCILS WASTE CHARGING OPPORTUNITY Transport Minister says the lack of charging points is the "biggest barrier" to autonomous and electric vehicles entering the transport mainstream
T
he government’s £4.5million fund to set up thousands of electric vehicle charging points in the UK has been failed by councils. In 2016, the ‘On-street Residential Charge Point Scheme’ was designed for councils to install electric car charging points for only 25% of its total cost. Despite this, only five councils made use of the funds available, leaving thousands of potential charging points uninstalled. Only electric vehicle drivers who live in Portsmouth, Chelsea, Cambridge, Luton and Kettering benefited from the scheme. There are around 125,000 plugin electric cars in the UK and 14,000
T E S T M a g a z i n e | J a n u a r y 2 01 8
chargers, yet only 2,620 chargers in the UK can give an electric vehicle 80% charge in half an hour. A Tesla driver called Blanc revealed to The Guardian: “In three to four years time, when more people are buying electric vehicles, you do not want to have to queue for your supercharger. The infrastructure has to be fixed. “If suddenly everyone’s got an electric car I’m not sure how the National Grid is going to cope with that. “If in the Coronation Street break everyone goes to put the kettle on and that causes problems, just imagine what will happen if everybody comes home from work at 6 and switches their cars on to charge.
We have to be smarter about renewables and regenerating electricity. That’s a real challenge. “Millions of homes in the UK do not have off-street parking, so this funding is important to help local councils ensure that all their residents can take advantage of this revolution. A recent study by RAC Foundation found that the growth in people buying electric cars could be stalled by limitations in the public charging network. Despite this, last year's sales of electric cars soared, rising by almost 30% compared to 2016.
11
N E W S
BRITAIN'S TRAIN TECH INCENTIVE To support and secure digital connectivity for commuters, LS telcom UK produces a report for Britain's railways
T
he Rail Safety and Standards Board, on behalf of the Future Communications and Positioning Systems Advisory Group, commissioned a research project which proposes a 3 to 5-year technology roadmap, identifying commercial deployment models for improving highspeed mobile internet connectivity for passengers.
Department for Transport’s connectivity requirements. The Future Connected Rail Stakeholder Forum (FCRSF) and the Future Connected Train and Customer Communications Steering Group (FCTCCSG) asked for the study to improve cross-industry involvement on the implementation of digital connectivity across the entire rail network.
WIRELESS TECH SOLUTIONS
IMPROVING THE RAILWAY
According to the study, wireless technology solutions including a secure mobile variant of Wi-Fi, 4G, and potentially 5G, are available within the suggested timeframe. Successful deployment of internet connectivity depends on which business model is adopted to ensure that train operating companies can meet the
FCRSF and FCTCCSG are collaborations between the Rail Delivery Group, bringing train companies together. Nick Wilson, Rail Delivery Group, said in a press release: “This work has helped us to identify the range of technical and commercial options available. “It will inform the rail and digital
industries on improving digital connectivity (mobile and broadband) across all of Britain’s rail network for the benefit of rail customers and the train operating companies, freight operating companies and rolling stock companies. “In addition, the study will inform the government of associated investment opportunities and the shaping of policies to maximise them." Wilson also noted the study should generate further essential collaboration between all relevant stakeholders, to enable the connectivity that Britain needs in years to come.
T E S T M a g a z i n e | J a n u a r y 2 01 8
12
DIGITAL DISRUPTION HOW TO GET AHEAD AND MAINTAIN SOFTWARE QUALITY
Companies are able to disrupt well-established markets and grow rapidly at the expense of others by better exploiting digital markets and channels
E
ssentially, these organisations are not constrained by the architecture of legacy systems and related technical debt nor by outdated processes and siloed IT departments. Typically, they are embracing processes such as continuous integration (CI) and continuous delivery (CD) that enable rapid solution delivery, establishing a presence quickly across multiple channels and then subsequently reacting to the market direction with frequent releases. The rest of the business world initially looked on with a mixture of envy and trepidation and are only now working to try and adapt to make their IT capability more proactive. In many cases, the response has included making the cultural changes
T E S T M a g a z i n e | J a n u a r y 2 01 8
associated with DevOps, breaking down traditional silos between IT functions and implementing those same CI/CD processes. As with all seismic changes in the IT industry, the implications of this new world, for those of us focussed on testing and software quality, are far reaching. But how do you adapt your testing processes to survive and indeed thrive in this new world?
CONTINUOUS TESTING The answer to this challenge is to implement processes supporting continuous testing, ‘shifting left’ (testing earlier) whenever possible to make testing a full lifecycle activity.
T H O U G H T
13
L E A D E R S H I P
Making testing a full lifecycle activity requires greater collaboration and a change to the mindset. We need to move from the old concept of ‘segregated validation’ where solutions are delivered into separate testing phases beyond development, to tight feedback loops with our delivery and support colleagues in parallel. Testing can no longer be incorporated either into subsequent sprints in a manner sometimes referred to as ‘agile-fall’, which is arguably just a ‘broken’ agile approach.
BDD ENSURING TRACEABILITY More than ever, we need to make sure our tests are clearly driven and linked to requirements by embracing techniques such as Behaviour Driven Development (BDD). There should be no room for testing to be compromised by poor requirements in modern software delivery and traceability should be a given. Using the structure language ('given…then…when') to specify detailed requirements is a powerful technique and a great aid to us in testing – giving us the sound test basis we crave.
RUTHLESS AUTOMATION A key requirement to enable the speedy software delivery whilst maintaining quality is that each of the disciplines across the SDLC must automate whenever possible. Gartner refered to this approach as ‘ruthless automation’. The agile methodology emphasised the need for efficient test automation with the frequent regression required, but this is of paramount importance in making possible continuous delivery. Our automated test packs now need to be executed in very tight windows to maintain the speed of delivery. This almost certainly requires focus on the low level and integration layer scripts with fewer scripts and a lighter touch through the GUI. The reliability of the scripts also needs to be beyond question as any ‘false failure’ almost inevitably means a delayed release. The BDD approach described above should be inextricably linked, acting as an enabler and providing acceleration and transparency to our automation efforts. Our scripts must also be capable of execution against multiple platforms (browsers, laptops, tablets and mobile devices) to avoid duplicating effort.
CONTINUOUS PERFORMANCE TESTING
A key requirement
Performance testing equally needs to become a full lifecycle activity, with checks to make sure individual components are undertaken as soon as they are built. An upfront assessment of the risks and potential bottlenecks to direct our testing efforts takes on even greater significance. Our load tests must be automated to a greater degree than was previously expected so that these can also be invoked whenever necessary.
software delivery whilst
to enable the speedy maintaining quality is that each of the disciplines across the SDLC must automate whenever possible
ENVIRONMENT AND DATA MANAGEMENT Providing the required mixture of persistent and temporary (those that can be routinely provisioned, configured, used to test and then torn down) realistic test environments will likely require a mix of cloud, on-premise, and hybrid solutions; perhaps making use of container technology. In order to be able to support continuous testing our test data needs to be realistic and aligned to our test cases, deployed flexibly to many environments and in order to maintain velocity, available in an instant. At the same time, we must comply with all regulations (including the imminent GDPR) by ensuring sensitive data is anonymised/obfuscated when necessary and access/storage is strictly controlled. A new generation of test data management (TDM) tools are emerging to help support this activity that we need to exploit.
OPPORTUNITIES IN THIS WORLD This new world of modern software delivery, ushered in by the impact of digital disruption, offers tremendous opportunities to improve solution quality at the desired velocity and develop new capabilities, as well as presenting the testing world with the challenges described above. The opportunities can be roughly broken down into the categories of: people, process and technology, and each of these will be considered in more detail in subsequent ROQ articles which will be available on our website www.roq.co.uk. In our next instalment, we will discuss the ‘people’ aspect and consider whether we need to effectively make a move from being mere testers to full blown quality engineers.
RICHARD SIMMS TEST ARCHITECT ROQ
Richard is responsible for designing test strategies and approaches to testing, as well as managing the transition process for new clients at ROQ. His role as Test Architect involves working with a wide variety of clients across a range of industries, gaining a deep insight into their testing and quality assurance challenges.
T E S T M a g a z i n e | J a n u a r y 2 01 8
14
CHALLENGES FACED BY A MODERN ENTERPRISE
Although mobility has eased the experience for end-users, enterprises face huge challenges brought forth by the demand for faster delivery to market
T E S T M a g a z i n e | J a n u a r y 2 01 8
T H O U G H T
15
L E A D E R S H I P
M
obile app testing eco-space has experienced a paradigm shift as organisations are rapidly moving from 'mobile first' to 'mobile everything'. Although mobility has eased the experience for the end-users, enterprises face huge challenges brought forth by the demand for faster delivery to market. Testing has been majorly impacted because of this change in mobile ecosystem as the growing adoption of mobility has also resulted in a corresponding rise in demand for mobile app testing. Increasing proliferation of device fragmentation, faster release cycles, DevOps challenges, and real life field testing are all putting immense pressure on dev and test teams to form a comprehensive mobile app test strategy that can reduce the cost and enhance the quality of the app with an accelerated time to market. Let us have a look at the major challenges faced by enterprises while testing their mobile apps:
3. Need of real devices at each stage of mobile app development lifecycle: To make an app successful, real devices must be involved in all stages of lifecycle, from creating the concept, analysing requirements, creating test specifications, testing early versions of the app, releasing the finished product, to the post-development review process. This can help to reduce cycle times and improve application deployment while minimising problems and providing users with an enhanced testing experience.
