Software testing tools for outsourced and distributed development

Language

Software testing tools for outsourced and distributed development

Parasoft Outsourcing Solution ensures that applications satisfy your SLA expectations around quality, security, maintainability, and performance–regardless of obstacles such as communication barriers, different development environments, and high team turnover.
Policy establishment, application, and monitoring	Parasoft's policy-based approach 1) Establishes policies that define your organization's expectations for development and testing; 2) leverages an automated infrastructure to ensure consistent, unobtrusive policy application; and 3) continuously monitors policy compliance for real-time, objective visibility.
Multiple, complementary technologies	Parasoft automates a broad spectrum of quality and security practices for C/C++, Java, .NET, SOA, Web, and RIA–the most comprehensive in the industry. Supported practices include: Code analysis (pattern-based, data flow, metrics) Peer code review Unit & component testing Functional & integration testing Security & penetration testing Load & performance testing Business process testing Continuous regression testing
Extensive, centralized reporting	Provides continuous visibility into policy compliance, as well as development processes, progress, and productivity. The system alerts you to issues as they emerge so you can address them before they impact deadlines or budgets.
Automated infrastructure	Analyzes the project nightly, then notifies the appropriate team members if action is needed. This ensures that your prescribed quality and security tasks are applied consistently and accurately–without disrupting project progress. Interactive desktop testing is also available for immediate feedback.
Rapid issue resolution, reduced developer learning curve	Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code and a description of how to remediate it. Eventually, developers start writing compliant code as a matter of habit.
20 years of experience	The Parasoft approach has evolved over our 20 years in business. With experience helping 58% of the Fortune 500 companies implement a broad range of validation and verification practices, Parasoft knows what it takes to ensure adoption and establish a sustainable, repeatable, and predictable process.

SOA / Web services

Java

C/C++

.NET languages (C#, VB.NET, ASP.NET, Managed C++)

XML

WSDL

SOAP

PoX (Plain XML)

REST

JSON

BPEL

Web Applications

RIA

AJAX

JSP

JavaScript

VBScript/ASP

HTML

CSS

Multiple Message Protocols

WS-* Standards

UDDI

WSIL

MTOM(XOP) / MIME / DIME Attachments

HTTP 1.0, 1.1

HTTPS

TCP/IP

SMTP

.NET WCF (TCP, HTTP, WS Transaction Flow)

JMS

IBM MQ

Sonic MQ

TIBCO Rendezvous

EJB

RMI

CORBA

The greatest challenge of outsourced or geographically-distributed development is how to ensure that high-quality, flexible code is delivered promptly and predictably–regardless of obstacles such as communication barriers, different development environments, and team turnover. Developers might implement code based on a misunderstanding of your requirements and quality policies. The outsourcer's status estimations might be inaccurate or untruthful. Or, the code might be completed on time, but require tremendous rework.

These and other headaches can be prevented by using Parasoft Outsourcing Solution, which:

Establishes policies that define your organization's expectations for development and testing.
Leverages an automated infrastructure to ensure consistent, unobtrusive policy application across teams and locations.
Continuously monitors policy compliance for real-time, objective visibility.

Developers verify conformance to objective criteria as code is developed, then conformance is verified again upon code check in. By exposing structural errors as they are introduced and preventing entire classes of defects, this verification helps developers deliver better code faster and prevents surprises later in the process. Moreover, continuous visibility into development processes, progress, and productivity–as well as policy compliance–helps managers ensure project predictability.

For capability details tailored to your specific development environment, see the following pages:

Data Sheets (PDF)

Parasoft Outsourcing Solution

White Papers

Static Analysis Best Practices
Explains how coding standards analysis, data flow analysis, and metrics can help your team improve code security, reliability, performance, and maintainability–and how to get started as painlessly as possible.
Code Review Best Practices
Explains how process automation plus a focus on requirements can help your team uncover more complex defects during peer code review–without impeding project progress.
Unit Testing Best Practices
Explains how unit testing can help your team rapidly modify code with confidence–and how to get started as painlessly as possible.
The Yin and Yang of Software Development: 5 Best Practices that Allow Efficiency and Creativity to Productively Coexist
Explains how 5 best practices reduce the amount of avoidable waste in the software development process, enabling developers to satisfy business goals without compromising their craft.

