RBCS Logo
Newsletter 
May 2008
In This Issue
E-Learning Courses
ISTQB Certified Tester Training
Other Public Courses
Seven Steps to Reducing Software Security Risks
May "Rexisms"
Transition Plan for the 2007 ISTQB Advanced Syllabus
QA Zone Interviews Rex Black
Foundations of Software Testing is Translated into Japanese
Managing the Testing Process, 3ed.
Red Cross Donations
Quick Links
 
cyx
 
Featured Partner 
 

 Cyx is a leading software development and testing consulting service provider. Cyx was founded by Masahiko Soh, in a Tokyo basement at 2000. Cyx has a strong expertise in consulting for testing and quality managementing system development, then it has extended its speciallity into requirements engineering, and total project management. Cyx is also distributing testing training programs based on RBCS's excellent training programs.

 


Today, Cyx is serving consulting services to world class clients which needs innovative improvement of their software developmet and testing capability including globally leading manufacturers which are developing embedded software and leading system development full outsourcers.

 
E-Learning Courses  
 
ISTQB Test Engineering Foundation 
US$ 999
 
ISTQB Advanced Test Analyst
US$ 999 *
 
Managing the Testing Process US$ 999
 
Software Test Estimation
US$ 499
 
Assessing Your Test Team
US$ 499
 
Coming soon...
 
ISTQB Advanced Test Manager
US$ 999
 
Each course includes three months of on-line access, notesets, exercises and either sample exam questions (for ISTQB course) or knowledge-check questions (for other courses). ISTQB courses are written against the latest ISTQB Foundation and Advanced syllabi released in 2007.  Prices shown are for asynchronous courses (pure e-learning).  Blended courses (with a facilitator) and custom training packages are also available. 
 
 
*Advanced Test Analyst has been submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation.
 
ISTQB Certified Tester Training    

June 23-26
Toronto, Canada
Test Engineering Foundation
 $2,000

July 22-25
San Francisco, CA
Test Engineering Foundation
$2,000

July 28-August 1
Toronto, Canada ISTQB Advanced Test Analyst *
$2,650
 

September 2-5, 2008
Austin, TX
Test Engineering Foundation
$2,000

 
September 9-12
Ottowa, Canada
Advanced Test Analyst*
$2,650
 
September  22-26
Las Vegas, NV
Advanced Test Analyst*
$2,650
 
September 29-October 3
NYC Area, New York
Advanced Test Manager**
$2,650
 
October 20-24
Toronto, Canada
Advanced Test Manager
$2,650
 
November 10-14
Washington DC
Advanced Test Manager**
$2,650
 
December 1-5
Ontario, CA
Advanced Test Manager**
$2,650
 
December 8-12
Atlanta, GA
Advanced Test Manager**
$2,650
 
 
 
*Advanced Test Analyst has been submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation.

**Advanced Test Manager course materials are complete and will be submitted submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation by June 15.
 
Other Public Courses
   
June 25-27
Dallas, TX
Managing the Testing Process  $2,500. 
 
September 22-24
Denver, CO
Performance Testing Immersion Workshop
$2,500
 
October 21-23
Austin, TX
Performance Testing Immersion Workshop
$2,500
 
 
Dear Reader,
 
Welcome to the May 2008 newsletter.  As you know, one of our main focus areas at RBCS is the application of the concepts of risk management to improving software quality.  With the rash of recent security-related incidents, a natural question to ask is, "Can the kind of risk-based testing techniques RBCS promotes work for me to improve software security?"  The answer is, "Yes, absolutely."  Security is a software quality attribute, just like functionality, performance, and usability.  While each quality attribute has its own unique test design techniques, the standard concepts of risk-based test analysis and risk-based test planning apply across the board. So, to help you extend your risk-based testing techniques into the realm of software security, we're featuring a recent article on the topic.  This article was originally published in SD Times, but is available here in an expanded form.

We also have, as usual, a featured partner.  However, in this case, we have some tantalizing news about this partner and upcoming offerings with them.  [Might want to work with Ken to add a detail or two here, if we're ready.]

Finally, speaking of risk-based testing, we are working with a major software vendor to help them implement risk-based testing and risk-based results reporting.  Our work with them will be the topic of two upcoming articles, co-authored by me and our client.  We're excited with the progress we're making with them, using our standard risk-based testing techniques.  I look forward to provide you with further details on this project in the July newsletter.

Regards,

Regards,
Rex Black, President
 

Seven Steps to Reducing Software Security Risks

by Rex Black

If you are a software developer, software development manager, or software quality assurance staff member, you probably know that developing secure software is no longer simply desirable-it's completely essential.
 

Some developers might assume that most security problems arise from the operating system or networking layers, well below the application code they are working on. However, recent figures for Web-based applications show that over three-quarters of security exploits arose from applications (see Table 1).
 