CHALLENGES FACED BY A MODERN ENTERPRISE
4. Optimisation of test infrastructure for geographically dispersed teams: Large enterprises have their teams spread across multiple locations. In such a scenario, a mobile app testing exercise is generally carried out by using in-house labs with physical devices provided to testing teams at multiple locations. This brings up the problem of cost redundancy, time loss in device sharing and delay in delivery of the app. 5. Continuous testing for faster release: To disrupt a market, enterprises must release an app at an ever-quickening pace. Continuous testing is the solution
1. Device fragmentation: The universe of Android and iOS is very complex. With every new launch or upgrade comes different versions, varied screen sizes and a huge number of compatibility issues. Testing teams are struggling to keep up with the proliferation of device fragmentation and the problem to decide the optimum number of devices for their test coverage. 2. In the current scenario, more than 1 billion of Android devices are running an ‘outdated’ version of Android out of two billion monthly active devices. This is posing another great challenge for development and testing teams to decide on the optimum test coverage for their apps.
DevOps challenges and real life field testing puts immense pressure on development and testing teams
Real devices used at each stage of mobile app development lifecycle
AVINASH CO-FOUNDER PCLOUDY
Test Infrastructure optimized for geographically dispersed teams
to it. In the absence of right devices, right tools for quick automation creation and parallel test execution the CI/CD pipeline breaks. Device Fragmentation from 2011 till 2016 (Source: Scientia Mobile)
Avinash is one of the Co-Founders of pCloudy (apart of Smart Software Testing Solutions). He has over 15 years'
WHAT’S THE SOLUTION?
experience in product development
There are three key elements to the right
of Bangalore as the alumnus of IIT and
and testing, and is currently based out MIT Sloan.
T E S T M a g a z i n e | J a n u a r y 2 01 8
16
T H O U G H T
Extending CI to app development
strategy: • Testing on real devices from the early stage of a project lifecycle • A cloud mobile lab infrastructure (internal or external) for collaboration amongst teams • Investment on test automation An ideal scenario for organisations to aim for is continuous integration and continuous delivery by constantly integrating changes to an app at all stages of the delivery chain as shown in the image below.
Integrating changes at each stage through continuous integration
But, the above shown scenario can’t be achieved without a mobile device cloud. Mobile Device Cloud can serve as a single point solution for mobile teams .
cloud models. An organisation should therefore judiciously select the suitable MDC model to meet its specific business requirements. Current solutions include: • Public device clouds: Devices are available and shared with everyone. It provides online capabilities to test your app across a range of mobile devices hosted on cloud. • Private device clouds: These are privately hosted cloud instance at set data centers with dedicated mobile devices. Enterprises provide the list of devices they need and it will be hosted and managed dedicatedly. • On-premise device cloud: It is generally a mobile digital lab solution in a plug and play setup that can be deployed within your premise. It’s a day zero setup and you can have your Mobile Test Lab accessible to your geographical distributed user.
Mobile Device Cloud has transformed the app testing and can help large enterprises to reduce cycle times, improve the quality of apps and get the mobile app testing framework in order. With different models suitably created to meet organizational needs, it encourages collaboration and improves DevOps efficiencies for CI and makes it easy to test on a wide variety of devices. About pCloudy
Advantages of mobile device cloud
MOBILE DEVICE CLOUD MODELS Mobile Device Cloud offers immense flexibility to organisations as it can be available in public, private and on-premise
T E S T M a g a z i n e | J a n u a r y 2 01 8
L E A D E R S H I P
pCloudy (www.pcloudy.com) is the key product of smart software testing solutions in revolutionising the testing environment in mobile space. It offers multiple cloud based mobile app testing solutions from small and medium-sized businesses (SMB) to large enterprises, as well as on-demand public cloud-based mobile testing over more than 500 Android and iOS devices, and private cloud and on-premise set-up offerings for enterprises. pCloudy has also been recognised by top industry analysts including Gartner that included the products in its latest report on the mobile testing tool landscape.
froglogic Squish
17
GUI Test Automation Code Coverage Analysis
cross platform. multi language. cross design. Learn more and get in touch: www.froglogic.com T E S T M a g a z i n e | J a n u a r y 2 01 8
18
TRANSFORMING AWAY FROM TECH DEBT WITHOUT BREAKING THE BUSINESS OPERATIONALLY
Philip Clayson, Technology Developer at TalkTalk, reveals the firm’s solid plans for the New Year and reflects on how disastrous technical debt issues are being taken care of
T E S T M a g a z i n e | J a n u a r y 2 01 8
D A T A
19
M A N A G E M E N T
C
layson’s journey at TalkTalk began three years ago with the acquisition of Blinkbox from Tesco. He then spent a year helping to remediate the TalkTalk technology portfolio after its well-publicised cyber attack in 2015. In the last year, he has been leading a massive software transformation which is addressing many, many years of technical debt in the software estate – a complex problem and a sizeable challenge which has over 84 million lines of code, hundreds of software applications spanning every conceivable purpose, and nearly 1000 code bases. TalkTalk’s target is to reduce this by half in a year. “I am passionate about inspiring technology teams to engage quickly to create, implement and operationalise transformational strategy, and I do this in complex environments where acquisition or under-investment has created a legacy technology estate that needs rationalising, modernising and improving. Many infrastructure-based companies have this challenge across sectors ranging from utilities to energy, and financial services to communications,” said Clayson.
ACCELERATING GROWTH Historically, TalkTalk has focused on accelerating growth, and achieved this through both organic and acquisitive means, the latter bringing with it duplicate technologies with each business. With so many acquisitions, the technical duplication is sometimes not always addressed in full and technical debt accumulates. Clayson revealed: “I have started the software team at TalkTalk on the journey of a huge investment to start removing our software duplication, reducing obsolete code and re-engineering software stacks. We are also adopting new ways of working including a generational step change in software tooling, AI and the cloud in order to achieve an improved operational business with far fewer software packages – we’re aiming to have the best and most effective software application portfolio in our industry. “My team develops and maintains the software that runs TalkTalk’s business systems. The alignment of tool-chains has been on the“ to do” list for many years. Last year we reviewed both open source and commercial tool-chain solutions, but we made our first large-scale commitments to best in class tooling from HP, MicroFocus and Computer Associates in the summer of 2017. Each tool chain, from test-driven requirements to code
I have started the software team at TalkTalk on the journey of a huge investment, to start removing our software duplication, reducing obsolete code and re-engineering software stacks.
Philip Clayson scanning, brings different benefits that help our business and customers to have a far better experience with TalkTalk.”
TALKTALK'S INNOVATION TalkTalk is a modern day blend of Financial Times Stock Exchange (FTSE) Company and a ‘grown-up start-up'. Clayson added: “My teams have the support and space to innovate in their dayjobs, and everyone is encouraged to provide solutions to the problems we solve daily, with funds and time set aside for the best ideas to grow. It is amazing to see how new employees (graduates and experienced) drop into the TalkTalk innovation model on day one, helping the wider organisation stay fresh on our innovation agenda. Having doubled the size of the UK software team in 9 months getting that cultural point working correctly is critical.
'PROVIDING THE BEST CUSTOMER SERVICE' “We debated long and hard about whether to go open-source, or Commercial Off The Shelf (COTS) software, but took a strong influence and reference from the trust our customers put in us in order to provide the best customer service we can, and to ensure great, reliable software, every time. To do that, we have largely chosen COTS-based solutions. “The advantage we feel we can take from COTS is the suppliers have to remain competitive and therefore they invest in keeping their platforms current, if not always ‘bleeding edge’. This gives us, and our customers, some stability, certainty, and predictability – to ensure we can develop our end-user software cost-effectively and reliably. We, of course, continue to watch the open source community too, and the choices we make in the future will trade off value, stability, and responsiveness, of both COTS
PHILIP CLAYSON TECHNOLOGY DIRECTOR TALKTALK
Philip is a Transformational Technology Leader who is passionate about inspiring teams to create, implement and operationalise transformational strategy, in business critical, time and cost sensitive environments. He has delivered all aspects of technology transformation from growth and investment planning, early stage funding, corporate M&A, product and service launch, growth acceleration, to rationalisation and recovery turnarounds.
T E S T M a g a z i n e | J a n u a r y 2 01 8
20
D A T A
We decided, as a team, that we would remove 50% of the technical debt in one year – that was it. Everything else fell in behind that, and everyone now has one single shared personal performance objective on this.
Philip Clayson
M A N A G E M E N T
and open source options.” Over the years, TalkTalk has developed a capability to test everything from unit, system and end-to-end testing by partnering with the world’s leading software test partners. But, recently increased its automated testing, continuous integration, and continuous deployment expertise by investing around three million pound in the last 12 months alone, to get less manual test activity, increase release cadence and reduce development cycle times as it moves to more agile and more automated development. The teams have already removed days of testing per cycle (in one case 80% in a release cycle) with these tools, currently tuning them at the moment.
'REMOVING 50% OF TECH DEBT IN ONE YEAR' Clayson continued: “We started with a truly ambitious shared goal in mind. We decided, as a team, that we would remove 50% of the technical debt in one year – that was it. Everything else fell in behind that, and everyone now has one single shared personal performance objective on this. "However, with all simple objectives, the complexity is still there. As TalkTalk got into the challenge of unpicking old hard-wired software applications that were difficult to evolve separately from one another, and with hundreds of them, the problem quickly spiraled. “We formally adopted the TM forum approach to categorise our application estate, something TalkTalk had never done before. We promoted our best internal people, and hired some great new people, to create a small but dedicated team of subject matter experts (SME), each with a goal of addressing the applications with the highest trading risk first. Each expert worked to define the transformation needed and unpicked the technical debt in their area." This spanned many areas including billing, assurance, data, databases, etc. According to Clayson, there were over 20 of these groups, each one having an SME and a team of people defining and the right outcomes for TalkTalk. That structure helped to give a framework to the team, and from that, the team and the entire board could all see the direction, deliverables, and value of the approach.
