So you want to implement Quality Assurance… or should it be Quality Control?

By Bill Ferrarini, Senior Quality Assurance Analyst at SunGard Public Sector, and CISQ Member   Most companies will use these terms interchangeably, but the truth is Quality Assurance is a preventative method while Quality Control is an Identifier.   Don’t go shooting the messenger on this one, I know that each and every one of us has a different point of view when it comes to quality. The truth of the matter is we all have the same goal, but defining how we get there is the difficult part.   Let’s take a look at the different definitions taken from ASQ.org.   Quality Assurance Quality Control The planned and systematic activities implemented in a quality system so that quality requirements for a product or service will be fulfilled. The observation techniques and activities used to fulfill requirements for quality. Quality Assurance is a failure prevention system that predicts almost everything about product safety, quality standards and legality that could possibly go wrong, and then takes steps to control and prevent flawed products or … Continue reading

Wall St. Journal Cyber Attack Highlights Need for Security

Last week a hacker known as “w0rm” attacked the Wall St. Journal website. W0rm is a hacker (or group of hackers) known to infiltrate news websites, post screenshots on Twitter as evidence, and solicit the sale of database information and credentials. Information stolen from the site would let someone “modify articles, add new content, insert malicious content in any page, add new users, delete users and so on,” said Andrew Komarov, chief executive of IntelCrawler, who brought the hack to the attention of the Journal.   See “WSJ Takes Some Computer Systems Offline After Cyber Intrusion.”   Security is a major issue that’s highlighted by the rising number of multi-million dollar computer outages and security breaches in the news today. The breach of the Wall St. Journal website was the result of a SQL injection into a vulnerable web graphics system. Since the 1990’s the IT community has been talking about SQL injections (which are relatively simple to prevent) yet input validation issues still represent the significant majority of web … Continue reading

The Aging IT Procurement Processes of the Pentagon

About 2 months ago a blog article was written for the NDIA, exposing the difficulties of buying new IT systems by the Defense Department. Pentagon acquisitions chief Frank Kendall was on the hot seat during an April 30th hearing. Senate Armed Services Committee Chairman Carl Levin, D-Mich., said that the track record for procurement has been “abysmal.” Sen. Claire McCaskill, D-Mo., angrily said “You’re terrible at it, just terrible at it.”   Yet the Pentagon requested $30.3 billion for unclassified IT programs in fiscal year 2015 (a drop of $1 billion, or 3.3 percent, from fiscal 2014). So what are the issues? Well, one of them points to the complex approval process. “I think we’re imposing too much burden on people and we’re micromanaging,” said Kendall. “We have a tendency in the department, I think, to try to force the business systems that we acquire to do things the way we’ve historically done business.” And there is little incentive to change.   David Ahearn, a partner at BluestoneLogic, wrote in … Continue reading

What Software Developers Can Learn From the Latest Car Recalls

By Sam Malek, CTO / Co-Founder of Transvive Inc., and CISQ Member   If you have been following the news these days, you probably heard about the recall of some General Motors cars because of an ignition switch issue. It is estimated to be 2.6 million cars (1) and will cost around $400 million (2), which is roughly $166 per vehicle. This price is significantly expensive for a 57 cent part that could have been easily replaced on the assembly line.   As we enter the third wave of the industrial revolution (Toffler), where information technology is starting to dominate major parts of everyday life, software is becoming a critical component of day-to-day activities: from the coffee machine that might be running a small piece of code to the control unit that governs vehicles, and everything else in between.    However, these days with the overflow of news about applications that have made millions – even billions – of dollars for their developers, the stories we hear about the development … Continue reading

A Compounded Comedy of Software Errors Underpin the Latest Healthcare Signup Glitch

Last week, an article from IEEE SPECTRUM outlined the latest set of issues related to the Obamacare Affordable Care Act (ACA): hundreds of thousands of California Medi-Cal health insurance applications can’t seem to get past the approval finish line and significantly delay the start of healthcare coverage for over 900,000 Californians.   Several issues are to blame for this, and continue a string of problems for this site since its go-live date back in October 2013:   The health insurance exchange website and infrastructure did not expect over 3.2 million residents to enroll for Medi-Cal health insurance coverage – more than 2.5 times the original estimate. The state-run Covered California exchange computer system was supposed to integrate with the 58 individual county social services computer systems by October 1, 2013, so that an applicant’s eligibility could be corroborated and the county managed care plan the applicant selected could be confirmed. However, this functionality wasn’t fully operational until January 21, 2014. Since the state is expected to take no longer than … Continue reading

