Software Testing Blog

The impact of check-in services, like Foursquare, on personal privacy and security is yet again making top headlines. If you remember our most recent bug battle (The Check-In Challenge), more than 80% of respondents responded “Yes” when asked if they were concerned about how location-based services (LBS) could impact their personal privacy and safety. And 49% chose “privacy/security concerns” as the top reason they don’t use check-in services more often.

Yesterday, the security company WebRoot came out with a study discovering similar results. After surveying 1,500+ social network users with geolocation-ready mobile devices, WebRoot found that more than half (55%) of respondents fear the loss of security and privacy, and 45% are very concerned about letting potential burglars know when they’re away from home (ah yes, the now shut down PleaseRobMe experiment comes to mind).

What’s most interesting to us is that 39% of those surveyed by Webroot said they use geolocation services, but take a look at the number of people that have fallen prey to social network cyber-criminals:

• Nearly a quarter of respondents (22.4 percent) were victims of a phishing attempt to steal their social network password.
• About one in six (16 percent) reported a malware infection in the past year that originated from a social networking site.
• One in nine reported at least one of their social network accounts had been compromised or hijacked.

Even in the face of these risks, many consumers admitted to engaging in risky behaviors:

Read more…

Take that Oracle! You just let Apple capture the lead in the 2010 Bug Marathon, otherwise known as Secunia’s Half Year Report (PDF). Worth the read, the 20-page report identifies the ten largest vendors with the most vulnerabilities (in all their products) and ranks them for the first half of 2010 – great entertainment for those who like to track bugs and keep score.

I mean, the World Cup is over and nobody really cares about baseball until September, so perhaps this could help fill the competitive void in the meantime…

Here are the current “standings”:

1. Apple
2. Oracle
3. Microsoft
4. HP
5. Adobe Systems
6. IBM
7. VMware
8. Cisco
9. Google
10. Mozilla Organization

As noted earlier, this is really more of a marathon than a sprint, so it would be useful if we went back a little longer than six months to crown a winner. Thankfully, Secunia did just that as part of their key findings:

Read more…

“Certifications are a farce – they simply test your ability to cram for an exam,” cries one tester in a recent uTest forums exchange. “No way – certifications are extremely valuable and establish credibility to the testing world,” replies another tester.

And it goes on and on… As a witness to the ongoing debate, it’s clear that there may never be a meeting of the minds when it comes to certifications. It’s certainly been thought-provoking and entertaining to read through the vicious cycle of pros and cons supporting both camps. Here are several to spark more debate!

Pro-Certifications Camp:

• They provide a base level of knowledge for those interested in the field, including terminology, processes, etc.
• They help testing newbies get their foot in the door of the testing world
• Certain organizations prefer to (or only) hire certified testers
• Passing a certification means that one is serious about testing
• Having a certification differentiates you from the crowd of software testers

Anti-Certifications Camp:

• Certifications bodies take in top money to create certs that simply test your ability to cram for an exam and at best possess knowledge – as opposed to your problem solving skills and how to test
• Passing such exams does not prove anything about testing skills & should not get your foot in the door for a job
• Organizations that prefer certified testers are simply lazy about their interviewing process – looking for a piece of paper or label on the resume vs. looking at the candidates skill set
• Passing a certification simply indicates that you are willing to take the time and money to complete a task
• There are so many certified testers – so what differentiates one from another? More advanced certs? Where’s the limit?

Read more…

Imagine a world where software testers are courted and wooed like LeBron James; where online job boards are littered with “Testers Wanted” posts and where everyone can finally spell “QA” correctly. In other words, imagine a world with a shortage of software testers…

“Nonsense!” you say. “There’s plenty of software testers to go around.” Not for long, says SiliconIndia, who posits that a shortage of skilled software testers is only a matter of time. Citing various facts, figures and estimates from a recent Gartner study, the author examines the reasons behind this coming tester drought.

Pradeep Chennavajhula explains:

This shortage is now a major concern for the IT service organizations, considering that the academia is not geared up to support the program, and many of the training organizations are not geared up to meet the demand of the industry. In this scenario, the question still remains as to how is the industry planning to tackle the shortage of software testers?

