SD Times - October 2017 by d2emerge

SDT04 cover.qxp_Layout 1 9/18/17 2:25 PM Page 1

JULY 2012 • ISSUE NO. 279 • $9.95 • www.sdtimes.com

OCTOBER 2017 • VOL. 2, ISSUE 4 • $9.95 • www.sdtimes.com

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:36 PM Page 2

SDT04 page 3.qxp_Layout 1 9/18/17 12:08 PM Page 3

Contents

VOLUME 2, ISSUE 4 • OCTOBER 2017

FEATURES

NEWS 6

News Watch

How to prepare for the General Data Protection Regulation

Women in Technology: Transforming the experience of QA work

Facebook, IBM, Microsoft lead advances in AI

Enterprise agile coming of age

Oracle proposes changes to Java release cycle

With holidays approaching, protect your data and your customers

How to formalize customer research for continuous delivery in the enterprise

page 8

COLUMNS 54

GUEST VIEW by Steve Roberts Five tips for software-driven companies

ANALYST VIEW by Rob Enderle When smartphones become obsolete

INDUSTRY WATCH by David Rubinstein The liquification of software

SD Times Testing Showcase page 27 29

Manage All Mobile Devices From a Single Test Lab

Expanding The Reach of Automation

With Appvance It’s AI All The Time

Building Application Security In From Start To Finish

Parasoft: Orchestrated Virtualized Testing

TechExcel’s TestDev: Game On

Tricentis Enables Continuous Testing

Weather Seismic Shifts in Testing

Upping the web application game

page 44

page 49

Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 225 Broadhollow Road, Suite 211, Melville, NY 11747. Periodicals postage paid at Huntington Station, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2017 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 225 Broadhollow Road, Suite 211, Melville, NY 11747. SD Times subscriber services may be reached at subscriptions@d2emerge.com.

SDT04 page 4.qxp_Layout 1 9/15/17 2:45 PM Page 4

Â®

Instantly Search Terabytes of Data DFURVV D GHVNWRS QHWZRUN ,QWHUQHW RU ,QWUDQHW VLWH ZLWK GW6HDUFK HQWHUSULVH DQG developer products

www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein 631-421-4154 drubinstein@d2emerge.com SOCIAL MEDIA AND ONLINE EDITORS Christina Cardoza ccardoza@d2emerge.com Madison Moore mmoore@d2emerge.com INTERN Ian Schafer ischafer@d2emerge.com

Over 25 search features, with easy multicolor hit-highlighting options

SENIOR ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS Alyson Behr, Jacqueline Emigh, Lisa Morgan, Frank J. Ohlhorst

dtSearchâ&#x20AC;&#x2122;s document filters support popular file types, emails with multilevel attachments, databases, web data

Developers: Â&#x2021; $3,V IRU 1(7 -DYD DQG & Â&#x2021; 6'.V IRU :LQGRZV 8:3 /LQX[ 0DF DQG $QGURLG Â&#x2021; 6HH GW6HDUFK FRP IRU DUWLFOHV RQ faceted search, advanced data FODVVLILFDWLRQ ZRUNLQJ ZLWK 64/ 1R64/ RWKHU '%V 06 $]XUH HWF

Visit dtSearch.com for Â&#x2021; KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV Â&#x2021; IXOO\ IXQFWLRQDO HYDOXDWLRQV

The Smart Choice for Text RetrievalÂ® since 1991

dtSearch.com 1-800-IT-FINDS

CONTRIBUTING ANALYSTS Rob Enderle, Cambashi, Gartner, Forrester, IDC

CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi adtraffic@d2emerge.com LIST SERVICES Shauna Koehler skoehler@d2emerge.com REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com WESTERN U.S., WESTERN CANADA, EASTERN ASIA, AUSTRALIA, INDIA Paula F. Miller 925-831-3803 pmiller@d2emerge.com

PRESIDENT & CEO David Lyman CHIEF OPERATING OFFICER David Rubinstein

D2 EMERGE LLC 225 Broadhollow Road Suite 211 Melville, NY 11747 www.d2emerge.com

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:38 PM Page 5

SDT04 page 6,7.qxp_Layout 1 9/15/17 5:11 PM Page 6

SD Times

October 2017

www.sdtimes.com

NEWS WATCH Atlassian makes a Stride in collaboration Several companies have tried competing with Slack’s communication platform, and now Atlassian has entered the game with Stride, a complete team communication solution that aims to redefine how people work together. One of the things that Stride does differently is it uses Actions and Decisions to solve chatting dilemmas. Teams can isolate important outcomes by marking any message in Stride as an Action or Decision, and access these messages in an organized sidebar. Stride’s Focus Mode actually lets users “unplug” and get work down without notifications and incoming messages. Teams can get started with Stride today and request early access.

Apache Struts 2.5.13 has security updates Apache Struts 2.5.13 was released with security fixes, and this is the fourth RCE vulnerability for Apache Struts this year. One of the notable security fixes was an RCE CVE2017-9805, which affects all versions of Struts since 2008. According to vice president of engineering at tCell, Boris Chen, “it’s important to note that serialization exploits resulting in RCE are one of the most serious yet underreported vulnerabilities that applications face today, and it doesn’t seem to be waning.” He said that this trend is alarming, and more investment in code analysis and runtime monitoring and protection is needed since these are typically the best approaches to prevention and mitigation.

ScaleArc releases latest version of ScaleArc for SQL Server Database load balancing software developer ScaleArc has announced the latest release of ScaleArc for SQL Server which they say enhances its load balancing capabilities. User can now direct and load balance database reads and writes within a transaction for better performance in custom or packaged applications within having to modify the applications themselves, all while maintaining ACID compliance. “Working with off-the-shelf software presents a significant challenge, since our customers can’t modify the code,” said David Klee, founder at Heraflux and Microsoft Data Platform MVP. “We can tune the database and instance up to a certain point, but this this new ScaleArc capability is an incredible new method for improving performance for a broad range of business-crit- The ScaleArc software provides an abstraction layer that shields apps from the database infrastructure. ical applications.”

NGINX releases application platform NGINX is transforming its offerings into a one-stop application development and delivery platform, so teams can build or modernize applications with a collection of DevOps tools and best practices. NGINX launched its new NGINX Application Platform, a suite of products that together form a solution made up of application delivery, an application server, and policydriven monitoring and management. The platform includes NGINX Plus, a combined load balancer, content cache and web server. NGINX Plus extends open source NGINX, and the software-based application delivery controller for the web is now on its 13th release, according to a company announcement. The platform also includes NGINX Controller, a centralized management and monitoring platform for NGINX

Plus. An enterprise will be able to use NGINX Controller to define how they want their application to be delivered, what load balancing policies they want, what SLAs they want their application to meet, and it will be responsible for pushing those policies up to NGINX so they take effect, said Garrett. Another part of the company’s announcement is NGINX Unit, a server for modern applications. It’s a “new building block” for applications, it’s lightweight, it supports a wide range of application languages like PHP, Python, and Go, and it will implement internal networking.

tionally into tools like Atlassian Jira, CA Agile Central, Microfocus ALM, and others. With the connector, development teams can improve inter-team collaboration and break down team silos. The connector also supports crosstool traceability and reporting. “GitLab allows anyone to reduce their time to value, bringing their ideas to production faster,” said Job van der Voort, GitLab vice president of product. “With the Tasktop integration, yet another hurdle in going from one application to the next is removed. We’re excited to see enterprises ship faster and more reliably.”

Tasktop announces GitLab Issues Connector

Test IO launches live QA Service for Jira

Tasktop announced new support for GitLab Issues in its Tasktop Integration Hub. Now development teams can automatically flow issues bi-direc-

Crowdsourced software testing firm test IO launched QA Service for Jira today, connecting Atlassian’s Agile project management customers using Jira Software to QA pro-

SDT04 page 6,7.qxp_Layout 1 9/15/17 5:10 PM Page 7

www.sdtimes.com

fessionals worldwide. Users will be able to run acceptance tests of user stories and epics, verify fixes and view precise information for reproducing hard-to-find bugs, courtesy of test IO’s crowdtesters, all from within the Jira UI. The testers interact only with the test IO platform, which then synchronizes with Jira Software Cloud or Server instances, so there are no additional accounts needed or security to handle.

