{"id":295,"date":"2011-04-13T14:59:16","date_gmt":"2011-04-13T21:59:16","guid":{"rendered":"http:\/\/angryweasel.com\/blog\/?p=295"},"modified":"2011-04-13T14:59:16","modified_gmt":"2011-04-13T21:59:16","slug":"ensuring-software-qualitymaybe","status":"publish","type":"post","link":"https:\/\/angryweasel.com\/blog\/ensuring-software-qualitymaybe\/","title":{"rendered":"&ldquo;Ensuring Software Quality&rdquo;&hellip;maybe"},"content":{"rendered":"<p>I ranted a bit on twitter last week about <a href=\"http:\/\/www.itmpi.org\/assets\/base\/images\/itmpi\/privaterooms\/capersjones\/Chapter5TestOrg.pdf\">this book excerpt<\/a> from Capers Jones. I&#8217;ve always had respect for Jones&#8217;s work (and still do), but some of the statements in this writing grated on me a bit. This could be (and is likely) because of how I came across the article (more on that somewhere below), but I thought I\u2019d try to see if I could share my thoughts in more than 140 characters.<\/p>\n<p>Jones starts out this chapter by saying that testing isn&#8217;t enough, and that code inspections, static analysis, and other defect prevention techniques are necessary &#8211; all points I agree with completely. His comments on test organizations (&quot;<em>there is no standard way of testing software applications in 2009<\/em>&quot;) are certainly true &#8211; although I personally think it&#8217;s fine \u2013 or even good, that testing isn&#8217;t standard, and would hope that testing organizations can adapt to the software under test, customer segment, and market opportunity as appropriate.<\/p>\n<p>Jones writes, &quot;<em>It is an unfortunate fact that most forms of testing are not very efficient, and find only about 25% to 40% of the bugs that are actually present<\/em>&quot;. If all bugs were equal, I would put more weight on this statistic &#8211; but bugs come in a variety of flavors (far more than the severity levels we typically add in our bug tracking systems). I have no reason to doubt the numbers, and seem consistent with my own observations &#8211; which is why I am a big believer in the portfolio theory of test design (the more ideas you have and the better you can use them where they&#8217;re needed, the better testing you will do). I believe that with a large variety of test design ideas, that this statistic can be improved immensely.<\/p>\n<p>As I re-read the excerpt sentence by sentence, there are few points that I can call out as completely wrong &#8211; but there are several themes that still don&#8217;t sit well with me. They include:<\/p>\n<ul>\n<li>The notion that defect removal == quality. Although Jones calls out several non-functional testing roles, he seems (to me) to equate software quality solely with defect removal. Quality software is much more than being free of defects &#8211; in fact, I am sure I could write a defect free program that nobody would find any value in. Without that value, is it really quality software?<\/li>\n<li>Jones talks about TDD as a testing activity, where I see it more of a software design activity. But more importantly, TDD primarily finds functional bugs at a very granular level. His claims that defect removal from TDD can top 85% may be true, but only for a specific class of bugs. If the design is wrong in the first place, or if the contracts aren&#8217;t understood well enough, a &quot;<em>defect<\/em> free&quot; TDD unit can still have plenty of <em>bugs<\/em>.<\/li>\n<li>Jones claims that, &quot;<em>Testing can also be outsourced, although as of 2009 this       <br \/>activity is not common<\/em>.&quot; I don&#8217;t have data to prove this wrong, but anecdotally, I saw a LOT of test outsourcing going on in 2009.<\/li>\n<\/ul>\n<p>&#160;<\/p>\n<p>I found this article while searching for the source of this quote (attributed to Capers Jones <a href=\"http:\/\/blog.castsoftware.com\/non-risky-business-using-static-analysis-to-ensure-software-quality\/\">here<\/a>).<\/p>\n<blockquote>\n<p>\u201cAs a result (of static analysis), when testing starts there are so few bugs present that testing schedules drop by perhaps 50%.\u201d<\/p>\n<\/blockquote>\n<p>I&#8217;m a huge fan (and user) of static analysis, but this quote &#8211; which I hope is out of context, bugs the crap out of me. We do (and have done) a lot of static analysis on my teams at Microsoft, and we find and fix a huge number of bugs found by our SA tools &#8211; but in no way does it drop our testing schedule by 50% \u2013 or even a fraction of that. I worry that there&#8217;s a pointy haired boss somewhere that will read that quote and think he&#8217;s going to get a zillion dollar bonus if he can get static analysis tools run on his team\u2019s code base. Static analysis is just one tool in a big testing toolbox, and something every software team should probably use. SA will save you time by finding some types of bugs early, but don&#8217;t expect SA to suck in source code on one end and spit out a &quot;quality program&quot; on the other end.<\/p>\n<p>There are plenty of things I agree with in the Jones book excerpt. The comments on productivity and metrics are on the money, and I think the article is worth reading for anyone involved in testing and quality. It&#8217;s likely that my perception of the paper was skewed by the quote I found on the CAST software site, and hope that anyone reading the article for the first time reads it with an open mind and forms their own opinions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I ranted a bit on twitter last week about this book excerpt from Capers Jones. I&#8217;ve always had respect for Jones&#8217;s work (and still do), but some of the statements in this writing grated on me a bit. This could be (and is likely) because of how I came across the article (more on that&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[1],"tags":[],"class_list":["post-295","post","type-post","status-publish","format-standard","hentry","category-allposts"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/posts\/295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":0,"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"wp:attachment":[{"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/angryweasel.com\/blog\/wp-json\/wp\/v2\/tags?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}