Fifteen Tips for Speeding up Your Project
Johanna Rothman, Rothman Consulting Group, Inc.

Faster is better for software projects—if and only if all the right elements are in place and ready to go. Sometimes your organization is in a sweet spot—that period of time when your project should start immediately. Other times, it’s better to wait. Join Johanna Rothman to discover how to decide whether your project is ready to go, including how to help your managers define the project portfolio to see where your project fits in and how it supports your organization’s goals. Johanna discusses fifteen ways to measure and steer projects to help you get to the end faster. Learn about rolling wave scheduling, continuous integration, time-boxing, and much more. In this interactive session, you’ll discuss the meaning of “done” so you can help the team finish a project sooner and avoid having it drag on. Although you don’t have to use all of the tips, the more you use, the faster your project will run.

Your Attention Please: Concentration is a Learnable Skill
Lee Devin, Swarthmore College

With the possible exception of the fakir walking barefoot on a bed of nails, no one can focus attention on a single object for more than about fifteen seconds. There’s a practice, though, that anyone can learn to accommodate this fact and go on to solve vexing problems quickly and creatively. Lee Devin borrows from the skills that actors develop to direct their attention so their mind and body behave as if the imaginary world they've created is real. Similarly, when you watch a good movie or read a great novel, you direct your attention with single-minded intensity. Using theatre exercises, Lee introduces you to the techniques of warm-up and the skills of concentration. Although simple, they're by no means easy. Learn and practice these mind-bending exercises and take away a powerful tool that can increase your concentration both at work and in your personal life.

Continuous Integration: The Cornerstone of a Great Shop
Jared Richardson, 6th Sense Analytics

Jared Richardson believes that of all the development practices being promoted today the best single practice is continuous integration. It's a simple concept—you run a software program that monitors your source code in an automated version control system. When anything changes, your code is automatically checked out, re-built, and all the automated tests are re-run. Continuous integration gives you an early warning if anything in the most recent changes broke the software. Continuous integration forces you to use 100 percent source code management and demands a solid, automated build script. It provides a framework for your automated tests to grow, live, and thrive. Continuous integration becomes a new “team member” who keeps a constant eye on your code and provides the reminders you need to keep the product solid and your team on track. Join Jared to learn the steps to introduce continuous integration into your shop and how to set it up yourself.

The Uncertainty Surrounding the Cone of Uncertainty
Todd Little, Landmark Graphics

Barry Boehm first defined the “Cone of Uncertainty” of software estimation more than twenty-five years ago. The fundamental aspect of the cone is quite intuitive—that project uncertainty decreases as you discover more during the project. Todd Little takes an in-depth look into some of the dynamics of software estimation and questions some of the more common interpretations of the meaning of the “cone.” Todd presents surprising data from more than one hundred “for market” software projects developed by a market-leading software company. He compares their data with other published industry data. Discover the patterns of software estimation accuracy Todd found, some of which go against common industry beliefs. Understanding the bounds of uncertainty and patterns from past projects help us plan for and manage the uncertainties we are sure to encounter. Take back a collection of measures and metrics you can use to track and analyze uncertainty in your current and next project.

A Toolkit for Assessing SOA Readiness
Jerry Smith, Symphony Services

Before charging “full speed ahead” into the land of service-oriented architecture (SOA), you need help to ensure success and mitigate the risks inherent in such major systems changes. Jerry Smith provides proven tools for assessing SOA readiness and outlines the essential steps to implementing SOA. Jerry presents reference SOA architectures that demonstrate solid standards and specifications to compare with your implementation plans. He introduces an SOA Maturity Model to help you understand your current organizational and technological state. The SOA Maturity Model is a communications tool that outlines how the organization’s SOA implementation will evolve along both business and technical lines. Jerry outlines the various stages the model entails and how to apply it so that technical and organizational changes are easily coordinated across the enterprise. With this new toolkit in hand, you can deliver a clear action plan to drive the improvements only SOA makes possible.

Beyond the Mission Statement: How Values Drive Behavior
Michele Sliger, Sliger Consulting

Companies often invest a lot of time and money into defining their mission statement, expecting it to drive employee behavior toward the stated purpose. Unfortunately this is a myth. Instead it is values that drive behavior, and corporate values are often not part of the mission statement. We’ll look at what other companies have posted as their mission statement and their values and how that has affected their business. We’ll walk through a common example of how a mission statement without values can lead to project failures. You’ll find out how to determine what your company values and how to compare that to what you value—and what to do if they are different. Most importantly, learn how to apply what you’ve learned in your own situation. See how to define values at the team level, a must in order to ensure effective working relationships and that the right actions are taken by everyone to achieve project goals. You’ll learn visioning exercises that you can conduct with your team, and on your own—so you can better understand what you personally value, how that guides your behavior, and what you plan to do about it.