Progress releases Telerik components Progress announced the release of a series of new components within the Telerik product portfolio, as well as details on its donation to the .NET Foundation. Available now, the latest release of Telerik UI libraries offers a series of new and innovative components dedicated to improving developer productivity, and enabling them to build a high performance, high quality user experience (UX). Telerik UI for ASP.NET Core is one of the first UI tools to offer built-in support for .NET Core 2.0. .NET Core is the crossplatform, open source, modular .NET platform for creating modern web apps, microservices, libraries and console applications for Windows, Linux and macOS. Telerik UI for Xamarin is the first UI tool to offer predefined themes to be implemented with the new built-in theming mechanism in Xamarin. This mechanism enables developers to easily include, modify or change a theme within a Xamarin.Form project. With the release, the CTP of the Telerik UI for Xamarin DataGrid control is now available. Built with performance in mind, the CTP enables

CRUD and data operations including sorting, filtering and grouping as standard. The Telerik desktop UI suites now offer a PDF Viewer control to enable PDF signing, filling and saving features. Developers no longer need to purchase multiple third-party tools and benefit from faster and easier document processing. Finally, for those working with legacy code or more mature technologies, Progress has released sought-after feature enhancements, including the PDF signing, filing and saving capabilities mentioned above, as well as memory consumption optimization in the reporting tools and accessibility standards across the full portfolio of controls, in accordance with latest government accessibility standards.

Micro Focus updates security portfolio after HPE merger At its Protect 2017 user conference last month, Micro Focus

made a number of announcements regarding its security portfolio, to address security issues coming from a shift to hybrid IT, identity management and the growing sophistication of hackers. The company announced that analytics from the HPE Vertica embedded database will be built in to ArcSight, the company’s security console that is built on an open architecture to enable data sharing through the enterprise. Also, a new partnership with logging and analytics software provider Elastic will empower security teams to gain deeper insights from data exploration to threats. For companies struggling with securing data in the cloud, Micro Focus is releasing NetIQ Change Guardian 5.0, a tool that monitors user privileges and context to ensure data security. The company today also is launching SecureData Cloud for AWS, taking its on-premises data security solution and shifting it into a PaaS model, he

October 2017

SD Times

said. This will enable enterprises to work in hybrid environments without risking exposure of sensitive data, he explained.

Yarn team releases JavaScript package manager 1.0 The team behind Yarn, an opensource, fast and secure alternative npm client, announced the 1.0 release of the JavaScript package manager, which is a major step for the project. Yarn added a new feature called Workspaces, which lets people automatically aggregate all the dependencies from multiple package.json files and install them all in one go. It also uses a single yarn.lock file at the root, to lock them all, according to a Facebook post debuting the Yarn 1.0 release. Also in Yarn 1.0 is the new auto-merging of lockfiles feature. When there’s a merge conflict in the lockfile, Yarn will automatically handle the conflict resolution for you upon running yarn install. z

C++17 gets formal approval as ISO standard C++17 has finally received formal ISO approval and publication. The C++ standards committee first announced the C++17 standard was complete in April 2017, and now, the last major ballot was completed, according to Herb Sutter, committee chairman and noted C++ programming language expert, on his blog. The C++17 Draft International Standard ballot came back with 100% approval, which means C++17 gets to skip the final DIS ballot and proceed right to publication, said Sutter. Sutter said that as far as an ISO is concerned, the team is done and they are just waiting for an update on the document editorially, and then they can send the ISO C++ committee the final PDF they want to be published. In the meantime, Sutter said the following steps left to complete are: n Richard Smith, the project editor, and helpers need to review and resolve editorial comments, and any other pending editorial “tweaks they feel like fixing,” said Sutter. n Early November at the next meeting, they will approve the sending of the final PDF to ISO for publication. n ISO will publish sometime after that, and if it doesn’t take too long, the formal name will be ISO/IEC 14882:2017, but “even if they publish in January and call it :2018, that’s just a detail; this standard is known in the industry as C++17,” said Sutter. “WG21’s (the ISO C++ committee) active project now is C++20, and we already began work on that at our last meeting in Toronto, including to add a major feature (concepts!), and we’ll continue serious work on that in Albuquerque and beyond,” writes Sutter.

SDT04 page 8,9.qxp_Layout 1 9/15/17 6:19 PM Page 8

SD Times

October 2017

www.sdtimes.com

The world of software development involves so much more than writing code these days. Developers need to understand artificial intelligence, the cloud, new methodologies, and the expanding infrastructure required for IoT. Here are some companies our editors are watching to lead the way.

SDT04 page 8,9.qxp_Layout 1 9/15/17 6:18 PM Page 9

www.sdtimes.com

October 2017

SD Times

tCell

Plotly

at an alarming rate, this startup is building DevSecOps solutions for companies that understand the importance of security and are looking for a better way.

released an open-source project, Dash, to help developers build analytical web applications using the Python programming language. Dash is built on Plotly.js, React and Flask to connect UI components to the analytical Python code.

WHAT THEY DO: Application security WHY WE’RE WATCHING: With data breaches recurring

Kore.ai

WHAT THEY DO: Bots WHY WE’RE WATCHING: The future of user interfaces is conversational (see: Siri, Cortana, Alexa, et al) and kore.ai is using artificial intelligence to enable intelligent dialogs between humans and IT systems.

built.io

WHAT THEY DO: Integration platform-as-a-service WHY WE’RE WATCHING: built.io Flow is a platform created for connectivity via API that enables organizations to automate workflows. Flow Express is a low-code solution for business users.

Usermind

WHAT THEY DO: Customer Engagement Hub WHY WE’RE WATCHING: Usermind’s platform ensures that data is compatible, accessible and actional across teams and systems, without the need to run queries. This provides the context organizations require to build successful applications.

Veritone

WHAT THEY DO: Data visualization WHY WE’RE WATCHING: The company recently

Kinetica

WHAT THEY DO: Data analytics WHY WE’RE WATCHING: An advanced analytics database provider that uses GPUs for IoT data and analytics for real-time insights into data streams and large data sets.

Algorithmia

WHAT THEY DO: Algorithm marketplace WHY WE’RE WATCHING: The company offers an enterprise solution for algorithms, functions and machine learning models that can run as microservices. It has backing from Google's AI venture fund Gradient Ventures.

SLAMcore

WHAT THEY DO: Localization and mapping WHY WE’RE WATCHING: This early-stage startup helps developers create robotic, augmented reality and virtual reality solutions that localize, navigate and understand unfamiliar surroundings. It is backed by Toyota AI Ventures.

WHAT THEY DO: Artificial intelligence WHY WE’RE WATCHING: Veritone has created a

Bonsai

platform that provides access to its cognitive engines, for such things as face and object recognition, natural language understanding and more, in what the company calls an operating system for AI.

that span both virtual and physical worlds, bonsai’s platform makes machine learning libraries easier for developers and enterprises to manage.

WHAT THEY DO: API management WHY WE’RE WATCHING: More than 3 million

WHAT THEY DO: Network visibility WHY WE’RE WATCHING: This cybersecurity startup

Postdot Technologies

developers are using the company’s Postman API development environment to create, test, document and share APIs.

WHAT THEY DO: AI development platform WHY WE’RE WATCHING: For business operations

Corelight

has created a network visibility solution that gives information security professionals insight into what’s happening. Its founders created the Bro open-source framework and still drive its development.

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:39 PM Page 10

SDT04 page 11,12.qxp_Layout 1 9/15/17 4:45 PM Page 11

www.sdtimes.com

October 2017

SD Times

How to prepare for the General Data Protection Regulation As the GDPR prepares for its official introduction, companies need to assess whether they are ready enough and in compliance with the regulations BY MADISON MOORE

Coming into force on May 25, 2018 is the long-awaited European General Data Protection Regulation (GDPR), which will change how businesses handle data on their customers and employees. In this ever-evolving world of data privacy, it’s important for companies to not only gain a strong understanding of GDPR, but understand where their data is located and what steps need to be taken to safeguard and protect that data.

What is GDPR? The EU GDPR is the most important change in data privacy regulations in 20 years, since it replaces the Data Protection Directive 95/46/EC, which was put in place in 1995 for individuals with regard to the processing of personal data and on the free movement of data. The EU GDPR is designed to enhance data privacy laws across Europe, changing the way organizations approach citizen’s data privacy. According to Dimitri Sirota, CEO of data protection and privacy company BigID, the GDPR is extremely specific

and there are about 99 ways for companies to get in trouble or “miss the mark” if they are not compliant. Penalties for organizations in breach of GDPR is up to 4 percent of annual global turnover or €20 million, whichever is greater. This is the maximum fine for noncompliance, and it’s imposed for the most serious infringements, such as not having sufficient customer consent to process data or violating the core of Privacy by Design concepts, according to eugdpr.org. As an example, the GDPR requires that every individual, European resident or citizen in the world, has a legal right to their data. They can request all of their data from any company, and that company needs to provide the data within 30 days, said Sirota. It also allows any individual to request their data to be deleted from an organization. Jean-Michel Franco, director of data governance products at big data integration company Talend, said that GDPR also mandates organizations warn their people about data leaks — and they have 72 hours to do so. Simply put, the GDPR is all about data privacy and protection, and com-

panies need to figure out what the GDPR means specifically for their business, added Sirota.