Good question. Of course, we’ve dealt with these issues many times before on The uTest Blog. Here are a few posts with some answers:

Read more…

New Englanders aren’t known for doing well in hot weather, and a recent heat wave has kept us all inside in the air conditioning. Since our engineers can’t go outside without melting or vaporizing, they’ve been inside keeping busy creating some cool new features. Let’s take a look:

Attachment Viewer
Our testers love uploading attachments with their bug reports.  Whether it’s a screenshot or a video, testers know that an attachment can make a bug report easier for our customers to understand and visualize.

Until now, customers have had to download every attachment individually and then open them on their desktops. To make this process faster and easier, we have launched a nifty new attachment viewer that works inside our platform. Now customers and testers can view video and image attachments with a single click, toggle between them easily, and download the ones you want to keep. And for non-multimedia files like spreadsheets and documents, we still make it easy to download the files and open them from your desktop.

Take a look at this short 30 second video showing off the new attachment viewer:

Read more…

This past weekend, Vietnamese developer, Thuat Nguyen, hacked into 400 iTunes accounts to catapult his apps to best seller status. Nguyen accomplished this by buying his own Books apps — using the hacked iTunes accounts — which boosted his app ratings and launched his apps to the top of the list. The result? 42 of Nguyen’s apps were among the ‘Top 50 Books’ and up to $500 was deducted from each iTunes account.

After tracking down Alex Brie, a developer who first discovered the issues, PC World reported:

“After Brie’s calculations, Nguyen would have needed at least 3,000 hacked iTunes accounts to reach the ranking he had on Sunday in the App Store…[and] Brie speculates that to achieve such high ratings for his apps, Nguyen had to hack into Apple’s iTunes servers and skip the normal security steps, or run an automated scripted program.”

According to Engadget, Apple responded last night:

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns…

I was under the impression that the App Store approval process was brutal. So, how did this rogue developer get through? What additional security measures and tests need to be put into place to prevent account fraud?

Safe to say that mobile app development has greatly outpaced mobile app testing over the last few years. In other words, while the applications and platforms have seen tremendous technological advances (iPhone 4 bugs notwithstanding) the same cannot be said of mobile testing methodologies.

Case in point: The majority of mobile app developers remain overwhelmingly reliant on internal beta testing.

Here with proof is VisionMobile, who recently published a fascinating report on the growing mobile app ecosystem – a must-read for anyone involved in the space (developers, marketers, users, etc). From a QA point of view, the report further establishes that although testing innovations will ALWAYS trail those of development, the gap need not be so wide.

Here’s an excerpt that sums the whole thing up:

Internal beta testing is the most popular technique used by the vast majority (nearly 70 percent) of respondents, with beta testing with users and peer reviewing the next most popular techniques. Only 20 percent of respondents use focus groups or research of their own. Overall, North American developers are somewhat more sophisticated in their application planning, with 97 percent using beta testing as a standard part of application development and with broader use of a portfolio of planning techniques as well.

Yet, small development firms have limited means today to beta test and peer review their applications with a crosssection of representative users. Given the hundreds of thousands of mobile apps, we believe that efficient (crowd-sourced) testing of apps in a global market of users is considerably under-utilized. This presents an opportunity for the few solution providers in this segment – Mob4Hire and uTest.com, for example – but also for network operators, who can generate a channel for testing applications with end users, and provide an open feedback support system back to developers.

Other notable findings included:

Read more…

So maybe it wasn’t AT&T’s fault after all.

Apple recently revealed that there is a fundamental flaw in their method for calculating how many signal bars to display.  And we have the iPhone 4 (and its “learn to hold your phone the right way” fiasco) to thank for bringing this software snafu to light.

CNN Money shares the following details from Apple:

“Upon investigation, we were stunned to find that the formula we use to calculate how many bars of signal strength to display is totally wrong,” Apple wrote in a statement posted on its website. “Our formula, in many instances, mistakenly displays 2 more bars than it should for a given signal strength.”

That means, for example, that iPhones sometimes display four bars when they should be displaying two. Apple said users reporting a significant drop in bars when they hold their iPhone 4 are probably in an area of “very weak signal strength” but were unaware of that because the phone displayed four to five bars.