The Leadership Imperative: Creating a Culture of Trust
Pollyanna Pixton, Accelinnova

In our personal and business lives, many of us know leaders who successfully foster environments of incredible creativity, innovation, and ideas—while other leaders try but fail. So, how do the top leaders get it right? Going beyond the basics, Pollyanna Pixton explores with you the ways that the best leaders create “safety nets” that allow people to discover and try new possibilities, fail early, and correct faster. Removing fear and engendering trust make the team and organization more creative and productive as they spend less energy protecting themselves and the status quo. Pollyanna shares the tools you, as a leader, need to develop open environments based on trust—the first step in collaboration across the enterprise. Learn to step forward and do the right thing without breaking trust. Find out when and how to acknowledge and reward trust in your team and organization.

The Impact of Poor Estimating and How to Fix It
Mitch Lacey, Ascentium

Running Scrum by-the-book for three months, the team was continually failing to meet its delivery commitments. As a result, trust between the business managers and the team degraded almost to a point-of-no-return. Even holding bi-weekly retrospectives, the team could not pinpoint the problems causing their inability to release iterations on time. Mitch Lacey was asked to assist the team in finding the root causes of the problems. He analyzed multiple aspects of the project—from individual work items to planning meetings. Multiple issues were identified, but one thing stood out above all others—the estimation process they used had caused the team to miss its deadlines again and again. Mitch discusses the estimation problems the team was having, how they were fixed, and the resulting improvements in customer satisfaction value delivered. He presents new concepts, ideas, and techniques to help you improve your estimating practices and outlines the benefits of employing collaboration tools in the process.

Function Point Analysis: A Quick and Easy Primer
David Garmus, The David Consulting Group
David Herron, The David Consulting Group

The function point metric is used by many organizations worldwide to more accurately size systems. Knowing the size of a system allows developers to better meet customer demands of functionality within time and budget and communicate about these issues with the system “owners.” Based on the latest version of the International Function Point Users Group (IFPUG) Counting Practices Manual, David Garmus and David Herron provide a detailed explanation of the rules engineers must follow to accurately count function points. Join them to learn the value and use of function points within an overall software measurement program and the basics of how and when to use function point analysis (FPA). Examine real-world examples of software to see how to identify the different functional components according the IFPUG’s FPA standards. To assist them in applying IFPUG rules for counting function points, all participants will receive a Certified Reference Card.

SOA Testing Challenges and Proven Practices
Guruprasad Gopalakrishnan, Wipro Technologies

The best thing about Service Oriented Architecture (SOA) is its flexibility—a heterogeneous computing environment in which different services and service providers can use different technologies; loose coupling of components to allow any application to make use of service capabilities; and ad-hoc integration of applications within and across organizations. However, from a tester’s perspective, these very advantages make the testing of Web services and SOA-based applications highly complex. Testing Web services through the front-end of applications is usually ineffective. Tracking defects to their source is difficult because of the layered application designs. Instead, you must design and execute mostly non-functional tests for compliance to standards, interoperability, security, reliability, and performance. Join Guruprasad Gopalakrishnan to find out about the challenges inherent in SOA testing, discover the tools available to help you in your quest, and go home with a “tested” approach you can use to optimally confirm SOA operations.

Automating Security Testing with cUrl and Perl
Paco Hope, Cigital

Although all teams want to test their applications for security, our plates are already full with functional tests. What if we could automate those security tests? Fortunately, most Web-based and desktop applications submit readily to automated testing. Paco Hope explores two flexible, powerful, and totally free tools that can help to automate security tests. cUrl is a free program that issues automatic basic Web requests; Perl is a well-known programming language ideally suited for writing test scripts. Paco demonstrates the basics of automating tests using both tools and then explores some of the more complicated concerns that arise during automation—authentication, session state, and parsing responses. He then illustrates simulated malicious inputs and the resulting outputs that show whether the software has embedded security problems. The techniques demonstrated in this session apply equally well to all Web platforms and all desktop operating systems. You'll leave with an understanding of the basics and a long list of resources you can reference to learn more about Web security test automation.
 

Real Software QA
Linda Westfall, The Westfall Team

With the ever-increasing demand for software products, it is imperative for organizations to move away from trying to “test in” software quality and move toward adopting a comprehensive, total-life cycle software quality management approach. Such an approach is the basis of real software quality assurance (QA)—all the planned and systematic actions necessary to provide confidence that a system will perform satisfactorily in production. In contrast to software quality control (QC), which consists of detection activities such as testing that are product focused, software QA is process focused. Software QA includes defining, establishing, and monitoring the control practices that ensure policies, systems, and processes are effective and efficient across the entire software development life cycle. Linda Westfall focuses on defining the elements and techniques of a comprehensive software QA program. Her goal is to help you identify gaps and process improvement opportunities in your organization’s software QA activities.
 

Maximizing ROI on New Technology Acquisition
Chris Ronak, Agile Thinking Inc.

IT departments and software technologists must invariably navigate many challenges when planning to acquire new tools, invest in new technology, fund new technology projects, and introduce process changes. How do you get the most out of these investments without upsetting existing mission-critical processes or projects? Subsequently, how do you rapidly turn your new technology into a successful release that augments your product suite? Chris Ronak shares his experiences and offers his recommendations on how to best integrate newly acquired technology into mainstream development processes and projects. A strategic acquisition must provide missing functionality that enhances your existing product suite or technical framework—and it must be implemented without hindering or stopping progress on other business-critical projects. Join Chris to explore ways to build an extensible core technology framework that allows you to successfully integrate new technology and innovative practices into your existing development organization.
 