Are organizations prepared for GDPR? The broadened privacy rights and fines for noncompliance are just part of the changes that come with GDPR, yet many companies have no idea what is coming their way, according to an IDC Research survey conducted in May 2017. The survey found that a quarter of the 700 surveyed European companies admitted they were not aware of GDPR and more than half (52 percent) are unsure of the impact it will have. Since there are 99 articles to GDPR, Sirota said some enterprises tend to focus on specific elements of the mandate, while others are becoming more ambitious and digging into all of the requirements. “Organizations want to be able to take control of their data, and account for their data,” said Sirota. “There is no other way to be accountable to your customers unless you can know what data continued on page 12 >

SDT04 page 11,12.qxp_Layout 1 9/15/17 4:45 PM Page 12

SD Times

October 2017

www.sdtimes.com

Atlassian announces Trello-Bitbucket Integration

How to prepare for the GDPR < continued from page 11

you collect on that individual, [so] more ambitious companies are [realizing] that they need visibility into the data.”

BY DAVID RUBINSTEIN

Atlassian has announced new products and integrations for its portfolio of developer tools at its Summit conference, including a Trello integration with Bitbucket. Trello, a project management and collaboration tool, is now built right into the UI of Bitbucket, Atlassian’s Git source code management software. “Development is growing beyond engineers, to marketing and product managers. They work in Trello boards,” said Rahul Chhabria, product manager for enterprise cloud at Atlassian. “We wanted to marry the two” to give teams one place to work, and to spread Agile processes beyond the development team. Atlassian also announced a new Identity Manager for the cloud, with SAML 2.0 support for single sign-on, enforced two-factor authentication, password policies and priority cloud support. “We have 70 percent of our new customers already using cloud products,” Chhabria said. “We’re simplifying the log-in and having industry-standard security is key to keeping our customers successful.” The support, which Chhabria said requires Atlassian to respond within an hour of a request, “mimics how [customers] would run their own instances.” A collaboration with Microsoft has enabled Atlassian to announce today Jira Software Data Center now supports the Microsoft Azure cloud; it already has support for Amazon Web Services. The Data Center offers uninterrupted access to Jira software from the cloud. “The focus is to provide deployment flexibility,” according to Junie Dinda, product marketing lead for server products at Atlassian. “Companies are moving their apps out of their own data centers to hosting providers.” A Jira Software Data Center template is now available in the Azure marketplace, Dinda said, and it can also be used in a private cloud. z

How can organizations get ready for GDPR? To start, the regulation mandates that if you have significant data, you need to elect a data protection officer. However, if it is a large organization, one person should not be responsible for everything done with private data within the company, so it’s a matter of delegating the authority to the right people, according to Franco. ComputerWorld UK writes that there should be two roles dedicated to data protection: an individual to act as a contact point for the data protection authority and data subjects, and a data protection officer who will make sure processing operations are compliant. IBM also developed a five-step approach for GDPR, which breaks down into separate steps: assess the GDPR readiness, design an implementation plan, transform the organization wherever enhancements are needed, operate along a framework designed to ensure compliance, and conform on an ongoing basis to GDPR standards. From a security perspective, Sirota said technology today doesn’t focus on the data. Most of the security technology today is focused on the endpoints, the application, the server and the network, he said. “What I think companies are realizing, is if they want to protect that particular asset, you need to have some safeguards around that asset,” said Sirota. He thinks that this is the next phase for companies as GDPR approaches. “Protecting the network is not the same as protecting the data, and the fact that this regulation and this huge penalty is a shadow, [it’s] forcing companies to rethink about how they track, account, manage the data they collect on their customers and employees,” said Sirota.

What technology exists for companies to utilize as they prepare for GDPR compliance? Since this is one of the more dramatic regulations in history, said Sirota, we should expect to see a wave of new technologies specifically geared toward the better management and protection of identity data. There is software and technology available today that can help, like privacy impact assessment tools. There is technology geared towards the discovery, protection and governance of identity data. These tools can give companies the ability to dig deeper, focus the microscope on data and give their business the intelligence they need to see how the data is getting used, and then take action around that data to derisk it, said Sirota. “Privacy is all about confidentiality and being able to assure individuals that their data is not being misused,” said Sirota. “But again, you can’t do any type of assurance unless you know where their data is, so the privacy concerns that companies have are clearly about data, data loss and data misuse.” Additionally, it’s important to address key requirements around data inventory and portability, which is why both Talend and MapR technologies are working together to create a new governed data lake solution to help businesses accelerate their GDPR readiness, according to Franco. He said that about 50 percent of companies affected by the GDPR will not be in full compliance by the end of 2018, which is why the new data lake solution is capable of meeting the GDPR’s data storage, inventory, protection, retention, and security requirements. While it’s not the only way to regulate and protect data, Franco said that Talend believes it’s a way to centralize the process and it lets companies discover how the data is being captured, shared and managed. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:39 PM Page 13

SDT04 page 14,15.qxp_Layout 1 9/15/17 4:44 PM Page 14

SD Times

October 2017

www.sdtimes.com

Transforming the experience of Kristel Kruustük found that her time wasn’t valued on other crowdsourced BY MADISON MOORE

As an avid tester, Kristel Kruustük found that many crowdsourcing test platforms didn’t incentivize testers to dig deep into products for the real issues. What’s worse is there was no teamwork or collaboration between other testers. Testers didn’t care about the products, it was all a competition, and they weren’t producing quality results. That’s why the Estonia native set off to create her own QA management platform. Testlio, a platform where testers can collaborate with each other and have their work appreciated, launched in 2013. With over 650 million users monthly, Kruustük said she wants Testlio to be the place when “you think about testing.” Kruustük said Testlio is really built with three key aspects in mind. The first is the payout model – testers are paid by the hour, so their time spent testing and looking for bugs is valued. The second aspect is that the platform is built to help other testers communicate and share ideas, and they are incentivized to reproduce issues and learn from issues reported by other testers. The third aspect was to build a platform that helps testers become better at testing. “We are pulling in reviews from app stores to get an understanding of what the end users think, so the testers will not just sit in their corner from a tester’s perspective, but they will see how end users think and [learn] what their real pain points are,” said Kruustük. As a young startup, Testlio is on the path to continue its momentum, working with customers like Microsoft, Lyft, Salesforce, Strava, NBA, and Hotels.com. Testlio has over 200 verified testers covering 40 countries, and the testers have 2,500 devices in hand, covering 65 languages as well, according to Kruustük. In addition to having a female founder and CEO, Testlio also focuses on diversity, with half of its employees

Estonia-born female entrepreneur makes QA magic happen with startup Testlio.

being women and minorities, and almost half of the leadership roles filled by women. Yet Testlio started out as just a simple hackathon idea from a woman who fell in love with testing.

From one small village to ‘The City’ Kruustük grew up in a tiny village in Estonia, and when it came time to settle down with a career path, she didn’t have any idea what she wanted to do with her life. All of her friends were getting started with tech careers, so she decided a reasonable thing to do would be to apply to the Estonian Information Technology College and study programming and IT systems. Friends recommended she consider testing as a job, and she found that it was something she enjoyed, requiring her to wear a lot of different hats, communicate with stakeholders and end users, and make sure everyone was hav-

ing a good user experience. As much as she loved testing, she found that not everyone felt the same way. She couldn’t avoid the “myths of testing” floating around the industry, like QA or testing is an entry-level job on the road to something better. Kruustük knew she had to try something different. “I really started sharing these concerns [with testing] with Marko Kruustük, my boyfriend at the time, and then I saw on EventBrite that there was a global hackathon series in London,” said Kruustük. “At that point, Marko had other ideas for the competition but after months of brainstorming and seeing my frustrations and passions for testing, he said ‘Okay I’m just coming with you.’ ” Out of about 64 ideas, Kruustük’s idea was one of the winners. However, the top winners of the hackathon received invitations to go to San Francisco, and Testlio did not make the cut.