T E S T M a g a z i n e | J a n u a r y 2 01 8
D A T A
M A N A G E M E N T
DEVELOPING 'DUPLICATE FEET' The software teams at TalkTalk have committed everything to this intellectually, emotionally and physically, but according to Clayson, the hardest thing was balancing continuing business as usual roadmap deliveries and transforming away from technical debt without breaking the business operationally. Clayson agreed:“We think of it as a bit like painting the ground your feet are stood on – it’s a massive logistical problem. “Because of this, we had to develop ‘duplicate feet’ so the business didn’t need to know or worry about the fact the software was changing underneath them. We then had to carefully move the existing applications onto their new feet. This requires immense levels of thought, planning, and ingenuity. Doing this without disruption was the hardest challenge. The sheer volume of the unpicking required and intricate planning we had to do has slowed us down, but we’re still committed to the delivery of a 50% reduction in tech debt on schedule. “I think we’re a long way ahead of the market here, I don’t know of anyone else across an infrastructure business like us in the UK that has made so much progress in such a short time. We have worked with and shared learnings with a few European companies on our journey – companies who share our aspirations, speed, and commitment. That learning has helped us and we’ll soon be completing the first phase (the first year) of our software transformation, and as planned we’re rapidly approaching a reduction of over 50% of our software technical debt, a truly outstanding achievement by my teams.”
PUSHING DEEPER INTO CORE SOFTWARE STACKS TalkTalk has solid plans for the next 12 months, and a strategy beyond that into 2019, but as the company moves to further consolidate software tools and processes together, pushing deeper into core software stacks, some of the hardest work is still to come. Clayson added: “We have now really started on our journey to create the modern software estate we need, but we are not locked into any supplier or tool-chain and we will flex and change over time based on the performance of one supplier or solution.
“We have adopted Computer Associates (CA) for the largest suite of our tooling, with other tools from MicroFocus and HPE. In the first wave of our journey, and whilst the deployment journey has been quick, we have had implementation challenges, where cloud solutions would have helped considerably. “In the longer term I am only looking for cloud-based solutions for these types of products, so we can burst test at scale when we need to, so we know when we pull a cloud instance down and the data is properly deleted – a key required for our GDPR compliance. We’ve made a great start with the choices we’ve made but COTS providers need to have cloud and old-style solutions to offer."
'CHANGING FOR THE
21
I think we’re a long way ahead of the market here. I don’t know of anyone else across an infrastructure business like us in the UK that has made so much progress in such a short amount of time
BETTER' Tooling is a rapidly evolving market. For all chosen tooling providers, TalkTalk ensures they carefully create business cases that work in the short and medium term, so it's not locked into multiple years of investment returns. “Well, you can tell this is a massive commitment for TalkTalk. TalkTalk’s software transformation journey has made amazing progress in its first phase, but there’s more to do in the next 12 months. I’m immensely proud and impressed at the way the entire business systems software team at TalkTalk has responded to the desire to change things for the better. The amount the teams have achieved in laying the foundations for an overall outcome will be nothing short of game-changing for TalkTalk, and noticeable by both our consumer, business and internal customers,” admitted Clayson. He also noted the journey gets tougher before it gets easier. As we enter 2018, it appears that TalkTalk's software teams, in the UK and internationally, are ready for the next wave of this critical and exciting software transformation.
T E S T M a g a z i n e | J a n u a r y 2 01 8
22
SHIELDING THE MONEY SUPERMARKET
Richard Lowe, Head of Banking, Financial Services and Insurance at SQS, discusses how UK consumers give a high amount of trust to their banking providers yet are quick to turn their backs if an issue occurs
T E S T M a g a z i n e | J a n u a r y 2 01 8
S E C U R I T Y
I N
T H E
S
QS ensures software works as intended. In Lowe's case, SQS's finance, banking, and insurance software must work across large-scale organisations, ensuring good customer experience. “Without good customer experience people get turned off extremely quickly. I have a commercial responsibility for everyone we work with, getting involved in commercial negotiations, ensuring customers get the most out of SQS's products,” said Lowe. According to a report launched by the quality assurance specialist, UK consumers give a high amount of trust to their banking providers, with 85% of customers saying they trust banks with their personal information and to manage their money effectively.
LOSING TRUST Despite this, the report found that 62% of account holders will not trust their banks if it was to suffer a breach, with 55% admitting they would consider becoming a victim of fraud grounds for loss of trust. “We are becoming more fickle because of the banking competition being high. If anything goes wrong with a customer’s banking experience they won’t think twice about changing firms,” agreed Lowe. However, 95% of those who bank online said it makes banking easier and quicker, valuing the convenience banking technology brings. “There is an element of personal choice when it comes to online banking. Although the older generation appear to prefer going directly into their bank, even if it's a journey away,” added Lowe. In addition, the report revealed that 18 to 24-year-olds are more forgiving as a generation, with only 55% of respondents saying they would lose trust in their bank as a result of a data breach, compared to 71% of 65 to 74-year-olds.
‘THE OLDER GENERATION DISTRUSTS SOFTWARE’ Lowe agreed: “Banks are struggling with satisfying certain age ranges, because of how they have developed over time. The generation divide and the gap in trust regarding this is vast and very
F I N A N C E
23
S E C T O R
interesting.” The report found that only 52% of 18 to 24-year-olds would lose trust in their bank if an error on their account was made, suggesting this age group assumes banks will repay any lost funds. “I think that while the older generation distrusts software, younger customers appear to not perceive their data as theirs, and instead expect it to be everywhere so don’t worry about it being misused,” said Lowe. In January 2018, regulated by the Financial Conduct Authority or the National Competent Authority, Open Banking is set to come into effect – enabling consumers and companies greater access to different account options – providing new services and products to help securely manage, move and make money available “quickly and efficiently”.
In January 2018, Open Banking is set to come into effect – enabling consumers and companies greater access to different account options by providing new services and products to help securely manage, move and make money available “quickly and efficiently"
‘OPEN BANKING INCREASES COMPETITION’ According to SQS, Open Banking will increase competition and open up the market. By prioritising the quality of customer experience through digital devices, banks have the opportunity to differentiate themselves from less agile competitors. Lowe continued: “Open Banking is like a money supermarket for banking. Consumers are able to see what accounts are good, with strong customer service rankings and interest rates. "It raises competition because individuals can change their banks quickly, and direct debits can be easily moved during that switch.” The report concludes that as consumer expectations rise, they will be quick to turn their backs on their bank and look for another provider if an issue occurs. Banks need to ensure they keep up-to-date with financial services, trends and stay secure. Lowe also noted banking apps will eventually satisfy everyone’s needs through investments, pensions, and insurances.
RICHARD LOWE BUSINESS UNIT LEAD UK BFSI AT SQS
Richard started his career working in retail finance and banking before moving into business process outsourcing in the early 2000s. He works with large global BPO’s and is now focusing on the growth and deployment of services and capabilities that help organisations achieve their goals.
T E S T M a g a z i n e | J a n u a r y 2 01 8
24
NEW YEAR, NEW MINDSET TEST Magazine Journalist, Leah Alger, spoke to software testing assets, Dan Ashby, Head of Testing at eBay; Anil Pande, Independent Testing Consultant; and Lesley Walkinshaw, Test Manager at Sky Betting and Gaming about what the New Year will bring to the world of testing
T E S T M a g a z i n e | J a n u a r y 2 01 8
I N D U S T R Y
25
T R E N D S
TELL ME ABOUT YOURSELF AND YOUR JOB ROLE Dan Ashby: I'm Dan Ashby, the Head of Software Testing within eBay's B2C product area. I am also the co-creator of the Software Testing Clinic which is a safe, free space for people to learn about testing and for more experienced testers to get into mentoring; co-host the ‘Testing In The Pub’ podcast; regularly speak at conferences; and blog about my thoughts on software testing. Anil Pande: I am an IT professional with 25 years’ experience, who has worked in various verticals (in various countries!) such as telecoms, financial services and insurance. Currently I am the Head of Testing on a large data migration programme. Lesley Walkinshaw: I’m Lesley Walkinshaw, a mum of two, a massive Formula 1 fan and a science fiction junkie. I’ve been in the testing industry for around 12 years. In my current role, I am the Test Manager at Sky Betting and Gaming, Leeds. We have a strong DevOps culture which means daily releases, lone testers and all the challenges that make software testing fun and interesting.
HOW HAS THE INDUSTRY CHANGED SINCE YOU BEGAN TESTING? Dan Ashby: I began testing just after the millennium. Initially, I worked on hardware, firmware and software products, so it wasn't like a typical software development house. At that time, it seemed like a lot of testing appeared to be driven by test cases – asserting expectations of how the software SHOULD work. Over the years I've seen dramatic changes – not just in software testing, but relating to the industry driving towards a much more effective investigative testing approach through exploration, as well as the rise of automation for replacing those assertive test cases. Also, there have been huge changes in the software world as a whole, with more and more people taking on an agile methodology. It's very exciting to see as it drives the focus to be on agility and collaboration. Anil Pande: The increased use of agile development, large teams of testers, and 'testing everything' has changed into small multi-skilled teams testing critical features.