Case Studies

Wipro
To remain competitive, global services provider Wipro launched an initiative to establish a more efficient and cost-effective way to maintain the exceptional quality standards that they pride themselves on. Find out how Parasoft helped them automate application and monitoring of their corporate quality policies?and achieve a 25%.reduction in testing time and effort.
NEC
NEC Telecom Software Philippines (NSP), a subsidiary of NEC Corporation in Japan, needed an alternative to manual code review and unit testing in order to comply with corporate quality initiatives while working under a tight schedule. Find out how Parasoft helped them streamline their internal quality processes to more efficiently satisfy quality initiatives
Cisco Systems
To satisfy corporate quality and security initiatives, Cisco Systems adopted static analysis, unit testing and code review as a corporate standard across their geographically-distributed development teams. Learn how they automated these practices and seamlessly integrated them into their existing processes to deliver compliant code without impeding productivity.
Siemens AG
As a global company, Siemens must support customers and employees throughout the world with an increasingly demanding set of IT services. With the constant introduction of new services, Siemens must ensure their applications are smartly integrated with back-end infrastructure and are diligently maintained to avoid software errors or system shutdowns. Learn their strategy for rapidly implementing top-quality Web services.

Published Books

Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE, 2007
Explains an approach to software development and management that makes quality a continuous process throughout the software development lifecycle
Bulletproofing Web Applications. Wiley, 2001
A road map for how to integrate error prevention and detection into the development process to ensure that Web applications are robust, scalable, efficient and reliable.

Published Articles

Translate Software Projects Into Global Success, Software Test & Performance
Offers collaboration strategies to global companies who have groups of people from different geographical locations and cultural backgrounds working on projects together.
Four Strategies for Communicating with Outsourcers, Enterprise Systems
Outlines strategies for effectively communicating with your outsourcing project partner.
Solid Infrastructure Paramount to Successful Outsourcing, Enterprise Systems
Discusses how establishing a solid infrastructure raises accountability and promotes the delivery of better code.
Tips for Managing Outsourcing for Your Own Career Growth, Computerworld
Offers tips for reducing the risks of outsourcer misunderstandings causing project setbacks or failures.
Outsource More Effectively, Enterprise Architect
Provides guidelines for determining when to develop in house and when to subcontract.
Outsourcing: Devising a Game Plan, ACM Queue
Provides advice on developing an effective outsourcing strategy and avoiding outsourcing pitfalls.
How to Work Effectively with Subcontractors and Outsourcer Organizations, Computerworld
Offers advice for outsourcing success: communicate effectively with outsourcers and ensure that they comply with the same policies you set for your own organization.
Static Analysis at the End of the SDLC Doesn't Work, SearchSoftwareQuality.com
Explains the importance of ensuring that code is built according to the organization's expectations – rather than trying to tack on security and quality at the end of the process.
Static Analysis, Security Failure, Software Test and Performance
Discusses why a policy-based approach is the secret to success with static analysis.
Building Security into Software with Security Policies & Static Analysis, JDJ
Discusses why the most effective security efforts define a policy that details security requirements, then use static analysis to verify that the policy is implemented in the code.
Software Quality Needs to be a Continuous Process, SearchSoftwareQuality.com
Explains how establishing a continuous process that helps the team build quality and security into the software not only reduces defects and debugging, but also optimizes QA time and significantly improves team productivity.
The Future of Quality Lies in Productivity, SD Times
Explains how a productive workflow can make or break a quality initiative–focus on productivity by helping the team work smarter, and the team will deliver better software faster.
Unlocking the Power of Automation: Exclusive Q&A with Dr Adam Kolawa, SYS-CON Media
Discusses how Automated Defect Prevention (ADP)–an approach to software development and management that makes quality a continuous process throughout the software development lifecycle–gives developers more time to focus on the creative tasks they enjoy most.
Building Solid Software, CIO
Other industries have learned to incorporate better production methods into their manufacturing processes to ensure quality in their products–why isn't the software industry doing the same?
Why Aren't We Doing More to Prevent Errors?, Computerworld
Argues that the software industry can–and must–do more to prevent errors.
Prevention's the Cure, Dr. Dobb's Journal
Explains how coding standards static analysis can help you shift focus from finding bugs to building quality into the code.

Compliance as a Continuous Process

A continuous quality process ensures the compliance tasks that you prescribe for outsourcers or geographically-distributed teams are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow. It can be achieved by taking a policy-based approach that embeds automated policy monitoring "sensors" across the SDLC. This involves defining policies that capture the organization's expectations around quality and security, then leveraging automation as a sensor that checks 1) if the policies are being applied correctly and 2) if they are achieving the expected results.