SDT04 page 14,15.qxp_Layout 1 9/15/17 4:45 PM Page 15

www.sdtimes.com

QA work testing platforms

That is, until Marko (her now-husband and now COO of Testlio) met the founder of the hackathon in a coworking space, who was excited about their idea and later invited Kruustük and Marko to San Francisco, where they went on to win the hackathon and receive about $25,000 as an investment. Kruustük said this was the start of Testlio, and now, the company has two locations which are rapidly growing, according to Kruustük, with offices in Estonia and San Francisco.

‘QA is not as good as programming’ Besides developing Testlio as a destination for all things test-related, Kruustük really wanted to bust the myth that testing is not as good as being a programmer or a developer. She was fed up with the comments like, “Anyone can find issues in products,” which Kruustük says just isn’t true. “They think the fact that there are so

many types of testing, like for example if you are just a user finding an issue on a product, you are like a user tester,” said Kruustük. “Testers go really in depth and really understand what the root cause of the issue is, like ‘Is this happening to anyone else? Why is it happening and is it really a priority for us to fix it?’ ” Kruustük said there can never be any bug-free products, and companies can have hundreds of issues in the backlog at a given time. It’s a tester’s job to prioritize these issues and then figure out how to prevent issues from happening in those particular areas, she said. Plus, the world needs more mobile app testers, as it continues to be a challenge across the board. According to a World Quality Report 2016-17 by CapGemini, HPE and Sogeti, 46 percent of respondents said they are lacking mobile testing expertise, with another 48 percent saying there aren’t enough processes or methods in place for testing. “[Testing] is really understanding if the issue is happening elsewhere and if we can reproduce the issue and what actually is causing it,” said Kruustük. “Maybe it’s because of WiFi network or because I have too much memory taken

up on my device. There are so many cases, but we have to understand if [an issue] is happening to more users than just one.”

How to be a female entrepreneur in the tech space Kruustük is also showing the testing community what it takes to be a female entrepreneur in the tech world. When Kruustük got started in QA, she said she saw a lot of support from female testers — and there were a lot in that role. She also had support and guidance from peers, but never personally experienced diversity issues in the QA space. She did find that at conferences,

October 2017

SD Times

most of the keynotes were men, which could be discouraging to women looking for diversity in thought leaders. Kruustük said this changed quickly when women who attended the conferences simply asked the question, “Why is it this way, and how do we bring in diversity?” “Women are raising their voices, which is very good,” said Kruustük. “If you don’t have a diverse conference panel, we will make the noise. There are still younger girls that want to be testers so you want to really build a network and grow support for the community and these people.” In Estonia, Kruustük said women are very supported in the tech space, and there’s even a program called Superheroes Estonia, which targets girls ages 13 to 16 and encourages them to work on projects with guidance from startups in Estonia. Kruustük said it encourages these types of women from meetups and other tech communities to help and coach young girls looking to start a career in tech. “I participate a lot in coaching and mentoring different people around here,” said Kruustük. “When there is someone young reaching out to me, to learn more about what i do, I am always open to share my experiences and hopefully inspire them to do the same.” Women and girls also need to have the confidence and curiosity to just reach out to people in the industry for help, Kruustük said. When she moved to London, she sent out a bunch of emails and calls to just meet up with women in the tech space, and people were welcoming and open about their own experiences. Her best advice for girls is to “do what you want no matter what.” She has taken this advice from her grandmother, someone who pulled through World War II, who encouraged Kruustük to be successful, and who said, “Never let any force stop you from achieving what you want.” “I don’t care what’s happening out there, if I love something I don’t let outside aspects affect me,” said Kruustük. “That’s my advice, the ‘just do it’ mentality, do it no matter what.” z

NOM2017AD.qxp_Layout 1 7/26/17 12:25 PM Page 1

Subscribe to SD Times News on Monday to get the latest news, news analysis and commentary delivered to your inbox.

• Reports on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data • Insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more • The latest news from the software providers, industry consortia, open source projects and research institutions

Subscribe today to keep up with everything happening in the software development industry.

CLICK HERE TO SUBSCRIBE

PM 2 SDT04 Full Page Ads.qxp_Layout 1 9/18/171 7/6/2017 2:21 PM7:15:19 Page

SDT04 page 16.qxp_Layout 1 9/15/17 2:44 PM Page 16

SD Times

October 2017

www.sdtimes.com

Facebook, IBM, Microsoft lead advances in AI BY DAVID RUBINSTEIN

Artificial intelligence and machine learning are playing larger roles in software, from data consumption and analysis to test automation and user experience. These cognitive services will drive the next wave of technology innovation. And industry heavyweights Facebook, IBM and Microsoft are leading the charge with new investments for innovation. IBM last month announced plans to create an AI research partnership with the Massachusetts Institute of Technology to unlock AI’s potential by advancing hardware, software and algorithms around deep learning, the company said in the announcement. IBM will make a 10-year, $240 million commitment to the MIT-IBM Watson AI Lab, which will be located in Cambridge, Mass., where IBM has a research lab and where MIT’s campus is located. Dario Gil, IBM Research VP of AI, and Dean Anantha P. Chandrakasan of MIT’s School of Engineering, will co-chair the new lab. The project will draw from the expertise of more than 100 AI scientists and MIT professors and students. “The field of artificial intelligence has experienced incredible growth and progress over the past decade. Yet today’s AI systems, as remarkable as they are, will require new innovations to tackle increasingly difficult realworld problems to improve our work and lives,” said Dr. John Kelly III, IBM

senior vice president, Cognitive Solutions and Research, in a statement. “The extremely broad and deep technical capabilities and talent at MIT and IBM are unmatched, and will lead the field of AI for at least the next decade.” Among the efforts the lab team will pursue are creating AI algorithms that can tackle more complex problems, understanding the physics of AI, how AI applies to vertical industries, and delivering societal and economic benefits through AI. Meanwhile, Microsoft has announced the Open Neural Network Exchange in conjunction with Facebook. Microsoft’s Cognitive Toolkit, along with Caffe2 and PyTorch, will all support the open-source ONNX. According to Microsoft’s announcement, the ONNX representation of neural networks will provide framework interoperability, allowing developers to use their preferred tools while moving between frameworks. ONNX also offers shared optimization, so organizations looking to improve the performance of their neural networks can do so to multiple frameworks at once by simply targeting the ONNX representation. ONNX, the announcement explained, “provides a definition of an extensible computation graph model, as well as definitions of built-in operators and standard data types.” Initially, the project is focused on inferencing capabilities. ONNX code and documentation are

available on GitHub. Digital operations management company PagerDuty is using machine learning and advanced response automation to help businesses orchestrate the correct response to any situation. Among the new capabilities in PagerDuty’s platform are the ability to group related alerts to provide context, the ability to recognize similar incidents with the context of who dealt with the similar issue in the past and what steps were taken to resolve it, the ability to design automated response patterns, and more. “Today’s dynamic digital business climate has exponentially increased both opportunity for growth and downside risks to mitigate. The latest Digital Operations Management capabilities announced — machine learning and automation — tackle the real-time, allthe-time demands of consumers and business, translating complex events and signals into actionable insights, and orchestrating teams across businesses in service or revenue and productivity,” said Jennifer Tejada, CEO of PagerDuty. Lastly, Cloudera has announced the acquisition of Fast Forward Labs, an applied research and advisory services company specializing in machine learning and applied AI. Now known as Cloudera Fast Forward Labs, the company is focused on practical research into data science, and applying that research to broad business problems. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:42 PM Page 17

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:42 PM Page 18

2:26 PM

TRUSTED FOR INTEGRATION LEARN MORE WWW.REDHAT.COM/INTEGRATE

SDT04 page 19.qxp_Layout 1 9/14/17 12:34 PM Page 19

www.sdtimes.com

October 2017

SD Times

INDUSTRY SPOTLIGHT

Enterprise agile coming of age BY LISA MORGAN

Businesses are struggling to stay relevant as the pace of business continues to accelerate and disruptive innovation becomes norm. To compete more effectively, leading companies are pushing Agile practices out from development teams to IT and the organization at large. They’re also integrating internal systems in unprecedented ways to better leverage their software and information assets. “It’s hard to plan anything today because you just don’t know what’s going to happen next. You still have to plan, but you also have to be able to pivot quickly,” said Steven Willmott, senior director and head of API infrastructure. “A lot of our customers are buying infrastructure technology to enable greater organizational agility.” More businesses are trying to achieve Agile integration by making APIs available for internal consumption, adopting containers and enabling distributed integration. “I wouldn’t say all customers are looking at all three of those things in equal measure, but they’re pretty much on everybody’s radar,” said David Codelli, product marketing manager at Red Hat. “In combination, they represent a major shift because they get more people involved in the infrastructure inside the company. More people can contribute, more people can benefit from the work others in the company have done.”