An Alternative to Consensus: Accelerating Effective Decisions
Michele Sliger, Sliger Consulting

Software development teams don’t always need, want, or have time to make decisions via group consensus. And project leaders often already feel over-burdened with the multiple decisions they have to make on their own. But there is a middle path—an alternative to consensus—in which shared responsibility for decision-making provides for input from many and one voice to represent the team and make the final choice. In this decision-making process, a team member volunteers to be the decision-maker on a particular issue with only one mandatory rule—seek guidance. The greater the impact the decision will have on the organization, the wider the quest for advice must be—all the way to the board of directors, if appropriate. Join Michele Sliger to learn how this approach to decision-making might be right for your organization.
 

Test-Driven Analysis: Focus on the User, Not the Code
Ken Pugh, Net Objectives

Test-driven analysis (TDA) focuses on the system at the user interface level. By concentrating on scenarios from the users’ point of view, TDA examines the inputs and outputs of a system and how the state of that system changes as a result of actions performed on the system. Further, TDA concentrates on creating tests that help developers and business analysts understand the problem domain and the system requirements. Ken Pugh explores how tests created during TDA efforts relate to user acceptance tests and how the TDA tests can propagate to those created in a test-driven development framework. Together with Ken, you’ll create analysis tests for a sample system and differentiate between various types of tests—acceptance, analysis, and design. This class is about the process of inquiry we need during analysis to answer the question “I know you’re ready for testing, but what are you testing for?”

Deception and Estimation: How We Fool Ourselves
Linda Rising, Independent Consultant

Cognitive scientists tell us that we are hardwired for deception. It seems we are overly optimistic, and, in fact, we wouldn't have survived without this trait. With this built-in bias as a starting point, it's almost impossible for us to estimate accurately. That doesn't mean all is lost. We must simply accept that our estimates are best guesses and continually re-evaluate as we go, which is, of course, the agile approach to managing change. Linda Rising has been part of many plan-driven development projects where sincere, honest people with integrity wanted to make the best estimates possible and used many “scientific” approaches to make it happen—all for naught. Re-estimation was regarded as an admission of failure to do the best up-front estimate and resulted in a lot of overhead and meetings to try to “get it right.” Offering examples from ordinary life—especially from the way people eat and drink—Linda demonstrates how hard it is for us to see our poor estimating skills and helps us learn to avoid the self-deception that is hardwired in all of us.
 

The Challenges of SOA Security
Jimmy Xu, CGI, Inc.

Service Oriented Architecture (SOA) has many security challenges. To address these challenges, it is not enough to set up a secure operational infrastructure. SOA security must be implemented in all key areas of software development—architecture, design, platform, governance, requirements, development, and testing. Jimmy Xu discusses today’s SOA security challenges and explains why it is important to address these challenges inside software development. He presents the latest security practices: standards compliance; review of architectural blueprints and SOA platforms; secure SDLC process; threat modeling; secure coding; and security testing. This session not only prepares you to delve into the details of SOA security methodology, process, and techniques, but also gives you the background information you need to plan and scope security assurance activities in your SOA development projects.
 

Fuzzing: New Tests for Robustness and Security
Ari Takanen, Codenomicon

Traditional security measures are doomed to fail because they are focused only on defending against known attacks—and studies show that more than 80 percent of software will likely crash when extensive negative testing is employed. Fuzzing is a new, proactive technique for discovering security vulnerabilities and robustness issues in software. Although fuzz testing is most often based on some form of syntax checking, random input testing also can be appropriate. Fuzzing is valuable during development when application testers use the technique to surface issues and in production when security testers use it for audits. Any type of system can be fuzz tested—from enterprise solutions to consumer products such as mobile phones and set-top TV cable boxes. Ari Takanen discusses the origins of fuzzing, explains the different technologies used by fuzzers, and identifies current fuzzing tools, their uses and limitations. Ari describes various metrics related to fuzzing that allow you to measure effectiveness and compare the efficiency of various tools.
 

Scenario-Based Architecture Reviews: A Quality Process
Kevin Bodie, Pitney Bowes

Quality attributes—performance, scalability, availability, maintainability, etc.—are often referred to as the non-functional requirements. Unfortunately, these critical factors often are specified through vague platitudes rather than explicit statements. Participatory, scenario-based architecture reviews are essential to determine if the architecture meets the system’s quality attributes as well as the functional requirements. Scenario-based architecture reviews rigorously examine the characteristics of the system to determine strengths, limitations, operating bounds, and overall requirements satisfaction. Results include the impact on and risk of architectural choices for the system. Kevin Bodie details the architecture review planning process, illustrates its execution, and shows you the results with specific deliverables—the Architecture Readout Presentation and Executive Architecture Readout. Kevin presents real-world examples of these deliverables and offers you a review process model to implement in your organization.