So, you know you need secure code, but how to get there? What are your security risks? What security failures and bugs do you have? What do these security risks, failures, and bugs mean? How can you reduce security risk in a way that doesn't create new problems? How do you monitor my progress over time? This article will outline seven steps that will allow you to answer these and other questions as you improve your software's security.
 

Exploited Vulnerability                   Percent Occurrence
Server Applications                        41%
Non-Server Applications                  36%
Operating System Issues               15%
Hardware Issues                            4%
Communication Protocol Issues       2%
Others                                          2%
Network and Protocol Stack Issues   1%
Encryption Issues                           0%

Table 1: Occurrence of Security Exploits by Vulnerability
 
You can read the rest of this article at in the RBCS Library.

If you're rushed for time, you can also read an summarized version of this article at SD Times Web site 

Want still more ideas on software security?  Take a look at this article by David Worthington of SD Times, where he talks to Rex and others about the hot topic of software security and what can be done about it.
 

 
May "Rexisms"
 
Some of you may have heard Rex's sayings over the years. We decided to coin them "Rexisms" for your reading pleasure. So here they are to ponder - some useful aphorisms to help you plan, prepare, perform, and perfect your testing activities, compiled from over a quarter-century of software and systems engineering experience.
 
"The most dangerous kind of bad idea is the one that sounds reasonable. Bad ideas that sound stupid stand little chance of implementation, but bad ideas that sound reasonable often carry the day, with disastrous results."

"The most recurring, pernicious, and corrosive testing mistake is overestimation of the percentage of test cases that will pass. Such false optimism is the root of the failure of many a carefully-considered test estimate, a thoroughly-vetted test plan, and a painstakingly-crafted test designs."

"Test documentation templates are great, except when they're not. They're great when they serve as a way to remind you of important considerations, questions, and decisions you must address in your test plans, test cases, test policies, and test reports. They're not great when you use them as an excuse to turn off your brain and fill in the blanks."

 
Transition Plan for the 2007 ISTQB Advanced Level Syllabus
 
On October 12, 2007 the ISTQB General Assembly released the new Advanced Level Syllabus.  Effective July 1, 2008, all Advanced Level exams will run against the new syllabus.  Visit the ASTQB website to view the new syllabus.
 

RBCS is working diligently to make the transition from the current syllabus to the new syllabus as seamless as possible. We will continue to offer the current Functional Testing Advanced Level course and prep guides until July 1, 2008 (exams will be offered by the ASTQB until October 15, 2008.)  On July 1, 2008 the Functional Testing Advanced Level course will be replaced by ISTQB Advanced Level Test Analyst.  Likewise, we will continue to offer the current Test Management Advanced Level course and prep guides until July 1, 2008.  On July 1, 2008 the current Test Management Advanced Level course will be replaced by an updated version commensurate with the new syllabus.
 

For additional information, download the ISTQB Advanced 2007 Release Plan.
QA Zone Interviews Rex Black On Risk Based Testing
 
If you've been following this newsletter for a while, or if you've read any of Rex Black's books, you know that RBCS is a pioneer and a leader in risk-based testing. We've been developing ways to do risk-based testing and showing them to our clients since 1995. RBCS is currently working with a major client to help them implementing risk-based testing, and that work will be the subject of a major case study article to be published this fall. In the meantime, you might want to read this interview of Rex Black, where he discussed risk-based testing, test automation, ISTQB certification, and the skills required to be a good software tester. See the entire article today!
 Foundations of Software Testing is translated into Japanese 
 
Foundations of Software Testing: ISTQB Certification, your essential guide to software testing and the ISTQB Foundation qualification, is currently being translated into Japanese!
 
Managing the Testing Process, 3ed. 
 
Rex's first book, *Managing the Testing Process*, has proven a real hit in the decade since its initial publication, with around 30,000 copies, including Indian, Japanese, and Chinese editions.  Now, just in time for the ten-year anniversary of its initial publication in July 1999, Rex has embarked on work on a third edition, due to hit the shelves around July 2009.  The third edition will update the existing material and add new material on improving your testing processes, understanding the testing business case, writing more effective test plans, creating more accurate test estimates, communicating your test results in a way that really effects change, and more.

Rex said, "I've been very gratified over the last decade at the response to this book and the training course we derived from it.  With feedback from the thousands of course attendees, another half-dozen years of experience under my belt, and an even broader geographical, industry, and organizational range to our consultancy, I expect to be able to make the third edition and even more useful, comprehensive, and comprehensible resource for test managers around the world."
 
 
red cross 
Remembering our Fellow Countrymen and International Neighbors
 
 
As we celebrate our successes, we are reminded everyday of the tragedies that have recently fallen upon the victims of the Myanmar cyclone, the tornadoes in the Midwest and Southest, and the catastrophic earthquake in China.  We have personally been touched by these events by several dgrees of separation.  This is not the case for some of our colleagues and associates.  Please take a moment to help those affected by these crisis.