Enabling internal API reuse Historically, companies have used APIs to connect to third-party software. Now organizations are breaking their software down into smaller pieces and exposing the functionality via APIs so others can consume the functionality rather than building it or buying it themselves. Content provided by SD Times and

For example, one airline’s API-first strategy vastly improved the company’s digital profile. Before that, the airline had complicated IT processes that involved a lot interdependencies. To simplify work and enable greater agility, the airline divided its infrastructure teams into smaller teams. “Each of those teams is responsible for certain APIs that are made available to other teams,” said Willmott. “It’s a

great example of organizational change enabled by an API decision.”

Adopting containers Almost all of Red Hat’s large customers are looking at or adopting container technology because they want to accelerate their development processes and make them more encapsulated. The use of containers also enables greater control over processes. Before adopting containers, it took Red Hat customer KeyBank three months to deploy any software change. Now changes are deployed weekly. The company used Red Hat’s OpenShift platform to retool everything based on containers so compliance and old processes would no longer interfere with the bank’s ability to build and deploy applications. “The really interesting thing is that KeyBank was able to bake regulations into the container platform so their engineers can now work in a safer envi-

ronment,” said Willmott. “People have the autonomy to get things done faster without exposing the company to unnecessary risks.”

Improving distributed integration Some organizations still use an enterprise service bus (ESB) as a central point of integration, managed by a single team. That model is becoming less viable now as the software landscape becomes more complex and the amount of data grows. “Mobile apps connect to a lot of backend systems which can get very complicated very quickly,” said Willmott. “The companies able to deliver the most value to their customers are replacing centralized integration with distributed enterprise-wise integration.” Schiphol, Amsterdam’s largest airport used APIs, containers and distributed integration to build an integrated system that extends out to airport service providers and retailers. The new integration layer was built with Red Had Fuse which produces API end points for each of the airport’s datasets. Now, Schiphol is able to make airport-related information available to its airport partners and traveler’s using Schiphol’s mobile app. “Historically, anyone who wanted to use integration to innovate had to go through a bureaucracy and hit an ESB somewhere,” said Codelli. “Agile teams are finally able to get the self-service integration they need.” Other businesses are adopting APIs as an internal architectural component, learning how to implement containers and distributing integration with the goal of competing more effectively. Mastering any one of those endeavors can make an organization more Agile. Mastering all three can be transformational. Learn more at www.redhat.com. z

SDT04 page 20.qxp_Layout 1 9/18/17 9:40 AM Page 20

SD Times

October 2017

www.sdtimes.com

Oracle proposes changes to Java release cycle BY DAVID RUBINSTEIN

Oracle is proposing to move to an every-six-months release cycle for Java SE and the JDK, beginning with the release of Java 9, the company announced today. Java is currently on a less agile, feature-driven release model. The plan would be to have a timebased major release every six months, starting in March 2018, according to a blog post by Mark Reinhold, chief architect of the Java Platform Group at Oracle. Major releases could include any type of new feature; however, he indicated the new feature would not be merged until it’s nearly complete, ensuring that the release in development is featurecomplete at all times. “In this type of model the development process is a continuous pipeline of innovation that’s only loosely couple to the actual release process, which itself has a constant cadence,” Reinhold wrote. “Any particular feature, large or small, is merged only when it’s nearly finished. If a feature misses the current train then that’s unfortunate but it’s not the end of the world, since the next train will already be

waiting and will also leave on schedule.” Reinhold further explained that the main development line will be forked into a release-stabilization branch three months before the GA of the next major release. Update releases will occur every quarter, and a long-term support release will be made every three years, beginning in September 2018. The versions of major releases will be numbered by year and month, so the release next March will be 18.3 and September’s will be 18.9, he explained. Reinhold acknowledged the change in release cycles will necessitate changes in how the OpenJDK community works, and he called for a reduction in the overhead of the Java Community Process. In an email to OpenJDK contributors, Reinhold proposed two long-running JDK projects — one for releases, and one for updates. To facilitate these changes, Reinhold

Oracle turns over Java EE to Eclipse Foundation Making good on its intention to make Java EE more open, Oracle has selected the Eclipse Foundation to be stewards of the enterprise edition of the platform. According to Oracle, moving Java EE technologies to an open-source foundation will enable those working on the specification to adopt more agile processes, implement more flexible licensing, and change the governance process. “The Eclipse Foundation has strong experience and involvement with Java EE and related technologies,” wrote Oracle software evangelist David Delabassee in a blog posted yesterday. “This will help us transition Java EE rapidly, create communityfriendly processes for evolving the platform, and leverage complementary projects such as [Eclipse] MicroProfile. We look forward to this collaboration.” Under the plan, which Oracle said it first approached major Java EE contributors IBM and Red Hat about, the company will relicense its Java EE and related Glassfish technologies to the foundation, and work with the foundation to rebrand Java EE. Existing JSRs can continue to use javax package names and component specification names for the sake on continuity, Delabassee wrote. Oracle also will use foundation sources to build a compatible Java EE 8 implementation that passes those technology compatibility kits. Oracle will support existing Java EE licensees, including those moving to Java EE 8 when it’s completed, Delabassee wrote. The company will also support WebLogic Server versions and to support Java EE 8 in the next WebLogic Server version. z —David Rubinstein

said Oracle will ship OpenJDK builds under the GPL, so developers can more easily deploy their applications in the cloud. This will begin with the JDK 9 release. Oracle JDK builds will continue to ship and include features such as Java Flight recorder and Mission Control, and Oracle will continue to offer paid support. After JDK 9, Oracle will release those proprietary features to open source. Oracle also will work with OpenJDK contributors to create an open infrastructure for build and test, enabling early access to builds for new features. And, the company is making its build, test and distribution binaries available under the GPL v2+classpath; previously they were only available under a commercial license. The move from feature-based to time-based releases is a response to how people consume technology today — in many short, iterative releases. “Twenty years ago, when Java was originally created, people were used to platforms moving slowly, and it took a long time for people to move onto them when they came out,” Georges Saab, vice president of software development in Oracle’s Java Platform Group, told SD Times. “Today, people want to know they’re running on a platform that’s evolving and responding to new challenges they need help on.” Innovation has happened more quickly in Java than it appears. Saab said, “With both [JDK] 8 and 9, we had major features we wanted to get right, but the flip side is that other innovations within those releases were help up. They were ready for 9, some for more than a year, but couldn’t be released until [modularity Project] Jigsaw was done.” Jigsaw, Saab explained, provides the JDK with encapsulation, which can help developers ensure changes made to the code are forward-compatible, and that is what Oracle saw as the driver to accelerated release cycles. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:42 PM Page 21

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:43 PM Page 22

Data Quality Made Easy. Your Data, Your Way. NAME

@ Melissa provides the full spectrum of data

Our data quality solutions are available

quality to ensure you have data you can trust.

on-premises and in the Cloud – fast, easy

We profile, standardize, verify, match and enrich global People Data – name, address,

to use, and powerful developer tools, integrations and plugins for the Microsoft and Oracle Product Ecosystems.

email, phone, and more.

Start Your Free Trial www.Melissa.com/sd-times

Melissa Data is now Melissa. See What’s New at www.Melissa.com

1-800-MELISSA

SDT04 page 23.qxp_Layout 1 9/15/17 4:52 PM Page 23

www.sdtimes.com

October 2017

SD Times

With holidays approaching, protect your data and your customers BY DANIELLE JACKSON

During the holiday season, the risk of online fraudulent activity is rife. The increase of online transactions provides more opportunities for cybercriminals to attack. Here are some preventative measures online shoppers can take to stay safe this holiday season: Be cautious of fake websites — There are countless sites that pose as legitimate websites selling trusted brands. Look carefully at domain names, grammar, misspellings and lowresolution images. If it looks unusual, it probably is. Don’t be fooled by phishing emails — Ever receive suspicious emails asking for personal information or promising great discounts? Never open them without doing a basic authenticity check. If it seems too good to be true, it probably is. Be wary of public Wi-Fi — Cybercriminals can easily hack individuals’ information from public Wi-Fi networks. Avoid inputting financial or sensitive personal information when connected to a public hotspot. Wait until you’re at home or on a trusted network. Strengthen passwords – Usernames and passwords are often the only secuDanielle Jackson is Chief Information Security Officer at SecureAuth.

