A few days ago, I tweeted that I was looking for nominations for events for an Agile timeline and am extremely grateful for all the responses I received.

The request was for the keynote talk that I just presented at PNSQC. I’ve had several requests for the timeline that resulted, so I figure the easiest (and therefore fastest) way to share the resulting timeline would be to share my slides.

Here they are (pdf, ~1Mb). Enjoy! (As always, comments/questions/critiques welcome.)

I recently gave my Agile Testing Overview presentation at a client site.
As I was preparing to do the talk, I dusted off my old slides and realized that they were in desperate need of an update. In some cases, my thinking has shifted a little in the years since I first drafted the slides. But more importantly, the slides focused far too much on drawing a distinction between traditional and Agile methods, and not enough on the concrete Agile Testing principles and practices.
The new slides (pdf, 9Mb) identify 9 principles and 6 concrete Agile testing practices. Enjoy.

I’ve been meaning to post this for ages. So while I’m polishing the rough edges on my Part 2 of 2 post, I thought I’d take this opportunity to finally make good on that promise. Here it is: the Quality Tree Software, Inc. Test Heuristics Cheat Sheet, formerly only available by taking one of our testing classes.

presented at STARWest, November 2004
A how-to guide for screening, interviewing, and selecting testers.  See presentation (pdf).

Presented at the PNSQC 2004 conference
Are traditional testing practices still relevant in an Agile world?  This paper explores the implications of Agile processes for testing.  See paper (pdf).

Originally published on stickyminds.com

I have a theory. I think that technical people are being insulated from important business matters. Perhaps it’s because management wants technical people to concentrate on technical concerns. Perhaps it’s because management isn’t convinced that technical people understand anything about business strategy. Whatever the reasons might be, I want to put my theory to the test.

Think about the project you’re working on now. Mentally examine your part of it, then expand your mind to encompass the entire project. Think about all the groups working on it and what they do. Think about the timeline. And think about the anticipated end result. Got all that firmly in the forefront of your consciousness? Good, because it’s quiz time. See if you can answer the following questions:

1. Why is this project important?

2. How does it contribute to the long term strategic direction of the company?

3. How will it improve the company’s competitive position in the near term?

4. How much will it cost?

5. What financial benefits (reduced costs, increased revenues, etc.) will the project bring?

6. Who will benefit most from a successful outcome to this project?

7. What will happen if the project fails?

8. What capabilities will the users find most compelling and why?

9. If users don’t use this software, what will they use instead?

10. How well would the majority of the technical contributors on the project answer these questions?

My final question is more personal: how did you feel when you were answering those questions?

If you felt confident that you understood both the marketplace in which your company operates and the business case for your project, you’re probably in the minority. More often I find that technical people (who themselves are usually quick to chastise management for technical cluelessness) are unaware of the business reasons behind project decisions.

No wonder many software defects boil down to miscommunications. It’s difficult to understand what you’re building if you don’t know why you’re doing it.

Let me give you an example of the importance of “why.”

Early in my career I was put in charge of document production at a small company. Eager to be precise, I provided precise measurements for the spacing of 3 holes along the left hand side of the 8.5″ x 11″ booklets. The day before the documents were due back, Barry, the manager at the document reproduction company, called me.

“Why do you need the holes in these documents?” he asked.

“Uh, so I can put them in 3-ring binders.” I replied, wondering where this conversation was going.

“That’s what I thought,” he said. “In that case, whoever did these measurements is smokin’ something.” I blushed furiously; glad he couldn’t see my expression over the phone. That would be me, I thought to myself. Barry continued, unaware of my embarrassment, “They won’t fit in a 3-ring binder at all. Should I just punch these for a 3-hole binder and ignore the measurements?”

“Yes,” I replied meekly. As I hung up the phone I realized that I’d made a silly mistake in trying to be so precise. My intent was to ensure that there could be no room for miscommunication. Instead, I’d almost caused a disaster. Fortunately, Barry had enough experience with documents that he guessed my intentions. Knowing intentions is the key to requirements. That’s the difference between “recorded requirements” and “real requirements.”

I often see requirements that read like my specifications for the three holes in the documents. They’re precisely worded, but there’s no hint about why the software should do what the requirements ask.

“The window shall be no more than 800×600 pixels in size.”

Lovely. Why?

Some of you may have recognized those numbers, a common monitor resolution. A window larger than that size will overwhelm the screen on a low-resolution monitor. But how much harder would it be to say, “The warehouse personnel use machines that operate at 800 x 600 resolution. All windows must fit on the screen without scrolling, so don’t make them larger than that size.”

If you are beginning to wonder if you know enough about the business, seek out the information you need. Read everything you can get your hands on: your company’s press release, financial data, competitor’s web sites, customer discussion forums, and consumer reviews. Ask your manager about the company’s strategic direction and how your current project contributes. Keep asking questions about the business until you really understand not only what you are being asked to do, but also why you are being asked to do it.

Then, if you find yourself in a situation like Barry, asked to do something that doesn’t make sense, you’ll have the knowledge to articulate your concerns. And in doing so, you might find that management is a little more open with technical people about their business concerns. Show them that you can learn about their world, and they’ll give you the information you need. Go ahead, challenge them to give you “the business.”

published in STQE Magazine, May/June 2003
How do you keep your testing skills fresh?  This article suggests several ways to make sure you stay at the top of your game.  See article (pdf).