This in turn has meant there is much more focus on automation and regression these days, reducing time to market and fixing forward, which is very different to when I first started testing. Lesley Walkinshaw: Testers are now more embedded in software development teams than ever. We have moved away from centralised testing teams to crossskilled, cross-functional agile squads – delivering software change at a faster and faster pace. What this means to test managers is that there’s a shift away from the scheduling and resourcing of testing projects. The role is moving towards who works with agile teams to guide them on good testing practice, advocating the value of testing. For a tester, there is a great requirement to understand how technology works, working closely with agile teams throughout the system development lifecycle, bringing a strong testing voice and applying the testing mindset; moving away from testers being responsible for planning and executing all the testing and acting as a quality gate. The tester's role is to help the team create a robust test approach, which includes unit, integration, system, automation, security, and performance.
There have been huge changes in the software world as a whole, with more and more people taking on an agile methodology
WHAT TESTING TECHNIQUES DO YOU THINK WILL MERGE IN 2018? Dan Ashby: For 2018, I think if we were to focus our thinking on risks we would see much, much more techniques come through naturally for testing for those specific risks than if we just try to think about techniques on their own. Anil Pande: With more and more organisations moving towards the agile and DevOps ways of working, it is inevitable that automation techniques and automated testing will continue to grow in 2018. With some high profile cyber attacks in the news in 2017, I am sure we will see more focus and investment in security/ penetration testing and ethical hacking. Another trend, I believe, is a move away from structured testing is a set of scripts testing a function to exploratory testing i.e. no scripts, just “play” with the system and raise defects. A very powerful way to test – as long as it can be controlled. Lesley Walkinshaw: Technology will continue to change at an ever-increasing rate, and software testing will not only need to adapt to the rate of change in
DAN ASHBY HEAD OF SOFTWARE TESTING EBAY
Working with software for many years, Dan has gained many valuable experiences as a tester, a coach and a leader within various software industries, including: ecommerce, finance and pharma. Dan is an established public speaker within the lively software testing and agile communities, conducting talks all over the world.
T E S T M a g a z i n e | J a n u a r y 2 01 8
26
The introduction of the GDPR poses a number of opportunities and challenges for technology companies
I N D U S T R Y
delivery, but also to new and emerging technologies. IoT, AR, VR, machine learning, big data and everything ‘On Demand’. Strategies for testing these new technologies will be different to traditional testing techniques, what we test and how we test, and tooling to support will become integral to respond to change.
WHAT TESTING TRENDS WILL BE NEGLECTED IN 2018? Dan Ashby: I hope that people will neglect the trend of aiming for automating 100% of all testing. That's a big misconception that a lot of companies have, driving some testers and developers to believe it. It's impossible to automate investigative testing through an exploratory approach. I'm hoping 2018 is the year of realisation for a lot of companies and people – neglecting that trend would be amazing for the software industry as a whole.
Anil Pande: Manual testing will start
taking a back seat, but I am not sure if it will ever ‘disappear’, there will just be less of it. Defined testing scope will become less ridged and therefore the need to write hundreds of test cases will become less important. Lesley Walkinshaw: Moving away from centralised testing teams and adopting a DevOps culture will change how testing is carried out. Traditional testing techniques won’t be sustainable. Big test plans, detailed requirements analysis and stepby-step scripted test cases will be replaced by more lightweight exploratory testing, supported by automation. As cycle times reduce, batch sizes decrease and the size of the changes become smaller – the more problematic testing will become – based heavily on analytics targeted to the nature of the changes in progress. ANIL PANDE INDEPENDENT TESTING CONSULTANT
Anil Pande was the Head of Testing at Zurich Insurance, but is now an Independent Testing Consultant. He is a leader in the testing arena, leading organisational and technical changes to perform "better, faster and cheaper".
T E S T M a g a z i n e | J a n u a r y 2 01 8
WHAT WILL BE YOUR BIGGEST CHALLENGE WHEN TESTING THIS YEAR? Dan Ashby: I'm currently trying to write a book based on software testing. Writing a book is the second hardest thing I've ever done (the first hardest thing being a parent). For me, this will continue to be a big challenge in 2018. Within the wider testing community I think that in 2018 there may be a revolution regarding automation and exploratory testing, where
T R E N D S
people hit a realisation – I think some people will really struggle with changes made within organisations when this realisation happens. Anil Pande: My biggest challenge will be to keep progressing strategic initiatives. There is always a fire to put out, from a delivery perspective, which always leaves little time to actually put building blocks in place to test faster, cheaper, better. Lesley Walkinshaw: As a test manager, one of the biggest challenges is managing a distributed team. As we scale and grow as a business we are constantly adding new teams to the organisation. How we support agile teams and maintain performance while hiring new testers, training them up and offering career opportunities to existing testers is complex. Being able to create an environment where learning and development enables us to keep abreast of emerging technologies, test tooling, techniques and ways of working across teams is integral.
ARE YOU PREPARED FOR 2018’S NEW EU GDPR? Dan Ashby: I as prepared for the new GDPR as I can be. I think it's about time that some regulations are put in place surrounding data protection. I think there is still uncertainty surrounding whether the UK will implement this EU regulation after Brexit as well. I'm still shocked at the number of companies that are completely unaware of the new changes coming into play in May. I think it should be advertised more – the fines are extremely high, and the government should be putting this in front of everyone so they are aware of the changes. Anil Pande: The introduction of the GDPR poses a number of opportunities and challenges for technology companies, both from an EU and an international perspective. For some time now the GDPR has been on the radar of software companies and a significant amount of effort has been made to ensure that they are ready, to be ahead of the upcoming May 2018 deadline. Lesley Walkinshaw: We are in the process of bringing the work required to respond to the new regulations. The advantage of working in an agile organisation is that we
I N D U S T R Y
27
T R E N D S
are able to respond quickly to changing requirements and emerging business needs. The work will be distributed to the organisation and prioritised through teams as required.
WHAT IMPACT DO YOU THINK THE 2018 EU GDPR WILL HAVE ON SOFTWARE TESTING COMPANIES, INCLUDING YOURS? Dan Ashby: I would like to think that most companies have an element of control over data, so can adhere to things like ‘the right to be forgotten’, but I bet this space might be a bit chaotic for some companies, which is ultimately why the regulations are being introduced. It needs to tighten up. So with this in mind, I think there will be some panic from some companies that are still unaware of the regulations. It will affect their planned features for Q1 as testers will need to spend time implementing changes to be able to meet the regulations. Anil Pande: Compliance with the GDPR will have significant procedural and administrative impacts on software companies' business operations, including in relation to the internal management of roles and responsibilities. Although the objectives of the GDPR are laudable, it has inevitably resulted in significant time and cost expenditure for the industry. Lesley Walkinshaw: Being a pure digital business within the gambling sector we are already highly regulated, so this will just be another set of regulations we need to adhere to. We are already implementing the changes required to meet the regulations. Timelines are tight but I’m pretty sure we will make the required changes – the fines are too high not to!
ARE YOU GOING TO TEST DIFFERENTLY THIS YEAR? Dan Ashby: I think talking about testing is a big thing. It's important for testers to talk about their testing – but it's hard, and many conversations tend to turn into discussions around semantics. The words don't matter; it’s the underlying meanings that we need to discuss. I think in 2018 I'll personally experiment with different ways to talk about testing, and different ways to teach people about talking about testing too.
Anil Pande: Yes, I am going to try and roll my sleeves up and do some testing myself. It has been a while, but I do remember it being very challenging yet rewarding.
I’m really looking forward
Lesley Walkinshaw: I’m not sure, that will be determined by the nature of the work we have coming from the teams. We will adapt and learn as we go!
products and technology
WHAT INNOVATIONS ARE YOU LOOKING FORWARD TO WITNESSING THIS YEAR?
to the emerging IoT market, looking at how our stack will change, and to adapt to the increasing number of devices we can connect to
Dan Ashby: I'm becoming more interested in artificial intelligence (AI) and machine learning (ML). Mark Winteringham has put me on to some good articles about it, and some of them are terrifying, but I feel that for some of the "narrow" AI applications that we see currently, we all have similar misconceptions about what it can do in the same way that we did with automation. I read a great article about these narrow AI apps being like zombie technology, which is a good analogy for the readers to research. I think "narrow" AI will become more prominent in 2018 – as long as people don't start misunderstanding that it can replace testing, then I think it will be fun to see. Anil Pande: Outside of testing, the driverless car. I was in Silicon Valley recently and got talking to an employee of Google. They said it was 3 to 5-years away, which would be amazing. With respect to testing, I would love to see the following: A developer checks in their code, triggering deployment into a test environment; an automated test pack executed; analysed test results in combination with the changes made to the code; and a report sent to the developer telling them the part of the code which has an issue – not a tester in sight. Lesley Walkinshaw: I’m really looking forward to the emerging IoT market, looking at how our products and technology stack will change, and to adapt to the increasing number of devices we can connect to. I’m also of course looking forward to figuring out how we will test them!
LESLEY WALKINSHAW TEST MANAGER SKY BETTING AND GAMING
Lesley transitioned as a Laboratory Technician to a Software Tester and hasn’t looked back. Having worked within the testing industry for around 12 years, she has led client work for a leading testing consultancy, working across multiple sectors.
T E S T M a g a z i n e | J a n u a r y 2 01 8
28
MARKING THE END OF AN ERA The Chancellor of Exchequer announced considerable UK investment in emerging technologies, placing an emphasis on artificial intelligence (AI) development and regulations. But what does Dik Vos, CEO of SQS, think this year will bring to the world of testing?