Rather than constantly incur the costs of testing quality and security defects out of the software (auditing), organizations invest in establishing a system that helps the team build quality and security into the software.

With such an infrastructure in place, team productivity increases dramatically. By following clearly-defined expectations for building quality and security into code, development is freed from the constant interruption of having to review, reproduce, and remediate defects reported by QA. Moreover, with so many defects being prevented, QA resources can be reduced or reallocated into tasks that deliver increased business value–such as performing a more extensive high-level "functional audit" of the application and assisting the team to monitor and improve its continuous quality process.

Parasoft Policy-Based Infrastructure

The Parasoft Policy-Based Infrastructure centralizes compliance via a development policy, which is a defined set of validation goals that an organization would like to achieve and measure throughout the SDLC. A properly- defined "policy" allows the organization to increase productivity while mitigating the risks associated with compliance to laws, regulations, and best practices. The overall goal is to drive a more effective SDLC process with automation.

The Parasoft infrastructure integrates into the team's current development environment and drives policy via process and workflow automation, which is achieved through both Parasoft quality components and any other application within the organization's development infrastructure.

Parasoft's policy-based infrastructure features the following components:

Policy Management

The Parasoft Policy Management solution is a central repository that defines management's expectations about how to execute SDLC tasks "correctly" in order to achieve and demonstrate compliance. The Policy Management module takes compliance guidelines and turns them into executable best practices. Metrics and control limits can be set within each policy in order to trigger escalations and/or notifications. This sets a measurement baseline to monitor policy compliance, process visibility, and granular tasks.

Policies can include:

Architectural best practices and approval
Design best practices and approval
Development best practices and monitoring (security, reliability, performance, maintaibility)
Quality process best practices and monitoring
- Process Adherence
- Automated Test Analysis (Code Analysis, Peer Code Review, Regression Testing...)
- Quality Gates
- Test Coverage
- Risk/Release Monitoring
Runtime monitoring

Process/Workflow Automation

Process/Workflow Automation is established to test for compliance to the defined policy. Process and workflow automation can request approval or verification for human/manual tasks or automatically query SDLC systems for specific process artifacts. The Process/Workflow component monitors the SDLC infrastructure for policy compliance.

Furthermore, more granular human tasks can be orchestrated in order to achieve compliance to specific SDLC policies. For example, a review process can be executed when specific components of a project are completed. A human task for review can be generated–bringing together developer and manger as well as key artifacts such as the requirement, the code, code analysis results, and unit test and functional test plans.

Preconfigured, customizable policy templates define common compliance processes that span everything from planning, to validation, to approval/sign-off tasks. Then, Process/Workflow Automation converts checklist items into executable processes. This helps organizations move beyond simply describing "how" to conduct the software validation efforts and towards establishing a "living process" that ensures validation is actually performed according to expectations.

Visibility

Established policies have associated metrics and service level agreements (SLAs) in order to provide visibility at various levels of granularity. This includes:

Policy Compliance
Process Visibility
Task Progress
Correlated SDLC Metrics

Since the Process/Workflow engine works across both business process and SDLC systems, data that is traditionally located in disparate locations can be correlated in context of "process." The result is visibility that not only demonstrates compliance efforts, but also improves an organization's ability to deliver quality software and to continually increase their productivity.

Quality Repository

The quality repository is the central location to deploy, manage, and enforce organization and project policies. It is locally deployed and accessible globally. This flexibility allows core organization policies to be defined and applied to specific project configurations. Since no two projects are created equal, it is important for the project manager to have the ability to optimize productivity while adhering to validation requirements and other corporate defined policies.

The quality repository is the centralizing mechanism that allows compliance to be measured and continuously improved.

Reporting System

Parasoft's reporting system provides the information you need to identify quality, security, and process problems, address their root causes, and then monitor improvements.

The reporting system combines information from multiple sources (source control, bug tracking, and requirements management systems, as well as your Parasoft testing solutions and third party tools), which provides users with the ability to make objective decisions. The gathered data is correlated, organized, and delivered to different user roles within the organization to support their decision system.

The reporting system works as part of a comprehensive team-wide solution that reduces delivery delays and improves the quality and security of complex, multi-language enterprise applications. This particular component of that solution can help organizations:

Improve productivity through process improvement.
Obtain comprehensive, objective, on-demand insight into the development process.
Meet goals predictably.
Manage distributed development.