rity measures used to prevent your account being compromised. Make sure you have strong passwords that use numbers and symbols, and never use the same password across multiple sites or accounts. Enable two-factor authentication — More and more services are offering, at a minimum, two-factor authentication. Make this a requirement when signing up for new sites and services. What if it’s too late and you believe your credentials have already been compromised? Here are some practical reactive solutions: Change your passwords — If you still have access to your account but are seeing suspicious behavior, change your passwords immediately. If you no longer have access to the account, you can attempt to use the password reset functionality of the affected services. But remember that password reset functions often rely on sending you an email with reset instructions; if your email is compromised, this may well expose more services to the attacker. Review your credit report — If you have reason to believe that your identity (full name, address, date of birth, Social Security number, etc.) may have been compromised, pull a credit report — it will show any new financial

accounts opened in your name and any inquiries performed against your credit recently. Consider freezing your credit — If you do see new accounts and new inquiries you did not authorize against your credit report, it is in your best interest to freeze your credit. Note: this will not affect your credit score. Report the theft at IdentityTheft.gov — You’re not alone in the world of stolen credentials and identity theft. The federal government has set up a site (IdentityTheft.gov) to help victims of identity theft. They give you a step-by-step process to follow and an affidavit to fill out to swear that someone has stolen your identity. File a police report — Contact your local police department’s nonemergency number and tell them the details of the situation. This police report is extremely important for getting accounts that you did not sign up for removed from your credit and removing your financial responsibility for those accounts. Contact any creditors for unauthorized accounts — If new credit accounts were opened under your identity, contact the creditors and provide them with a copy of the police report. Typically, once the creditor has the police report, they will remove the account from your credit. z

SDT04 page 24.qxp_WirelessDC Ad.qxd 9/15/17 1:12 PM Page 1

DON’T MISS A SINGLE ISSUE! Renew your FREE subscription to SD Times!

Take a moment to visit sdtimes.com. Subscribing today means you won’t miss in-depth features on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data. SD Times offers insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more. Find the latest news from the software providers, industry consortia, open source projects and research institutions. Available in two formats — print or e-mail with a link to download the PDF. Subscribe today to keep up with everything happening in the software development industry!

SDT04 page 25.qxp_Layout 1 9/15/17 4:44 PM Page 25

www.sdtimes.com

October 2017

SD Times

DEVOPS WATCH

How to formalize customer research for continuous delivery in the enterprise BY MADISON MOORE

In the user experience research space, teams learn how to work in an Agile flow, how to collaborate “across the wall,” and how to stay a cycle ahead of the development teams to ensure they are creating the best possible experience for users. But what happens when the team moves to continuous delivery? In CD, everything is changing fast, so it may seem like there isn’t time to conduct a formal research study. Lauren Stern, user research lead at XebiaLabs, shared some tips for how to keep a little science in the pipeline by leveraging the continuous updates that make CD unique, rather than working against it.

Specific tips for teams to get started Involve the whole team: research doesn’t have to be handled by a research or a UX team in a silo. Bring in stakeholders, developers, and other organization members to participate in the research process. This builds a better understanding of your users and ultimately supports buy-in for feature designs. Set expectations for decisionmaking: when you’re working on a

In other DevOps news… n DevOps specialists IT Revolution announced a series of four new books to be released from their publishing division over the next few months.“The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations,” by IT Revolution authors Gene Kim, John Willis, Patrick Debois and Jez Humble and “A Seat at the Table: IT Leadership in the Age of Agility” by Mark Schwartz will be available in October. The third edition of “The Phoenix Project: A Novel About IT, DevOps, and Helping

research effort, make it clear what’s ongoing, what’s an open question, what findings you have so far, and what the plan is. Provide guidance on trends you’ve found that teams can act on, and where they should hold off if they can. Prioritize changes based on what you’re seeing, and make that visible to the rest of the team. Develop a continuous research pipeline: there is always more to learn about your users, so keep a list of questions (a research backlog of sorts) that you want to answer on hand for any opportunity. Treat research as something to be continuously improved, where you can always ask questions and update your data, rather than a single study that must be done start to finish while everything else is on hold. This framing means more research will happen, and you’ll have an evidence-based foundation on which to grow new features. Diversify your methods: not all research is usability testing, and not all research even needs to be tied to a specific feature. Grow your domain knowledge base by including foundational research (which is conveniently well suited to occurring as a background, continuous effort).

Your Business Win,” by Kevin Behr, George Spafford and Gene Kim will arrive in January 2018. IT Revolution hasn’t announced the release date for “Making Work Visible: Exposing Time Theft to Optimize Work and Flow” by Dominica DeGrandis, but all are available for preorder at Amazon and Barnes and Noble. n In order to automate data collection from the entire DevOps toolchain, Electric Cloud introduced ElectricFlow 8.0 with new DevOps Insight Analytics. This new solution provides teams with automated data col-

Prioritize, divide, and iterate: just like dev teams break up features into tasks to complete and deliver, you can frequently break research up into different stages that accompany each style of change. The scientific method is your friend: think about your research as experiments. Your control group is first, and then match an “experimental” group to each updated version of the product. A new group starts when the updates are live. Leverage your assets: it isn’t always feasible to grab real customers for small questions during iteration, but that doesn’t mean you should entirely skip validation. Who else can you reach out to? Who in your organization knows your users (e.g., support teams) and could give you 10 minutes? Track everything: Write a research plan to think through your goals and build common ground on your team and to make using the data you collect easy for everyone. If you can use a professional recruiter, that’s great—but in a lot of domains, you can’t. Build your own network of users so you know who to reach out to when you need them. z

lection and reporting to connect DevOps toolchain metrics and performance. It also provides visibility back into the business value and health or status of software releases. With the ElectricFlow 8.0 release, executives and technical team members have the ability to collect and report on metrics from their myriad of DevOps tools, environments and processes involved, he said. Some of these tools include Jenkins, JIRA, HP ALM, and ServiceNow, which all provide visibility into the entire software development lifecycle. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:43 PM Page 26

SDT04 page 27.qxp_Layout 1 9/15/17 2:47 PM Page 27

TESTING SHOWCASE

Testing Showcase BY DAVID RUBINSTEIN ontinuous testing. Automated testing. Artificial intelligence. Service virtualization. Test-driven development. These are among the many technologies available to organizations looking to bring their testing up to the speed of software development. Ensuring quality can no longer be the drag on software deployment if businesses want to stay competitive and be able to take advantage of changes in their markets. How do organizations decide which path to take? Are they trying to test during sprints? Are they struggling to ensure the services their applications rely on won’t break them? Are they convinced that manual testing is the only way to

be certain the software meets their level of quality? How much risk are they willing to accept from deploying apps that they didn’t have covered 100 percent by tests? The SD Times Testing Showcase has been put together to give our readers a look at the many offerings on the market to help them address their testing challenges and align their testing with the rhythms of their software development life cycle. So no matter which direction you’re heading with your testing — standing pat is not an option — we’re sure you’ll find something from the following providers to help you to your future of testing. 3

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:44 PM Page 28

SDT04 page 29.qxp_Layout 1 9/18/17 12:07 PM Page 29

TESTING SHOWCASE

Manage All Mobile Devices From a Single Test Lab

he enterprise mobile testing industry has long been challenged with making mobile testing as agile, as flexible, as DevOps-ready as testing for the web and desktop is. The challenge that exists particularly in mobile is gaining access to testing and development resources, meaning devices themselves, and virtualization of those devices so they can be inserted into technology processes, versus just using the physical devices by hand and plugging them into a computer.

Test Barriers Busted Teams of testers no longer have to be in the same physical location of the devices. Mobile Labs, Inc. has developed deviceConnect that knocks down this major barrier. Dan McFall, president of Mobile Labs, points out, “If you have an offshore strategy but your devices reside in a different office for security or network reasons, we solve that challenge and we open the device up as a platform for a variety of DevOps processes including automated testing. We make building and running scripts against mobile applications, as well as storing and managing those test case results, possible, which accelerates mobile testing.” Mobile Labs has always been focused on enterprise software. McFall says, “We’ve seen success because of the secure nature of our cloud products in the enterprise and in two vertical markets; namely the financial services and insurance vertical markets.” Recently, the company has seen an uptick in interest from the media/entertainment and technology markets. Mobile Labs deviceConnect is available as an on-premises appliance, housed in a mobile cart, that creates a private mobile device cloud capable of managing all of an enterprise’s mobile testing assets in its own test lab. The patent-pending technology is highly secure because implementation occurs inside your enterprise’s corporate infrastructure, behind the firewall. deviceConnect is easy to install, manage and can be maintained remotely. The solution consists of a server running the deviceConnect software,

and a configurable rack that you connect several mobile devices to. Another option is going the deviceConnect hosted cloud route. “Technically there are no differences between the two products. It becomes a logistical difference. Everything we do in both instances are set up as dedicated environments,” McFall says. “The on-premises is set up with a database and the hosted environment uses a completely dedicated infrastructure so it’s all segmented.” The hosted cloud option provides customers with services managed by the Mobile Labs team of experts. Tasks like updating device OS levels and hardware management and updates are taken care of. For the on-premises option, Mobile Labs does things like customer-support

Mobile Labs recognizes this and has been at the forefront of automation tool development since the company’s inception. McFall emphasizes, “MobileLabs has always taken a platform approach to automation. Devices are open to a variety of platforms. We want our customers to be able to move from manual to automated testing and to be able to make a sound strategy recommendation to them.” “When we started Mobile Labs, the market leader in web and desktop testing was HP. It did not have a mobile component and was not capable of mobile automation so we wrote an add-in for it," notes McFall. Mobile Labs Trust, a certified add-in to HP’s Unified Functional Test (UFT), is an automated mobile app testing solution that tests automation frame-

“We make building and running scripts against mobile applications, as well as storing and managing those test case results, possible, which accelerates mobile testing.” —Dan McFall and check-up, but the onus rests with the customer for device OS and hardware upgrades.

