News from the World of Software Development – September 2017

With autumn now upon us, it becomes time to train our eyes towards the latest software industry news to see if any interesting stories provide meaningful insights on how your team builds applications. If you want to check out last month’s stories, simply click on the following link. Stories on the use of AI to improve continuous delivery, and a new DevOps metrics tool await you.

CCleaner Malware Attack places renewed Onus on “Cybersecure” Development

One of the last month’s biggest stories in the technology world involved the malware attack on CCleaner, a cybersecurity application from Avast, one of the most well known anti-virus companies in the industry. Hackers were able to infect the development team at Avast, interjecting malware into versions of the deployed application – both CCleaner and CCleaner Cloud.

Ultimately, the over two-million users who installed the application on their own systems effectively provided cyber criminals with a gateway into their computer. End-users feeling they are taking the right steps to protect their desktops ended up getting burned by a cybersecurity company unknowingly serving as the middleman for hackers. News and analysis of this insidious cyber attack was published on eWEEK, as well as many other sources.    

Avast acquired the original developer for CCleaner – Piriform – in July. The attack took place some time in August, with all versions of the application installed from August 15 to September 12 affected by the malware. Since the CCleaner install had a legitimate digital signature from a respected antivirus company, effectively all users installed the program unaware of the hacked code within.

The places the onus on software engineering teams to secure all computers and digital signatures involved in the development process, a point echoed by Craig Williams, a senior technical lead with Cisco. “The fact of the matter is, when it comes down to supply chain attacks, if the attacker is in your build system already, you’ve lost. Once the attacker has all the certificates and all the keys and all the passwords, there is not a lot you can do,” said Williams.

Artificial Intelligence changing Software Quality Assurance

AI continues to influence many aspects of the software engineering process, so it isn’t surprising quality assurance is also taking advantage of machine learning routines to improve its efficacy. A variety of companies specializing in QA services – Infostretch, Appdiff, and dinCloud – are now including AI-based functionality in some of their testing products. News about the inroads artificial intelligence is making in the QA world was published this month in Tech Target

Infostretch’s new service is called Predictive and Prescriptive QA. It relies on data analysis and machine learning to quickly give software testers the information they need to find defects. The other two companies’ products essentially are testing bots aimed at software development organizations already taking advantage of automated QA as part of their DevOps implementation.

The introduction of AI and robotic testers doesn’t mean QA engineer jobs are at risk. Instead, these tools only help them become more productive and ultimately better at finding software defects.   

Keep returning to the Betica Blog for additional news and insights from the world of software development and QA. As always, thanks for reading!

Improving the QA Process at an Agile Office

Companies of all sizes continue to embrace the Agile methodology with the hopes of making their software development process more efficient and subsequently more productive. Agile emphasizes collaboration and communication and it is able to react to changes better than older methodologies, like the Waterfall. It is a perfect match for today’s fast-paced, competitive business world.

A faster software engineering process, however, doesn’t mean companies should forego testing and quality assurance. Unfortunately, it seems businesses are struggling with software QA within an Agile framework, according to a recent survey of development shops. Let’s take a closer look at the study’s findings with the hopes of improving the QA role at Agile shops.

Testing Tool Provider, Zephyr, looks at QA in the Business World

Zephyr, a company making applications to support software testing, annually releases a study focused the QA role within the business community. Called “How the World Tests,” it is available as a free download from their website. Managers in the software development and QA role need to check out the full study with its findings and predictions for the coming year.

Hamesh Chawla, vice president of engineering at Zephyr, commented on the purpose of their study. “‘How the World Tests’ allows the entire testing community to examine our progress over the last year. IT teams want to speed up deployment of new software to meet demand. Companies should increase employee education investments in order to fine-tune the most efficient automated tests that work for any software they develop,” said Chawla.

Quality assurance remains a vital part of the SDLC no matter the choice of methodology. Even so, we are going to focus on one area within the survey — the difficulties Agile shops are experiencing with QA on software projects. SD Times also covered this topic in a recent article.