Originally published on stickyminds.com

Let’s peek in on a discussion in a bug triage meeting.

Tim, the marketing manager, is shaking his head. “That’s a high on the severity scale. It’s really bad, guys. You have to make it a high.”

Jordan, the development manager, is barely containing her frustration. Her eye is starting to twitch as she replies, “No, Tim. That’s not all that bad. It’s an inconvenience, I agree, but there’s an easy workaround.”

“Inconvenience?!?” Tim says a bit more loudly than he intended. “You call not being able to print an inconvenience?!? That’s a disaster!”

“Yes, I call not being able to print from one particular type of printer without installing an upgraded driver from the vendor’s website an inconvenience. The user just needs…”

“I know what the user needs,” Tim cut in. “The user needs to be able to print out of the box! You can fix this in our code, right?”

Jordan nods, “Yes, but we’d just be working around the vendor’s…”

“Then fix it.” Tim stood over Jordan, glaring.

“But it’s a medium at best!” Jordan objected. “The user isn’t losing any data, doesn’t have to reboot, isn’t crashing. They just have to update a driver.”

This argument could continue forever. I’ve seen many arguments like this go on and on. What’s really happening here? Why are Tim and Jordan about to be at each other’s throats?

Priority is Business; Severity is Technical
Tim is looking at business priority: “How important is it to the business that we fix the bug?” Jordan is looking at technical severity: “How nasty is the bug from a technical perspective?” These two questions sometimes arrive at the same answer: a high severity bug is often also high priority, but not always. Allow me to suggest some definitions.

Severity is levels:
* Critical: the software will not run
* High: unexpected fatal errors (includes crashes and data corruption)
* Medium: a feature is malfunctioning
* Low: a cosmetic issue

Now you see why Jordan was arguing that the Print bug was a medium: a feature was malfunctioning.

Priority levels:
* Now: drop everything and take care of it as soon as you see this (usually for blocking bugs)
* P1: fix before next build to test
* P2: fix before final release
* P3: we probably won’t get to these, but we want to track them anyway

And now you can see why Tim was so adamant that the issue was a high. From his perspective, it was a P1 matter.

They’re both right. It’s of medium severity, but P1 to fix.

Priority is Relative; Severity is Absolute
Further, the priority might change over time. Perhaps a bug initially deemed P1 becomes rated as P2 or even a P3 as the schedule draws closer to the release and as the test team finds even more heinous errors. Priority is a subjective evaluation of how important an issue is, given other tasks in the queue and the current schedule. It’s relative. It shifts over time. And it’s a business decision.

By contrast, severity is an absolute: it’s an assessment of the impact of the bug without regard to other work in the queue or the current schedule. The only reason severity should change is if we have new information that causes us to re-evaluate our assessment. If it was a high severity issue when I entered it, it’s still a high severity issue when it’s deferred to the next release. The severity hasn’t changed just because we’ve run out of time. The priority changed.

Priority and Severity Don’t Mix
In response to Johanna’s column last week, some people suggested using both severity and priority to come up with a composite risk number. While this intuitively sounds like a way to resolve the priority-severity divide, I suggest using such an approach with extreme caution. It’s multiplying apples by oranges in an attempt to quantify bananas. Risk is yet a third type of information.

The risk associated with any bug depends on the severity of the issue, certainly. But it also depends on the likelihood that the user will run into it as well as the possible losses that might occur. I don’t attempt to quantify all this when assessing the severity of an issue. In fact, I think that in most cases assessing the risk of a single issue takes more time than it’s worth. Only for potentially poisonous bugs involving dangerous fixes do I really want to weigh the risk of fixing it against the risk of not fixing it.

Establish Work Precedence
The best way to avoid confusion about what comes first is to ensure everyone in the organization takes their cues for work precedence from priority and nowhere else. Developers fix P1 defects first. Testers verify P1 fixes first. Technical writers document P1 issues first. Everyone works in priority order: the priority reflects importance to the business. Saying, “This bug is more severe than that one so I’ll work on it first” is as bad as saying, “I like this bug more, so I’ll work on it first.” The severity rating is technical information used by managers as a piece of the formula in determining the priority rating. The priority rating is the final word on the order in which the work is done by programmers, testers, and everyone else.

The ultimate lesson here, regardless of the terms or levels you use to categorize your bugs, is that any classification scheme will only be effective if everyone agrees on definitions. So perhaps that’s the very first question to ask when an argument is brewing about severity, priority, or risk: “Help me understand exactly what information you’re using from each defect record and how you’re using it?”

published in STQE Magazine, March/April 2003
Metrics give you plenty of data, but creating charts and graphs that properly showcase this data can be difficult. In this article co-authored with Kathy Iberle, read about six ways to improve your charts and graphs to make your data tell a story.  See article (pdf).

published in STQE Magazine, January/February 2003
Do you like what you’re doing?  What do you want to be doing several months from now?  What’s your ideal job?  Ready to take stock?  Here’s how.  See article (pdf).