T E S T M a g a z i n e | J a n u a r y 2 01 8
I N D U S T R Y
29
T R E N D S
AI WILL MAKE A MEDICAL VOICE TECHNOLOGY
AI and software advances
BREAKTHROUGH
WILL LEAD THE WAY
will affect our entire
In the realms of the medical sector, software is capable of solving complex problems, which would take humans an inordinately long period of time to achieve. As artificial intelligence (AI) becomes less dependent on computing capacity, I expect that next year we will see some major medical research breakthroughs with very limited AI learning. Even the most intelligent doctors can only think of a few things at a time. If you channel hundreds of doctors’ research and thoughts through AI, the possibility of breakthroughs in medical research for diseases such as Alzheimers, cancer and HIV becomes much more achievable. While AI will not replace people in the medical profession, it will certainly aid diagnoses, decision-making and eventually aid surgical procedures. As the NHS continues to experience issues with underfunding and overworked staff in 2018, AI could very well be the tool to aid overburdened medical professionals as they continue to treat an unprecedented number of patients. Whilst many people may be wary of the role AI might play in medicine, the consistency of quality assured technology and automated processes will take away the inconsistencies of human error, which is bound to happen with overstretched medical staff.
2018 will see the mass adoption of voicecontrolled technology as it moves away from being a novelty, being used on a wider scale instead. This will happen as the realworld application of this technology begins to make a genuine impact on people’s lives. The impact that voice control will have in a domestic environment, as it is integrated into more products, will be hugely beneficial, especially for less able sections of our society, such as the elderly, and people with disabilities. For instance, the advances in disabled accommodation will greatly improve the quality of life for people who may have found everyday tasks a challenge. While voice-activated kettles may seem like a minor innovation, they will help a large portion of people greatly. Innovation that will make a positive change is simple technology that has a massive impact on the way we function as human beings.
VIRTUAL REALITY WILL HELP DOCTORS PERFORM OPERATIONS Virtual reality (VR) will play a major role in the medical sector in 2018. Of course, VR made headlines this year for helping surgeons separate conjoined twins. Incredibly, I think VR will allow doctors' to perform medical procedures via robotics. This could mean the end of patients having to travel long distances, sometimes to different countries, to have life saving operations from world-leading medical professionals. Robotics is already being used in surgery, but VR could revolutionise how these operations are performed.
workforce to a differing degree
BLUE-COLLAR WORKERS ARE NOT THE ONLY PEOPLE WHO WILL BE OUT OF WORK Automation and AI are often cited as being a potential threat to the working class, blue-collar worker. While I still believe that 30% of jobs as we know them today will be obsolete, it will not just be bluecollar workers who are left looking for employment. I predict that any processorientated roles will be replaced by intelligent software. We have already seen this at firms such as Goldman Sach’s where 200 computer engineers have now replaced 600 of its traders as traders are replaced by software. In 2018, we will see an increase in the number of highly educated employees having to change their jobs. Clearly, the need for the mass retraining of a large section of society is needed and we mustn’t just think about drivers and factory workers – AI and software advances will affect our entire workforce to a differing degree and that must be addressed. Companies should look to re-train their staff now. The traditional blue-collar worker we describe is using technology in their everyday lives, from smartphones to
DIEDERIK VOS CHIEF EXECUTIVE OFFICER SQS
Diederik (Dik) Vos has been the CEO of SQS since October 2012. He is responsible for the company's strategy and managing the Group Management Board. He was appointed to the SQS Management Board in March 2011 and started in SQS as COO. His role is to be responsible for global sales and operations, focusing on driving forward company growth and improving the operational excellence of SQS.
T E S T M a g a z i n e | J a n u a r y 2 01 8
30
Electric powered vehicles will not have a significant
I N D U S T R Y
banking to deciding which paint to buy, and they are more than capable of re-training to be relevant in a digital workforce.
impact on our quality of life, but autonomous
HACKING MUST BE
vehicles certainly will
TAKEN SERIOUSLY 2018 must be the year that the UN sets up a hacker group to test the cyber security of nations, businesses, and non-governmental organisations – ensuring they are doing the things they are supposed to do. At present, we are relying on talented hackers who are doing us all a favour by exposing poor cyber security practices in business and government. Thankfully, many of the major 2017 hacks have resulted in relatively minimal damage to businesses and organisations. The majority of people orchestrating these attacks have been non-malicious and are either doing it for fun or to prove a point. We must not rely on “ethical” hackers lurking in the shadows of the internet to warn businesses and governments. This must become official and regulated by organisations such as the UN in 2018.
T E S T M a g a z i n e | J a n u a r y 2 01 8
T R E N D S
DRIVERLESS VEHICLES ARE THE FUTURE, NOT ELECTRICAL Britain has seen a whole raft of new legislation around cars and vans this year, including the ban on all new petrol and diesel cars and vans from 2040. In my eyes, electric vehicles are clearly not the future. The innovation, while theoretically a step in the right direction, has seen very little uptake in the scheme of things and will be superseded by hybrid technology models or hydrogen based engines. Electric powered vehicles will not have a significant impact on our quality of life, but autonomous vehicles certainly will by offering mobility and freedom to sections of society who may not be able to drive due to disabilities, old age or socioeconomic status.
RIP APPS – DECEASED 2018 I believe that 2018 will mark the end of an era for applications (apps). The app was very interesting to businesses and the public alike when it was a new concept. But, as thousands of apps continue to flood the market, we are going to see a more integrated system where the app is no longer separate, but integrated into our day-to-day life. There are quite frankly too many apps and the way we want to use them is changing. The network has become vast; access to Wi-Fi and 4G now makes it much easier to stay connected. In 2018, we will see apps become much more integrated into one platform, as the business model for apps continues to change.
31
T E S T M a g a z i n e | J a n u a r y 2 01 8
32
CONNECTED VEHICLES COULD OPEN SOURCE SOFTWARE POSE CYBER SECURITY RISKS? Connected car features bring added responsibilities to manufacturers
T E S T M a g a z i n e | J a n u a r y 2 01 8
C Y B E R
33
S E C U R I T Y
I
n the same way that OEMs are responsible for issuing a recall for a malfunctioning piece of hardware, they, along with their suppliers, will be responsible for software vulnerabilities in connected cars over the course of the vehicle’s lifetime. Automakers across the globe have been developing ways to address cyber security when building their connected cars. In the UK, government officials have released key principles that automakers must follow if they have any influence in the manufacturing supply chain. But auto manufacturers rely on hundreds of independent vendors to supply them with hardware and software components. Software from each vendor is likely to be a mix of custom code written by the vendor, along with proprietary code and open source code. With tens of millions of lines of code networked throughout the car, OEMs are finding it increasingly difficult to track and manage the source for each piece of software in use. Vehicle manufacturers need to adopt a cyber security approach that addresses not only obvious exposures in their car’s software but also the hidden vulnerabilities that could be introduced by open source components in that software.
SOFTWARE USED IN CONNECTED CARS IS BUILT ON A CORE OF OPEN SOURCE The use of open source for application development continues to grow every year. According to a Forrester report, open source is used in all industries by organisations of all sizes. The reasons are straightforward – open source lowers development costs, speeds time to market, and accelerates innovation. Specific to the automotive industry, Black Duck’s COSRI Center for Open Source Research and Innovation Group found open source components in over 20% of automotive applications scanned for its 2017 Open Source Security and Risk Analysis report. Open source enters in-vehicle applications through a variety of paths.
Automobile manufacturers rely on a wide range of component and application suppliers who build solutions with open source components and extend open source platforms. Open source is neither more nor less secure than custom code. However, there are certain characteristics of open source that make vulnerabilities in popular components very attractive targets for hackers. Open source is widely used in virtually all forms of commercial and internal applications. For hackers, the return on investment for open source vulnerability is high. A single exploit can be used to compromise hundreds of thousands of applications and websites.
Many automakers and software suppliers deploy static and dynamic application security testing – identifying codes that may result in security issues
OPEN SOURCE SAFETY AND SECURITY ISSUES While connected cars offer abundant opportunities for the automobile industry, automakers and their suppliers need to consider what the connected car means for consumer privacy and security. For example: • When security researchers demonstrated they could hack a Jeep over the internet to hijack its brakes and transmission, it posed a security risk serious enough that Chrysler recalled 1.4 million vehicles to fix the bug that enabled the attack • For nearly half a decade, millions of GM cars and trucks were vulnerable to a remote exploit that was capable of everything from tracking vehicles to engaging their brakes at high speed to disabling brakes altogether • The Tesla Model S’s infotainment system contained a four-year-old vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Many automakers and their software suppliers deploy testing tools, such as static and dynamic application security testing (SAST and DAST) tools, to identify coding errors that may result in security issues. While both SAST and DAST are effective in spotting bugs in code written by internal developers, they are not effective in identifying open source vulnerabilities in third-party code, leaving major components of today’s applications exposed. Since 2004, more than 74,000 vulnerabilities have been disclosed by the National Vulnerability Database (NVD),
PATRICK CAREY VICE PRESIDENT OF PRODUCT STRATEGY BLACK DUCK SOFTWARE
As Vice President of product strategy at Black Duck Software, Patrick Carey focuses on working with engineering and product management teams to build and improve solutions that help organisations build software quickly and securely when incorporating open source code components.
T E S T M a g a z i n e | J a n u a r y 2 01 8
34
Most open source components are governed by 1 of 2,500 known open source licenses – many with obligations and varying levels of restriction
C Y B E R
but only 13 of those were found by SAST and DAST tools. When a supplier or auto OEM is not aware of all the open source in use in its product’s software, it can’t defend against attacks targeting vulnerabilities in those open source components. If your organisation plans to leverage connected car technology, you need to examine the software eco-system you’re using to deliver those features, and account for open source identification and management in your security programme.