Integrate, Automate Integration flexibility and choice is an important aspect of any enterprise solution. Mobile Labs deviceConnect integrates with platforms like Jenkins and Appium so you can move mobile apps from the build system to the right real devices for testing, and eliminate having to manually install when they are ready. You can use deviceConnect’s commandline capability and RESTful API to script automated customizations for automated builds. In other words, new versions are instantly available for manual testing or continuous automated test, and you can retain older versions if you choose. Automating the mobile test process is crucial to ridding the enterprise test lab of the existing chaos and confusion.

works on most mobile platforms and operating systems (OS’s). Mobile Labs still supports it and recently wrote a significant update for it. The Appium open-source project is becoming a market leader for mobile automation and Mobile Labs is committed to supporting the hundreds of customers who rely on it. According to McFall, “It does automation well but what it does not do well is device management, concurrent test runs, and it’s not easy to set up a server. We’ve taken over some degree of ownership and made it easier for companies to have an Appium strategy by embedding an Appium server on deviceConnect, and we’re continually adding more tools to it to make it easier for the enterprise.” “Bottom line? We make it possible to accelerate our customer’s mobile testing by allowing for automation with a wide variety of automation strategies,” says McFall. 3

SDT04 page 30.qxp_Layout 1 9/18/17 10:53 AM Page 30

TESTING SHOWCASE

Expanding The Reach of Automation

o meet the requirements of digital transformation, organizations need to apply Agile methodologies and increase automated testing coverage to deliver “quality at speed” change. In the sense that digital transformation and the need to deliver new products and services poses a “risk versus quality” dilemma for organizations, the move to delivering continuous change requires this forward shift in testing methodologies. Panaya Ltd.’s test tools are designed to accelerate functional testing across all the test cycles with a high level of automated testing. Organizations are faced with challenges when it comes to testing from a business process view. Rafi Kretchmer, VP of marketing at Panaya, explains. “The overall test cycle can be divided into three steps: how I plan my tests, what’s happening during execution of the tests, and what do I do as part of the evaluation,” he said. “One of the key challenges is that traditional testing methodologies run these three stages of the process but do so at the task level, so I need to make sure that Task A is now being performed. Whereas, from a business perspective, the business application owners won’t understand what the status of Task A is, but will want to know the status of the full impact of business process change that they are about to introduce to the market. Many of the testing tools today lack this ability.” Testing teams need to scope the actual project’s needs accurately and not run sets of unnecessary tests. That’s more easily said than done. The reason this can happen is because in the project planning phase they don’t have the visibility to accurately scope the impacts of the change on the environment so they take a cautious approach and test more than needed. “This means of course that they lack efficiency. If you test more than needed, it delays project delivery and wastes resources,” says Kretchmer. Another challenge testing teams face is cooperation across teams. Kretchmer points out, “This is very important in today’s IT world. IT needs to change from being a support-oriented role to being business enablers. This interaction between IT and business owners becomes critical as IT and business converge.”

Because business owners are taking a more functional part in the overall test and change delivery processes they need to have the right tools in place. However, most existing test tools were designed for technical testers. Business people find them difficult to operate, maintain, and access test results they can understand.

The State Of Automation Most organizations are exploring test automation to increase efficiency and accelerate testing cycles. While there’s much buzz, the actual number of early adopters is low. Currently functional test automation is focused on regression testing. It’s much more prevalent in performance and load testing. Kretchmer paints a picture of why automation is at the stage it is. “Businesses today only automate 5 to 10 percent of their test cases,” he said.

on the website show quick onboarding of both technical and business users. Visibility and risk analysis ranks second on its key capabilities list, according to Kretchmer. “Based on code analysis, we’re able to predict what the impacted areas of a specific change will be.” This functionality gives testers the flexibility to determine which tests need to be run and which are unnecessary. Based on machine learning, PTC uses autonomous testing to eliminate manually engineered test cases. It mirrors the production network using low footprint agents on the production systems that record in real time to automatically generate test cases. It’s no longer necessary to personally interview people to understand the business — the knowledge capture process — which is costly and time-consuming. Enabling collaboration between the

“Businesses today only automate 5 to 10 percent of their test cases. This is staggeringly low.” —Rafi Kretchmer

“This is staggeringly low. The reason is it’s expensive to automate everything and not everything can be automated. For example, new functionality cannot be automated because it’s never been tested before.”

Making A Difference Panaya Test Center differentiates itself from its competitors because its approach to testing is unique. It takes a business process-centric approach across the testing lifecycle of planning, execution, validation to ensure sequencing, workflow, alignment, collaboration and visibility between the business and IT. The result is that it’s more user-friendly to business stakeholders throughout the testing cycle. Kretchmer says that the first key capability testers notice is ease of use. “Out of over three hundred customers who are using PTC in production, we have yet to have a customer who wasn’t up and running in less than a day. Some of them in less than an hour,” he said. Case studies

various stakeholders is another key feature that Kretchmer highlighted. “Whenever a user finishes their test, an automatic message will be sent to the next stakeholder to continue the test cycle. If there is a defect, users can report and share them with the various relevant stakeholders.”

On The Roadmap Panaya is working on what it calls a “twophase approach” to automation that will roll out toward the end of 2017 or early in 2018. The purpose of this is to increase automation coverage from 10 percent to 10 or 30 percent. “We start with attended automation based on manual testing for the first phase and record those,” Kretchmer said. “Then, using machine learning technology, we categorize and create automated tests as the second phase.” Panaya is working on bringing the world of Agile technologies to the enterprise because, as Kretchmer points out, “Testing is no longer an afterthought.” 3

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:44 PM Page 31

QUE SERA SERA (Said no test professional ever)

We know you can’t take reckless risks; that you are expected to work swiftly and deliver quality software, while staying safe. That’s why Panaya R΍HUV VROXWLRQV WR KHOS \RX LQWURGXFH FKDQJH IDVW DQG ULVN IUHH Experience Smart Testing

www.panaya.com

SDT04 page 32.qxp_Layout 1 9/18/17 12:26 PM Page 1

AI-Driven Test Automation Platform Appvance launches the ďŹ rst

AIDT is a breakthrough in software development lifecycle productivity n AIDT scripts are automatically generated

1000X faster than traditional legacy scripting n AIDT creates thousands of valid tests in only a few

seconds, then executes and provides immediate results n AIDT models real user actions, improves code coverage,

reduces QA time by 90%+, drives agile and devops n AIDT machine learning eliminates false positives, and improves speed, reusability, and software quality

ArtiďŹ cial Intelligence-Driven Testing (AIDT) is real and it is available today! Learn more at www.appvance.ai

Download the free in-depth ebook at www.appvance.com/ai/ebook

SDT04 page 33.qxp_Layout 1 9/15/17 2:43 PM Page 33

TESTING SHOWCASE

With Appvance It’s AI All The Time

anual testing is still the biggest part of the application testing industry, even though functional test automation has been around for over 25 years. Overviews from IDC to Gartner support this, showing that roughly 85-90 percent of QA testing globally is still manual. “This would seem to be a disappointment, and the reason is the automation we’ve had isn’t true automation. What it’s been to date, is trying to capture what a business analyst says the application should do. It gets written out in a spreadsheet and handed to QA who usually codes it out for an API, UX, or HTTP level test. The scripts are typically handled by multiple testers who rewrite and de-bug them. After all this creation and maintenance, you might finally be able to run them,” says Kevin Surace, CEO of Appvance, as he describes the testing predicament. “Then when you run them you say, ‘This is great, I’ve got three hundred scripts, I’ve got 30 percent code coverage.’ Then there’s a new build and all the scripts are broken. You’re back where you started.” In this scenario, the amount of resources it takes to automate almost rivals the amount of resources to do it manually. In many cases, it’s faster to just do it manually. The downside to manual testing is that it can result in a significant percentage of “false positives.” Surace describes quality testing as unit, functional, regression, performance, load, smoke, and security testing, and thinks false positives happen because testers and QA believe they followed what the analysts wrote. But of course, they didn’t. The result is a fair amount of human error. It’s painful. It’s time-consuming, and it’s expensive considering roughly 35 percent of an enterprise IT budget is spent on it, according to Capgemini. Ninety percent of that 35 percent is spent on script creation and maintenance, which is human time.