Productivity Challenges in Outsourcing Contacts

By Sridevi Devathi, HCL Estimation Center of Excellence, and CISQ Member   In an ever competitive market, year-on-year productivity gains and output-based pricing models are standard ‘asks’ in most outsourcing engagements. Mature and accurate SIZING is the KEY in order to address the same!   It is essential that the below stated challenges are clearly understood and addressed in outsourcing contracts for successful implementation.   Challenge 1 – NATURE OF WORK All IT Services provided by IT vendors are NOT measurable using the ISO certified Functional Sizing Measures like IFPUG FP, NESMA FP or COSMIC FP (referred as Function Points hereafter). While pure Application development and Large Application enhancement projects are taken care of by Function Points, there are no industry standard SIZING methods for projects/work units that are purely technology driven, like the following: Pure technical projects like data migration, technical upgrades (e.g. VB version x.1 to VB version x.2) Performance fine tuning and other non-functional projects Small fixes in business logic, configuration to enable a business functionality Pure … Continue reading

CISQ Seminar – Software Quality in Federal Acquisitions

CISQ hosted its latest Seminar at the HYATT Reston Town Center in Reston, VA, USA. The topic for this installment was “Software Quality in Federal Acquisitions”, and included the following speakers:   David Herron, David Consulting Group Robert Martin, Project Lead, Common Weakness Enumeration, MITRE Corp. John Keane, Military Health Systems Dr. Bill Curtis, Director, CISQ John Weiler, CIO Interop. Clearinghouse Joe Jarzombek, Director for Software & Supply Chain Assurance, DHS Dr. William Nichols, Software Engineering Institute   Over 75 senior leaders from public and private sector organizations such as BSAF, MITRE, US Department of Defense, Northrop Grumman, NSA, Fannie Mae, US Army, and NIST were in attendance listening to presentations, engaging in discussions, and networking with peers.   Dr. Curtis began the day by discussing the recent changes in the regulatory environment at the Federal level, especially as they relate to software risk prevention. Kevin Jackson (IT-AAC) stressed how innovation cannot be adopted if it cannot be measured.   Mr. Herron introduced the uses of productivity analysis and Function … Continue reading

Open Source is Not Immune to Software Quality Problems

The Heartbleed Bug reinforces the need to monitor the quality of open source software   OpenSSL came under fire this past week through the now infamous Heartbleed bug.   This open source encryption software is used by over 500,000 websites, including Google, Facebook, and Yahoo to protect their customers’ valuable information. While generally a solid program, OpenSSL harbors a security vulnerability that allows hackers to access the memory of data servers and potentially steal a server’s digital keys that are used to encrypt communications, thus gaining access to an organization’s internal documents.   Technically-known as CVE-2014-0160, the Heartbleed bug allows hackers to access up to 64 kilobytes of memory during any one attack and provides the ability for repeat attacks. Faulty code within OpenSSL is responsible for the vulnerability and – as an open source project – it’s hard to pinpoint who is responsible much less scrutinize all the complex code created for the SSL project to find such a minute vulnerability.   While I’m definitely not knocking open-source projects … Continue reading

Software Quality beyond Application Boundaries

  The retail security crisis continues…   A recent Wall Street Journal article exposed potential issues with Bitcoin’s transaction network. This left Tokyo-based Mt. Gox exchange and Gavin Andresen, Chief Scientist at the Bitcoin Foundation, pointing fingers at each other.   So far the retail industry has felt the pain of sophisticated hackers stealing sensitive information:   Target Corp. – The latest news suggests that the breach started with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer Nieman Marcus – 1.1 million debit and credit cards used at its stores may have been compromised Michaels – investigating a possible security breach on its payment card network   According to a Business Insider article, smaller breaches on at least three other well-known U.S. retailers also took place during the U.S. holiday shopping season last year and were conducted using similar techniques as the one on Target. Those breaches have yet to come to light in the mainstream media.   Memory-scraping … Continue reading

Startups Need Software Quality Too

Last week Phil Libin, the CEO of Evernote, wrote an honest blog article titled “On Software Quality and Building a Better Evernote in 2014.” It was in response to an initial blog article by Jason Kinkaid which criticized Evernote for a decline in quality over the last few months. In the response, Lubin accepted the criticism well and publically vowed changes to their software in 2014. Lubin explained how, as a startup, the focus on growing fast had the unfortunate side effect of introducing more bugs and ultimately affecting quality and user experience. He discussed how constant improvement is key, trading the rush of releasing new product versions for more thorough testing, how software quality must be engrained in culture, and that quality improvements need to be shown rather than just discussed.   This story brings to light the importance of software quality, not just with updated tools for testing and measurement but to also empower the culture of an organization to always focus on software quality and customer experience. … Continue reading