PRODUCT LIFECYCLES PRESENT LONGTERM MAINTENANCE CHALLENGES On average, a cell phone or personal computer has a life of three to five years before replacement, with software updates pushed out to users on a regular basis. Vehicles are designed to be on the road for a much longer period, as much as 10 to 15 years. The need to support software for that amount of time presents a unique challenge for software security. When presented with a piece of software that includes open source components, OEMs need to ask the following questions of internal teams or external vendors: • Will the open source components you’re using be supported by the open source community in the future? • Are you prepared to provide ongoing support for projects if the community or vendor abandons them?
T E S T M a g a z i n e | J a n u a r y 2 01 8
S E C U R I T Y
• What does the release cycle look like? • How many vulnerabilities has the component had over the last few years compared to the size of the code base? Is the community securityaware?
OPEN SOURCE LICENSES AND COMPLIANCE RISKS Open source security risk is top of the mind for many organisations because of highly-publicised exploits such as the Apache Struts 2 vulnerability which brought thousands of attacks against organisations worldwide, including the infamous Equifax breach. However, it is also important to recognise the importance of license compliance as part of open source risk. Most open source components are governed by one of about 2,500 known open source licenses, many with obligations and varying levels of restriction. These license requirements can only be managed and complied with if the open source components governed by those licenses are identified. Failure to comply with open source licenses can put businesses at risk of litigation and compromise of IP. Even so-called “permissive” open source licenses typically require acknowledgment of use and other obligations such as redistribution and documentation requirements. And open source components with no identifiable license terms can be also problematic. Software that does not have a license generally means no one has permission
C Y B E R
35
S E C U R I T Y
from the creator(s) of the software to use, modify, or share the software. Lack of clear statements of rights and obligations leaves organisations using that open source at greater risk of violation of “hidden” terms. Best practices in the use of open source software require developers to understand which components and associated licenses are in their code and what obligations may result from their use of open source. However, managing open source use manually can be a Sisyphean task, as Black Duck’s 2017 Centre for Open Source Research and Innovation (COSR) report demonstrated. Audited applications contained 147 open source components on average — a daunting number of license obligations to keep track of — and 85 percent of audited applications contained components with license conflicts. The most common challenges were GPL license violations, with 75 percent of applications containing components under the GPL family of licenses, but only 45 percent of those applications were in compliance with GPL obligations.
BEST PRACTICES FOR MANAGING OPEN SOURCE RISKS ACROSS THE AUTOMOTIVE SUPPLY CHAIN As auto OEMs work with software providers, a growing set of open source components is making its way into automobile systems. The open source
code is being channeled through countless supply chains in almost every part of the automotive ecosystem. To make progress in defending against open source security threats and compliance risks, both auto OEMS, and their suppliers must adopt open source management practices that: • FULLY INVENTORY OPEN SOURCE SOFTWARE: A full and accurate inventory (bill of materials) of the open source used in their applications is essential. • MAP OPEN SOURCE TO KNOWN SECURITY VULNERABILITIES: OEMs need to reference public sources to identify which of the open source components they use are vulnerable. • IDENTIFY LICENSE AND QUALITY RISKS: Failure to comply with open source licenses can put organisations at significant risk of litigation and compromise of IP. • ENFORCE OPEN SOURCE RISK POLICIES: As software development becomes more automated so too must management of open source policies. • ALERT ON NEW SECURITY THREATS: With more than 3,600 new open source vulnerabilities discovered every year, organisations need to continuously monitor for new threats as long as their applications remain in service. By integrating risk management processes and automated solutions into their software supply chain, automakers, suppliers, and technology companies servicing the automotive industry can maximise the benefits of open source use while effectively managing its risks.
Best practices in the use of open source software requires developers to understand which components and associated licenses are in their code
T E S T M a g a z i n e | J a n u a r y 2 01 8
36
BRINGING THE MODERN SOFTWARE FACTORY TO LIFE
TEST Magazine Journalist Leah Alger flew to Las Vegas to attend CA World ’17, where a variety of entrepreneurs touched upon The Modern Software Factory and its benefits T E S T M a g a z i n e | J a n u a r y 2 01 8
T E S T
A
37
A U T O M A T I O N
t CA World ’17, CA Technologies brought the Modern Software Factory to life, in a bid to improve customer experience – offering solutions to build better apps by maximising its performance and making security a competitive advantage through agility, automation, and insights. Although software is indisputably pivotal for the growth of companies, it appears most organisations are lacking the right IT capabilities, hampering the ability to develop and deliver the software needed to support their business needs – the reason for many companies acquiring CA Technologies products and its Modern Software Factory approach. CA’s report Don’t Let an Outdated Software Strategy Hold You Back, conducted by 1,2000 IT leaders and the analyst Freeform Dynamics, presents the remarkable gap between 25% of enterprises referred to as “Masters of the Modern Software Factory”. Other measures include executive leadership, profit, revenue, risk-taking and the adoption of modern software tools – giving "Masters of the Modern Software Factory" the chance to embrace agility, security, and insights; leading them to correlate a 70% higher profit growth and 50% higher revenue growth when compared to the mainstream. “At CA we believe that all businesses can benefit from the Modern Software Factory by deeply engaging customers, but they may need to embark on a digital transformation to get there," said Scott Morrison, Founder of Layer 7 and Senior Vice President at CA Technologies. “The most important thing the Modern Software Factory brings is to deliver value continuously, in manageable increments, improving on a continuous basis. The adoption in the enterprise should follow this same course. This shouldn’t be a project where you wait two years for a big change – one that inevitably disappoints. Instead, the transformation should be gradual, continuous, and incremental – bringing legacy with it and purpose by engaging customers directly." The report is evidence that the Modern Software Factory assists customers demands through the way it manages technology. The old-style process-centric waterfall approach does not deliver the innovations that customers need nor want anymore. In order to achieve the key attributes of the Modern Software Factory, the process of software development and delivery must be transformed through consistent quality, extensive automation and resource efficiency.
CA opens doors and its software factory paints an aspirational picture of where companies want to be
Morrison continued: “Now the word factory may conjure up images of assembly lines and robots doing one thing day in, day out – hardly something that inspires technologists – there is enormous room for innovative and creative work when you build anything. “Nobody would ever accuse Mercedes or Tesla of lacking in innovation – they just automate the mechanical processes that should be automated – seeing enormous gains in throughput, quality, and efficiency. This should be our inspiration in software: automate the mechanical processes and allow our talent to focus on innovation.”
OVER 20 INNOVATIONS SHOWCASED
Todd DeLaughter
K. SCOTT MORRISON SENIOR VICE PRESIDENT AND A DISTINGUISHED ENGINEER CA TECHNOLOGIES
Scott joined CA as part of its acquisition of Layer 7 Technologies, where he is the CTO. He led the company to develop leading security infrastructure for mobility, cloud and APIs.
At the conference at Mandalay Bay, Las Vegas, which took place on the 13-17 November 2017, over 20 innovations were showcased as part of the Modern Software Factory: AGILE MANAGEMENT • CA Agile Central CX Enhancements • CA PPM 15.3 SECURITY • CA Veracode Greenlight • CA Veracode Mobile Application Security Testing DEV PRODUCTS (APIM) • CA Microgateway DEVOPS • CA BlazeMeter • CA BlazeMeter API Test • CA Continuous Delivery Director SaaS • CA Digital Experience Insights • CA Service Virtualisation 10.2 • CA Test Data Manager 4.3 • CA APM 10.7 MAINFRAME
JOHN PURRIER CTO AUTOMIC SOFTWARE
John has a proven track record of taking products from conception, through development to market delivery, and has extensive experience with both small start-up companies and established industry leading companies.
T E S T M a g a z i n e | J a n u a r y 2 01 8
38
T E S T
Continuous delivery becomes real because of agile creating value, and software investments can be measured more than ever before, helping automation run smoothly within the DevOps toolchain
• • • •
CA Trusted Access Manager for Z CA Dynamic Capacity Intelligence CA Mainframe Operational Intelligence 2.0
AUTOMATION • CA Automic Workload Automation 12.1 • CA Automic Release Automation 12.1 • CA Automic Service Orchestration 12.1 CA’s platforms promise to scale and support DevOps through the use of analytics, while CA Microgateway manages and deploys microservices in a matter of minutes. These new security products ensure that security is considered at the beginning of development life-cycles without damaging impacting developments. CA Technologies CEO, Mike Gregoire, revealed in his keynote at CA World ’17: “The ability to manage, change, respond to new inputs or insights, and to pivot has never been more important. “Our entire portfolio is designed around the pillars of the Modern Software Factory to increase the velocity, security, and performance of the solutions and the apps that are critical to our customers’ businesses. “Automation is all about the quality of your factory. It will accelerate your development, but only if you standardise and integrate smoothly across the DevOps process and toolchain. “The future isn’t about manual automation, it’s about intelligent automation, which learns and adapts to the entire system. In fact, we recently acquired Automic to help us automate business processes.”
ALLOWING TALENT TO FOCUS ON INNOVATION
TODD DELAUGHTER CEO AUTOMIC SOFTWARE
Todd DeLaughter is the CEO of Automic. He can pull disparate, passionate views into a single executable action plan, while energising the company by clearing out distractions, hiring smart, and building productive global teams.