The Major Problems of Software Testing and Agile

The Zephyr study noted three major problems development teams were experiencing when it comes to testing with Agile. They are the lack of automation tools, constantly changing requirements, and not enough time for thorough testing. Companies understand automation is important in helping QA keep up with the rapid pace of an Agile project, but only 45 percent of the survey respondents felt their organization had the competency to employ automated testing.

Chawla feels companies need to invest in automation tools and the training to leverage them properly within the Agile process. Of course, he works at a testing tool company, but that fact doesn’t lessen the impact of his statement. Software development teams also use other recent innovations, like containers and virtualization, to make the overall process faster.

Businesses also need to invest more dollars in employee development to ensure a better understanding of Agile and everyone’s role within the framework. Involving QA personnel at every step of the SDLC is also important – a traditional complaint of software testers for decades. The reengineering of testing processes to better fit within the Agile structure is another key point of improvement from the survey.

Ultimately, organizations need to understand that Agile doesn’t just mean “faster.” A well-considered process that properly includes the QA role is a requirement to ensure successful product delivery.

When you need additional insights on the world of software development, you know where to turn: The Betica Blog. As always, thanks for reading!

News from the World of Software Development – February 2017

This fresh edition of the Betica Blog news digest contains a few interesting stories from an endlessly fascinating software development world. If interested, here is a link to last month’s article. Use these insights and ideas at your own shop to stay on the forefront of an ever-changing industry.

Developers and QA Engineers on the Frontlines of the Battle for Cybersecurity

Earlier this month, CIO Magazine reported on how software engineers and QA personnel can improve their efforts to prevent cybercriminals and other nefarious agents from hacking their systems and technical infrastructure. This battle is especially fierce considering the growing number of devices connected to the Web because of the Internet of Things (IoT) and mobile technology. Stronger coding practices and more thorough software testing are key factors in protecting applications.

Chris Wysopal, co-founder and CTO of the software security firm, Veracode, commented on the importance of stronger code and testing when considering cybersecurity. “In today’s technology environment, application security testing for vulnerabilities and flaws in software code should be a security best practice, regardless of an organization’s size or industry,” said Wysopal. Unfortunately, a survey by his company reported 83 percent of the respondents deployed code without a full vetting of the underlying application security.

The article noted companies must require developers to perform code reviews focused on security. Additionally, state of the art QA techniques, like static and dynamic application testing as well as white hat testing are needed to ensure an application is sufficiently protected before it’s released into production. While automated testing tools help somewhat, humans also need to be involved to assure the highest possible level of security.

CIO reported that the Open Web Application Security Project (OWASP) provides a valuable resource for companies looking to improve their cybersecurity efforts. It offers practical information on the best practices for ensuring an application’s code is safe. Ultimately, this freely-available information is vital for winning the war against hackers and other cybercriminals, especially concerning the current shortage of application security talent in the IT industry.

Is “Low-Code” the Next Wave in Software Development?

The problems discovered when forced to maintain and enhance legacy applications has led to a new paradigm focused on using tools that assemble pre-written functionality into a complete application. In a sense, this is a streamlined and highly-automated take on the current microservices trend in the industry. SiliconANGLE discussed low-code software development in a February article.

The app used by the ride-sharing service, Uber, is a highly public example of an application developed using low-code techniques. It pieces together functionality from a variety of sources, including Box Inc.’s Cloud storage, Google Inc.’s Maps, payment services from Braintree, Twilio for messaging, and SendGrid’s email services. Many pundits feel the flexibility offered by the low-code model suits today’s competitive business era better than traditional application coding techniques.

The industry research analyst group, Forrester, predicts the low-code software market will grow to over $10 billion over the next two years. “The market for these [low-code] platforms is growing fast, but selecting a platform that actually delivers without creating a [fourth-generation programming language]-like orphan in the software portfolio isn’t easy’” said Forrester. Obviously, this makes it a trend worth watching at your software development shop.

Keep coming back to the Betica Blog for additional news and information on the expanding software development universe. Thanks for reading!