Sunday, 21 July 2013

SDLC in Software QA

Shortcuts in testing often increase the long-term
costs of a system implementation.
When schedules start to slip, testing is usually one
of the first activities to get squeezed. But more often
than not, shortcuts in testing end up costing more
time and money than they save.
Organisations should avoid sacrificing testing plans
and timelines to compensate for development
delays, budget overruns, and accelerated release
deadlines. Before making the decision to eliminate or
overlap test phases, carefully consider the potential
impact on quality and risk.
Releasing a system that has not been fully
validated can cause major problems and endanger
the operation
Users may lose confidence in the finished product,
creating a significant barrier to change
Overlapping test phases can lead to duplication of
effort and inefficient use of resources
These risks may jeopardise the project and increase
the overall cost and timeline. Our experience
suggests that effective testing should account for
20–25 percent of the total development effort.
Anything less and you may be exposing yourself to
inordinate risk.
If the decision is made to eliminate or overlap certain
testing activities, be sure there are clear requirements
for moving from one phase to the next. When
scaling back on testing, this rigorous approach is
more important
than ever.
Steve McConnell, Software Project Survival Guide
Checklist
Are you allocating enough time for testing,
or does testing often seem rushed and out
of control?
Are you doing enough testing to mitigate
risk, or is testing often sacrificed due to
time and budget pressure?
Are 90 percent of yoursoftware defects
caught prior to going live, or do many not
show up until the system is in production?
“The problem with quick
and dirty projects... is
that the dirty remains
long after the quick is
forgotten.”
Myth 6
Overlapping test phases saves
time.10
Reality
Security needs to be an integrated process
throughout the development and testing lifecycles.
In the past, security was often confined to an
afterthought of the development and testing
process. The result of this was that organisations
faced much greater costs to address issues identified
so late in the process.
Integration of security activities throughout the
system’s development process enables timely, riskbased identification, and remediation of security
vulnerabilities throughout the lifecycle. In this way,
our experience shows us that the critical security
assessment activities prior to going live, such
as penetration testing, can be more effective in
providing a final assurance step rather than being
the first time security vulnerabilities are identified.
Key security activities that should typically be
incorporated into the lifecycle include security
requirements definition and analysis, security
architecture review, secure code review, and
application penetration testing. Integration of these
activities into an organisation’s standard software
development lifecycle (SDLC) processes enables the
organisation to understand the application’s risk
posture while also identifying and mitigating risks.
The result of adopting such an integrated approach
is that vulnerability management costs are reduced,
along with the likelihood of successful attacks.
Furthermore, application quality/productivity and
regulatory compliance efforts are improved.
When security is built into the
SDLC, the results will be...
User A

No comments:

Post a Comment