T E S T M a g a z i n e | J a n u a r y 2 01 8
Automic’s acquisition with CA represents an outstanding milestone in CA’s strategy, broadening its capabilities to better serve customers, while driving digital transformation into businesses. The addition of Automic adds new cloud-enabled automation and orchestration capabilities across CA’s portfolio – increasing its presence in the European market. Todd De Laughter, CEO of Automic, agreed: “CA opens doors, and the Modern Software Factory paints an aspirational picture of where companies want to be. Companies don’t have to get there straight away, but everyone can see themselves in the journey, transforming into a truly digital business, competing with competitors
A U T O M A T I O N
through using automation and agile. “The acquisition gives Automic the opportunity to be a self-driving car for IT – we have always had our hands on the wheel, but now we have the software getting us there safely. Today, we may drive the car into a brick wall, but CA Automic software makes us avoid that problem.” John Purrier, CTO of Automic, also believes the acquisiton is for the best: “The Modern Software Factory has rapidly improved Automic – through its products and contacts – giving the company more value as a whole.”
HIGHLY AUTOMATED PROCESSES
By enabling enterprises to move from traditional process automation to intelligent business automation, CA Automic delivers fully automated enterprise, according to Aymen Sayed, Chief Product Officer at CA. “The Modern Software Factory is the most important enabler for companies to help customers needs. It helps build better software – creating new value to drive businesses forward,” he added. Otto Berkes, CTO of CA Technologies, agreed: “There’s a clear indication that those organisations that adopt modern software development practices through embracing agile, increasing automation wherever possible, using machine learning and analytics to generate insights, and integrating security into the development process do a better job of driving growth. “Continuous delivery becomes real because of agile creating value, and software investments can be measured more than ever before, helping automation run smoothly within the DevOps toolchain.” It appears that CA Technologies have the know-how to stay ahead of the pack by improving brand experience and helping support and scale teams through agile, automation and insights with zero-touch self-service capabilities. Enterprises will continue to leverage well-defined, highly automated processes to enable software to be developed in shorter cycles and deployed into production at a higher velocity. This represents The Modern Software Factory, as it evolves intelligent automation, offering the key potential to enhance to a more agile enterprise.
T E S T
A U T O M A T I O N
39
T E S T M a g a z i n e | J a n u a r y 2 01 8
40
FREE UP TESTERS TO FIND DEFECTS
Experienced Client Director and Test Expert at P2 Consulting, Jane Such, exclusively reveals how the second fastest growing company in the UK successfully tests and her thoughts on the future of Selenium
S
uch began her career at a utility company in the South West, working her way up from programmer to project manager. By the early 90s, she found herself working on a very large client-server type programme where she first got her teeth into testing. By 2000, she began her first Head of Test role, then branched out into test architecture and consultancy roles 12 years ago. Such started working for Certeco in 2015, which has since merged with P2 Consulting, the second fastest growing company in the UK. P2 and Certeco merged to increase their range and depth of expertise. The combined business offers capabilities that span the transformation lifecycle and include portfolio and programme assurance, project and
T E S T M a g a z i n e | J a n u a r y 2 01 8
U S E R
41
E X P E R I E N C E
programme delivery, business architecture and design, testing and quality assurance, and implementation. P2’s way of testing is unique, because of its deep understanding of the testing and QA market – P2’s Group Client Officer was the Programme Chair of the latest World Quality Report. The consultancy’s continuous testing and assurance practice is currently focused on maturing programme and project test management, continuous testing and SAP testing.
‘MANUAL TESTING IS STILL RELEVANT’ While on the subject of manual testing, Such said, “For P2 testers there is no single or best test automation tool. A tool is selected in terms of technical feasibility and return on investment, while giving consideration to ease of use, budget and skill set. Tool selection and implementation is a serious business and should be treated as a project in its own right, even when selecting open-source tools.” “Advancements in Selenium testing have taken the industry by storm. It is continually maturing and is considered by many as the de facto tool in web development, best suited to agile and DevOps type teams. Demand is increasing; IoT is generating more and more apps and larger companies are increasing self-service functionality via the web, so the opportunity to use Selenium is going to grow.” Such added: “Automation isn’t limited to testing. Developers and operations staff are automating many of their tasks too, specifically the building of test environments. Again this works well for web developments, but for the testing of legacy platforms I think service virtualisation is under exploited. The testing community should embrace it more when you consider the benefits – a reduction in environment related incidents and no more waiting for the test environment to be ready. With service virtualisation these issues will be a thing of the past.” According to Such, in an increasingly automated world, manual testing is still hugely relevant. Once mundane and repetitive tasks are automated, testers are freed to find more defects and can employ their skill and judgement appropriately. As she explained, “Automated testing is not automatic manual testing! Different practices are required in different circumstances, so we take into consideration the objectives, deliverables and stakeholder desires. Also it’s not all about test coverage anymore – it’s about exploring the
right areas and seeing where it takes you. You need to consider what went wrong and judge from there, which computers can’t do.” P2’s people are committed to a culture of good service and delivery. The company works in partnership with clients and only takes on projects that have measureable outcomes that it knows it can deliver and is extremely proud of its 100% endorsement rate. “Successful projects are absolutely dependent on good requirements, whether an agile or waterfall development method is used. This is where manual testing is crucial, searching for ambiguities in the requirements and checking them for completeness and testability," she revealed. "Some projects are highly complex, and would benefit from including requirements ambiguity testing as a formal testing activity to make sure the requirements are what they should be and are fit-for-purpose.”
Advancements in Selenium testing has taken the industry by storm, being considered by many as the de facto tool in web development
‘TEST EARLY NEEDS MORE EMPHASIS’ This shift-left approach is a widely accepted method to reduce the number of defects during a project. Traditionally applied to the waterfall approach, it is just as relevant to agile. Testers need to be involved up front to check for clarity and completeness as nonfunctional requirements often get overlooked. A good tester will identify this. Such expects to see a continued industry trend in neglecting non-functional testing. Such continued: “I fear there isn’t enough focus on non-functional and performance type testing. With the increased uptake of incremental development, there is heightened risk around non-functional testing. Performance, security and other non-functional tests – when designed and developed incrementally – need to be tested incrementally, but with budget constraints this type of testing is seen as a huge overhead and is often left until the end. As a result, Such thinks we will see more system failures reported in the media this year." In terms of the future of testing, she believes there will be a huge increase in automation, mobile and security testing, but personally would like to see more emphasis on 'Test Early'. “I don’t think you see enough of Test Early, despite it being around for years. In terms of individuals, I think there will be more cross-functional roles and those with analytic reasoning and logic-type skills will do well,” she noted.
JANE SUCH TEST EXPERT P2 CONSULTING
With over 25 years’ experience working in technology, Jane began her career at the energy provider firm SWEB. From there she moved to IBM, where she first began to test.
T E S T M a g a z i n e | J a n u a r y 2 01 8
SHOWCASING HARD WORK PAYS OFF
42
CEO and Founder of QA Mentor, Ruslan Desyatnikov, reveals his proudest moment to date - winning the Leading Vendor Award at The European Software Testing Awards 2017
R
uslan Desyatnikov began his software testing career 21 years ago. He found himself in many different roles within the testing field before finally Founding QA Mentor in 2010. “I started QA Mentor because testing is my passion and I wanted to help companies and QA Professionals around the world to improve and mature their QA processes, adapt best practices, and establish high performance testing teams,” added Desyatnikov. QA Mentor first began with strategic services such as QA audit, process improvement, and transformation services, before later realising that customers wanted more options for specialised services. Desyatnikov revealed: “We started slowly as we wanted to first establish a solid foundation with our own unique
T E S T M a g a z i n e | J a n u a r y 2 01 8
methodologies and best practices which helps us to scale at the right time and cover all angles of the quality assurance and testing domain.
UNIQUE QA SERVICES, QA METHODOLOGIES, AND FRAMEWORKS “Very soon I realised our customers’ need for more services and more cost-effective solutions, so we expanded our business by opening several strategic locations in low cost areas, offering more and more services as we went along – the rest is history.” Since Desyatnikov founded the leading quality assurance company, it has created
T H E
E U R O P E A N
30 quality assurance and testing services – some unique to QA Mentor. The company has 256 certified QA professionals around the world in 8 different locations and aims to grow and support companies around the world. Desyatnikov added: “We have 7 proprietary QA methodologies which we adapted and now utilise in many Fortune 500 companies from static testing and inspection methods to our unique approach to regression and compatibility testing with elements of risk-based testing techniques. “We have a unique service called ‘Testing in your Time Zone’, which means our teams are available to everyone for immediate support around the clock, overlapping all time zones with 5 shifts, 24 hours a day, 365 days per year.”
‘CUSTOMERS SUCCESS IS OUR SUCCESS’ For a number of reasons, QA Mentor recently won the prestigious award for Leading Vendor at The European Software Testing Awards. “A few years ago we were only dreaming about this as it was an unachievable mission, and even though it's a reality today, it's still hard for us to believe,” said Desyatnikov. “Last year we achieved some very impressive results, from certifying 93% of our staff in ISTQB exam to achieving ISO 27001:2013 and ISO 9001:2015 certifications. We have released 6 QA e-learning courses and over 3000 QA professionals around the world have completed them. Our staff has increased by 31% and we acquired 58 new clients in 2017.” QA Mentor won 12 global awards in 2017 from various publications and magazines, due to its unique approaches and methodologies, commitment to quality, and efforts to keep costs low for customers.
‘AS GOOD AS WINNING AN OLYMPIC MEDAL AGAINST TOUGH COMPETITORS’ “I guess our unique approaches impressed the Judges. We were extremely happy
S O F T W A R E
T E S T I N G
when we were announced the winner of the Leading Vendor award at The European Software Testing Awards because we were up against some fantastic firms. It’s great to showcase that hard work does pay off. It felt as good as winning an Olympic Medal against tough opponents. We must be heading in the right direction,” commented Desyatnikov. QA Mentor’s Agile Transformation Services also played a part in the company’s award win. In 2017, the firm helped 17 testing teams across the globe to adopt agile and helped them transform from the typical waterfall approach to agile/scrum methodologies. Desyatnikov continued: “Other successful projects include process improvement and QA transformation for major financial companies, Testing Centre of Excellence Establishment for an insurance company, static code analysis adaption for a major mobile provider in Yemen, architecture inspection for a major retailer and helping many start-ups and small organisations to mature by bringing them to the next level.