“Their big drop in bars is because their high bars were never real in the first place,” the company said.

Perhaps most surprising, Apple disclosed that the problem is not confined to the iPhone 4.  The faulty formula has been present in every iPhone model since the 2007 original.  Questions remain about whether the issue is strictly software-related, or if it also involved hardware problems.  However, Apple has said it will release a free software update in the next several weeks to fix the glitch. It will use a new formula recommended by AT&T.

“They want to know if the 91-shot Saturn Missile Battery really fires 91 shots,” writes Cory Matteson of the Lincoln Journal Star. “And, they want to know if 96,000 firecrackers in a pile the size of a bean bag chair will leave the lawn looking like burnt toast if they’re set off all at once.”

Much like software users, fireworks enthusiasts (like the guy in the picture) want a product that functions as expected; that works safely and without any unnecessary complications, regardless of the environment it is being used in. In short, they want a product that has been tested extensively before it was launched released.

So, seeing that it’s Forth of July weekend here in The States, I thought I would direct your attention to some testing fireworks – literally, in the form of this manual from the Consumer Product Safety Commission, and figuratively, in form of these recent (and provocative) software testing blog posts. Enjoy.

How Challenging Each Other Helps the Craft – James Bach
“Regular readers know that I’m dissatisfied with the state of the testing industry. It’s a shambles, and will continue to be as long as middle managers in big companies continue to be fat juicy targets for scam-artists (large tool vendors, consulting firms, and certain “professional” organizations) and well-meaning cargo cultists (such as those who think learning testing is the same as memorizing definitions of words and filling in templates).

What I can do about it is to develop my personal excellence, and associate myself with others who wish to do likewise. Someday, perhaps we will attain a critical mass. Perhaps the studious will inherit the Earth.”

The Heart of a Tester – Pradeep Soundararajan
“In 1954, when software testing was just about taking birth, there were two groups that started to form. I was as curious as you are right now, to know what those two groups stood for. One of the groups christened as, “Kuzusu”, had a thought that good testing would reduce the number of billable hours to deliver a good enough product and hence had to be avoided. The other group christened, “Shidachi”, stood for good testing that can save a lot of stakeholders time and money to deliver a good enough product. Things started getting hostile. People from the two groups tried killing each other.”

Read more…

Quality (pun intended ) software testing events are hard to find, but we’ve not only attended and spoken at some fantastic conferences around the world, but we’ve also simply asked around and received some great feedback in order to compile the Top Ten Testing Events.

Much like our Top 20 Software Testing Tweeps post, we need your help in letting us know if we’ve accidentally missed any good ones. Here they are in order of occurrence:

1. QUEST-Quality Engineered Software & Testing Conference (Apr 19-23, 2010: Dallas, TX)
2. Rapid Software Testing-By DevelopSense (Jul 5-7, 2010: Amsterdam, NL)
3. STANZ-Software Testing Australia/New Zealand (Aug 23-24: NZ & Aug 26-27: AU)
   
4. CAST-Conference of the Association for Software Testing (Aug 2-4, 2010: Grand Rapids, MI)
5. STAREAST (passed) & STARWEST-Software Testing Analysis & Review (Sept 26-Oct 1, 2010: San Diego, CA)
6. iqnite events-Next one in UK-formerly Software & Systems Quality (Oct 4, 2010: London, UK)
7. STPCon-Software Test Professionals Conference (Oct 19-21, 2010: Las Vegas, NV)
8. GTAC-Google Test Automation Conference (Oct 28-29, 2010: Hyderabad, India)
9. Expo: QA (Nov 16-18, 2010: Madrid, Spain)
10. EuroSTAR (Nov 29-Dec 2, 2010: Copenhagen, Denmark)

Have we omitted any noteworthy testing conferences you’ve recently attended? Please add your recommendations in the comments and they’ll be placed in the running to join the top events list. Maybe we can make this list a Top 15!

UPDATE: So far, some really great recommendations from our community include O’Reilly Velocity, Bangalore Workshop on Software Testing and VISTACON 2010 (the first Vietnam International Software Testing & Automation Conference).