Around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business, according to Securing the Digital Economy, a report from Veracode ...
In this blog I will summarize and share with you some wisdom about the biggest problem – okay, problems – in the field of software testing right now. While this is not an exhaustive list, these four bad habits have emerged as the predominant themes.
Bad habit #1: Not testing enough
Companies simply don't test enough (or, in less mature organizations, don't test at all). This is definitely the biggest problem with testing.
We are consistently stunned to hear things like, "Well, our developers are confident that the code will work well under traffic." Not to undermine anybody's confidence, but without data to back it up, there is really no objective basis to assume that will be true. Nor is there any good reason to assume the unnecessary risk that comes with this kind of "blind faith" in the code.
We loved a quote at StarWest conference from Maaret Pyhäjärvi's keynote: "Testing is not about breaking the code, it's about breaking your illusions about the code."
Your illusions about the code can be about a scenario, usability, or performance under load. It doesn't matter – if you don't test, you won't have enough data to make informed decisions.
Another common excuse for insufficient testing peddled by well-meaning teams is that they "don't have time for testing." In the pressure of pushing features out to meet market demands, they are convinced they are going faster by skipping the testing phase.
This is another illusion. Except it's not about the code itself, but the QA process. There are always testers. If you haven't done enough testing, you're simply relegating that role to your end-users. And that can be a very costly decision, resulting in a swarm of unhappy users, which can too easily translate into painful revenue loss for the company. The other consequences, like increased rollbacks and a general slowdown of your development cycle, are almost inconveniences by comparison.
Bad Habit #2: Not doing enough regression testing
If your last test was a long time ago, you can virtually guarantee there are some new problems that have creeped in since then.
Don't trust your outdated test results. A regression happens when unexpected issues are caused by code changes, or when code changes have unwanted consequences. Regression testing is usually a very good candidate for automation, because tests are stable and repeatable, and you are testing established scenarios. If there are issues, you want to find them before your users do.
If you don't have recent data about your performance, it's almost equivalent to not having data at all.
Bad habit #3: Still testing like it's 1985
So you are deploying on a multi-cloud environment, use CI and build for every commit, github for source control, Agile methodologies, and devs communication, and then you use slow and dinosaur-like tools for testing? It simply doesn't work. Don't let it get to that point. You can't use 80s technology for 3rd millennium development.
Bad habit #4: Too little / too much automation
This is less obvious and probably a bit controversial. First, continuous integration and continuous delivery can't really happen without continuous testing.
One of the pillars of continuous testing is automation, which enables you to get to the right velocity if DevOps / CD is the goal. Automation must be a priority. Not doing enough to automate these workflows is a well-known problem in the industry that delays full DevOps adoption.
However, we also see the opposite problem. People think they have solved everything with automation. In reality, however, the "automate it all" approach tends to fall short because it relies on your ability to predict all user scenarios with 100 percent accuracy. Given the increasing complexity of applications and the technological contexts in which they are being used, that level of predictability is getting harder and harder to achieve.
So it usually makes sense to leave space for exploratory testing, heuristic testing and for introducing a creative/intuitive approach to find out what's annoying for your users. Exploratory testing, as in testing that is not normed or scripted in advance, is a great technique and is essentially the art of inventing test cases in real-time. Both automation and exploratory testing are valid approaches, and are not mutually exclusive.
It's absolutely essential for modern development teams to put testing front and center in their priority list, and to adopt best practices and tools that help them accelerate their development process. Be sure to make your software ready for the real-world.