HELPING ORGANISATIONS MATURE “We ensure defect leakage is no more than 3% – we have perfected this process, ensuring little leakage. “We want every company to adapt to our methodologies and utilise them across the board – which is why we offer training, workshops, and seminars at a reasonable price; educating everyone how to test differently and smartly." This year Desyatnikov noted that QA Mentor is building another floor at its headquarters in India, which will employ 75 staff in 2018, and is opening 4 more strategic locations in the Philippines, South India, Pakistan and South Africa with goals to expand further. “We won’t stop expanding until QA Mentor has won all categories of The European Software Testing Awards – that’s not a joke. We want to establish a footprint in every country and become the #1 Software Testing Company in the world,” added Desyatnikov.
A W A R D S
43
We have a unique service called ‘Testing in your Time Zone’, which means our teams are available to everyone for immediate support around the clock, overlapping all time zones with 5 shifts, 24 hours a day, 365 days per year
RUSLAN DESYATNIKOV CEO QA MENTOR
Ruslan Desyatnikov brings over 20 years' of quality assurance, quality control, process improvement and software testing experience to QA Mentor. Prior to expanding operations at QA Mentor, Ruslan worked at Citi for 3 years as the Global Head of Testing of Worldlink Technology.
T E S T M a g a z i n e | J a n u a r y 2 01 8
44
A WA R D S W I N N E R S
A
big thank you to all attendees of The European Software Testing Awards 2017 on the 21 November 2017, Old Billingsgate, and to our sponsors Infosys and Prodapt. We look forward to seeing you again this year, who knows, it could be you receiving the Overall Software Testing Award 2018.
cycle (SDLC), and not just within the QA function itself, which is a key factor in attaining agile delivery success. In the same way, the firms information around tooling and DevOps showed a big picture approach with a clear understanding of all the complexities and challenges which were successful.
BEST AGILE PROJECT
BEST MOBILE
PROJECT
Awarded for the best use of an agile approach in a software testing project.
TESTING PROJECT
(FUNCTIONAL)
Awarded for the best use of technology and testing in a mobile application project.
The award for the best use of functional automation in a software testing project.
CATEGORY WINNER
Tata Consultant Services (TCS) TCS demonstrated an agile approach to its project, excellent communication between the entrant and development team, outstanding communication within the software testing team, and evidence of a commitment to high quality and standards. The consultancy service particularly showed good quality initiatives and standards throughout the full system development life
T E S T M a g a z i n e | J a n u a r y 2 01 8
CATEGORY WINNER Cognizant
This particular entry touched upon cross-device issues, and how they were overcome; presenting a commitment to industry standards, verification of project goals, achievements, and of course, those all-important profitable results.
ď„Ž
The beautiful venue, dress code, and nature of the occasion added to the prestige and glamour of the event Kate Boocock
ď„Ž
Lloyds Banking Group
BEST TEST AUTOMATION
CATEGORY WINNER
BT in partnership with Accenture Automation is not just an add-on to make manual testing or testing faster, it is a different way of developing software, impacting the way it is developed, as well as the architectural choices. Entries needed to show beyond a standard approach to automation using artificial intelligence and machine learning,
45 45
This event is becoming the one to be seen at in the industry Tim Reynolds CA Technologies
TEST MANAGER OF THE YEAR Awarded to the most outstanding test manager of the last 12 months.
CATEGORY WINNER Sogeti
which is where BT in partnership with Accenture demonstrated outstanding use in its functional software testing project – impacting the whole of its software development life cycle.
BEST TEST AUTOMATION PROJECT (NONFUNCTIONAL) The award for the best use of nonfunctional automation in a software testing project.
CATEGORY WINNER
the testing field.
CATEGORY WINNER KPMG
Raul Khemlani from KPMG showed clear evidence of applying the best practices, collaborating with colleagues, and researching and learning new tools and methodologies to meet and succeed the needs of a project. His commitment to testing resulted in measurable improvements and he also actively shared his knowledge to the wider community via articles, forum posts, and knowledge transfer sessions.
Alan Hughes from Sogeti was strong at providing clear evidence on each marking criteria, showing high-quality commitment to his customers and peers while focusing on providing quantitative data.
BEST OVERALL TESTING PROJECT (RETAIL) Awarded to the most outstanding project in the retail sector.
CATEGORY WINNER Godel Tech
The agile nearshore development company's entry demonstrated an innovative approach to a complex project using current, best practice
Infosys
The best use of non-functional automation in a software testing project was awarded to Infosys for its utilisation of a well-developed testsuite, successfully resolving technical problems, and meeting its targets committing to high-quality standards using the best techniques possible.
GRADUATE TESTER OF THE YEAR This award goes to a recent graduate who has shown outstanding commitment and development within
T E S T M a g a z i n e | J a n u a r y 2 01 8
46 46
BEST OVERALL TESTING PROJECT (COMMUNICATION) Awarded to the most outstanding testing project in communication
CATEGORY WINNER Tech Mahindra
BEST OVERALL
Amazing setting, wonderfully organised, timely event. The event gave lots of opportunities to network – overall I had a wonderful time Asish Praharaj Cognizant
PROJECT TESTING (GAMING)
techniques. The entry stood out due to the complexity of the solution and the level of ingenuity required to build from scratch.
BEST OVERALL TESTING PROJECT (FINANCE) Awarded to the most outstanding project in the finance sector.
CATEGORY WINNER Infosys
Infosys demonstrated the challenging paradigm of the finance project, choosing the right tool to solve issues faced by reviewing multiple tools to begin with. The global leader in technology services also built custom frameworks to bridge multiple testing solutions and overcame the technical challenges – resulting in cost-savings for the end customer and a high-quality product.
T E S T M a g a z i n e | J a n u a r y 2 01 8
Awarded to the most outstanding testing project in the gaming sector
CATEGORY WINNER Harman Services
This entry showed proof of the most outstanding testing project in the gaming sector, showing successful results and good customer experience.
According to the Judges, Tech Mahindra focused more on testing than others through demonstrating the output of its testing, rather than the project itself. The global leader in IT also showed evidence of working closely with organisations – to deliver projects on time, within budget.
BEST USE OF TECHNOLOGY IN A PROJECT Awarded for outstanding application of technology in a testing project.
CATEGORY WINNER
Lloyds Banking Group Digital in partnership with Sapient This entry highlighted overall
4747
T E S T M a g a z i n e | J a n u a r y 2 01 8
48
thought leadership and applications of agile/DevOps principles in testing while understanding the business problems of “faster to market” and “quality first”. The commercial bank also correctly delivered BDD based agile testing.
TESTING TEAM OF THE YEAR Awarded to the most outstanding overall testing team of the year.
CATEGORY WINNER
MOST INNOVATIVE PROJECT Awarded for the project that has significantly advanced the methods and practices of software testing.
CATEOGORY WINNER Infosys
Pushing boundaries within the industry, Infosys significantly demonstrated advanced methods and practices, creating new methods and tools in the testing field – pushing boundaries within the industry.
Atom Bank
High levels of collaboration were involved in this entry, including clear customer focus and and team bonding – showing a strong commitment to high stakeholder engagement.
PRODAPT TESTING MANAGEMENT TEAM OF THE YEAR Awarded to the testing management team of the year that has shown consistently outstanding leadership.
CATEGORY WINNER Schroders
This entry winner showcased consistent leadership skills, excellent management skills, outstanding communication with other testing teams and evidence of commitment to high-quality standards.
pricing policies and innovative value-added products, as well as very strong propositions and demonstratable commitment to customer satisfaction – implementing test management software at no cost and working in the time zone of its customers.
BEST USER
OVERALL SOFTWARE TESTING AWARD 2017 This award celebrates the most outstanding achievement by an acknowledged veteran in the testing field who has shown constant commitment in the testing community
EXPERIENCE (UX) Awarded for the best use of user experience testing in a project.
CATEGORY WINNER Tech Mahindra
Tech Mahindra showed evidence of user engagement throughout its delivery lifecycle while promoting innovation and researching best practices in the wider field of UX testing, which ended in successful results and outcomes – meeting its set target.
LEADING VENDOR
AWARD WINNER Schroders
Excelling in all areas and surpassing every other individual, project, and organisation within the software testing field. Our entries increase year and year, with over a hundred assets in the software testing field glamming themselves up to celebrate success and toast to triumph. Don’t miss the opportuntiy to win yourself and your company an industry award this year – giving you the ambition and reasoning to work extra hard – register via: www. softwaretestingawards.com.
AWARD Awarded to the vendor who received top marks for their product/service and customer service.
CATEGORY WINNER QA Mentor
The perfect way to celebrate and reflect upon a year of hard work Rukayat
QA Mentor offered transparent
#SoftwareTestingAwards
T E S T M a g a z i n e | J a n u a r y 2 01 8
Third Bridge
49
Entries will open on
7th February 2018 visit www.DevOpsIndustryAwards.com
for more information
T E S T M a g a z i n e | J a n u a r y 2 01 8
50
27th february 2018 Park Inn by Radisson – London Heathrow
Have you booked your place?
BOOK NOW for only £349 per delegate at www.testfocusgroups.com
T E S T M a g a z i n e | J a n u a r y 2 01 8