Enter AI Artificial Intelligence is defined as the capability of a machine to imitate intelligent human behavior. How one gets there is the fodder of many conversations but it’s less important than the result. There’s been much discussion with people looking at applying AI to analysis of failures and better image recognition of objects, but none of those activities take up 90 percent of the team’s time. In order for AI to be of significant value it has to be applied to reducing

human time. “It’s a fundamental tool of what you first do in AI,” points out Surace. Appvance’s approach to AI has thus been to figure out what humans do and dramatically augment that with AI because that’s where the money is. Surace says, “If we say that the pain point of QA is cost, time, and userlevel accuracy, the only way to impact these is to address the elephant in the room, and that is the 90 percent, and that is what we have done.”

AI-Driven Test Automation Is Here Silicon Valley-based Appvance was founded in 2012. Its Unified Test Platform (UTP) combines multiple test types with a unique write-once methodology. UTP has been out for about a year and the new AI capabilities were launched in September. It took a pragmatic approach to AI technology, including

then learn from the data, then utilize that knowledge to create new tests. And of course, repurpose those use cases into various test types. It is truly a Big Data problem.” Appvance can ingest server logs as one source, or breadcrumbs, to learn about usage of users on production systems and analysts on QA servers. All servers have production logs that are often ignored but very useful to understand usage patterns en masse. UTP also uses server log data to understand expected results based on prior results. The technology uses several methods to better understand how an application works, how to form requests and expected responses. These methods may include a tester clicking through the application one time for each build. This generates the Master Key File. Another more sophisticated method uses algorithms to do the same. UTP needs

“The result of these innovations is an AI-based test automation platform that can create thousands of working scripts and achieve high test coverage with minimal input.” —Kevin Surace Big Data analysis, expert systems and machine learning in UTP. Logically, the team reasoned that for automatically generated tests to be impactful, it had to consider what data would be required. At the very least, these 7 areas had to be addressed: 1) Knowledge of how users are using (ideally) or will use an application (user analytics) 2) Expected results and/or responses (how do we know a pass versus a fail?) 3) How does the application function and what is its purpose? 4) How does one form requests that will not be rejected by the server, even if the server is now a different server (for instance the QA server instead of the production server?) 5) What data is required for valid forms (such as credentials)? 6) How can one create correlations to take server responses and place them back into future requests (such as session ID’s)? 7) How does one handle changes in a new build versus the old build? Surace admits, “The problem was not a simple one. One must have sources for, or the technology to create, all of this data,

valid test data provided by the test team or a connected database. Provided the data is in the right place, the system can make use of it. To resolve correlation, the system automatically creates errors on hidden runs then searches for matching substitutes that will pass. Automatic correlation is necessary to send accepted requests to the server on subsequent runs. “The machine learning algorithms take in all this data, and generate thousands of valid test scripts (essentially executable code) in a matter of seconds that can be run and analyzed immediately. This can free up manual testers as well as QA professionals or developers to focus on other less mundane tasks than writing scripts. These scripts better represent what users do and can provide nearly 100% code coverage, in seconds rather than weeks” said Surace. The AI technology has been in beta use under NDA by several large companies since June. Surace says, “If there’s ever been a complete breakthrough in software QA in my career, this is it. It’s the first blush of how AI is going to impact coding and testing going forward.” 3

SDT04 page 34.qxp_Layout 1 9/15/17 10:07 AM Page 34

TESTING SHOWCASE

Building Application Security In From Start To Finish

uilding end-to-end security into the software development process from the requirements phase through code delivery to production, is easier said than done. Often companies only run a few security tests and activities. That’s no longer good enough. In today’s environment it’s necessary to use multiple techniques to scour the entire software development lifecycle (SDLC) from design, development, deployment, upgrade, or maintenance for security vulnerabilities. Meera Subbarao, Senior Principal Consultant, Synopsys Software Integrity Group, calls this requirement “continuous security” and illustrates it: “We help them with all three aspects of the pipeline; people, process and technology, by providing tools and technologies to use in order to build

kicks in, where we have tools like Coverity which you can configure to run as soon as the developer checks in the code, or on a nightly or weekly basis. It’s a static analysis testing tool that scans the code for quality and security issues then notifies the developer and the team.” Provided there are no issues, the code moves forward to the next phase, building artifacts, which is where Synopsys Protecode is a software composition analysis tool. It checks the code for commonly known vulnerabilities and exposures (CVE). It runs through all of the free, open-source software you’re using, inspecting it for cybersecurity vulnerabilities as well as issues like licensing permissions, restrictions, and copy-less licenses. Subbarao notes, “When you use any free or open

“Just by saying, ‘I have the development team, the operations team and the security team working together,” is not just dev-sec-ops.” —Meera Subbarao secure software.” Subbarao, who was with Cigital prior to Synopsys acquiring the company in October 2016, describes this process as moving to the left. “So, the more tools you give to developers that they can run early when they are writing code, the easier it is for them to find the issues early.” Several verticals are using Synopsys tools including large financial institutions, all the major cloud providers, and the automotive industry to test and verify their development pipelines.

The Tools Synopsys tools that assist developers while they’re writing code include Secure Assist, that is now going to be integrated with Coverity. Secure Assist is like spell check, it immediately points them to issues and then says, “This is a, sequel injection, for instance, and here is guidance to remedy that. Going further, the developer may see the issue, but choose to ignore it and check the code into their version control anyway. That is when your continuous integration

source tool which has a copy-less license, that it may require the developer to open up the source on the developer’s project. Basically, if you use my open source, then you must open your source. Many companies do not want to open their source code.” Protecode goes through your entire package and your list of dependencies saving heartache and legal actions. The Seeker is an interactive application security test tool that goes through the entire application to find issues. Load and performance testing tools include a fuzz test tool and Defensics. Defensics was used to identify the OpenSSL Heartbleed vulnerability that had gone unnoticed for two years and impacted over a half-million websites. Given the latest trend in continuous integration and continuous delivery (CI/CD) and DevOps, code is routinely being pushed to production a few times a day, and re-running unnecessary tests slows the process to a crawl. Test Advisor is a new addition to Synopsys’ tool suite.

It’s an automated test optimization solution that gives developers the ability to test smarter by prioritizing which tests need to be run due to changes in the code that developers have checked in.

It’s About Security One of the challenges Subbarao sees is that developers and QA don’t recognize and prioritize the security requirements. She reveals, “We actually had a client that was using social security numbers as primary keys in databases. Or another client was using the credit card information, which is really wrong.” Synopsys is helping customers develop and test strong security requirements. Most of the tools are on-premise although the company is moving toward offering cloud versions. Coverity is one of the tools they have a cloud version of. “Until last year, a lot of the clients wanted everything in-house. Now that the trend is towards cloud, most of the tools need to run in the cloud, so Synopsys is looking to have all of the tools cloud-available in the road map,” says Subbarao. Synopsys differentiates its products based on delivering fewer “false positives” and comprehensive tool use and remediation guidance and support.

Buzzwords Another concern is the buzzword “DevSecOps” being tossed around. “Just by saying, ‘I have the development team, the operations team and the security team working together,’ is not just devsec-ops,” points out Subbarao. “What the industry needs to acknowledge about dev-sec-ops is that a combination of people, processes, practices must be adopted throughout that delivery pipeline.” This includes continuous integrations, continuous delivery or deployment and then you have to include tools that test end-to-end. Subbarao emphasizes, “Within Synopsys, we say you need to seamlessly connect all the processes, all the tools, all the DevOps, tool chain, and then eliminate all the bottlenecks, the manual steps, and all the errors.” 3

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:44 PM Page 35

4:45 PM

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 12:46 PM Page 36

COMPREHENSIVE TEST AUTOMATION SUPPORT

Perfecting Software

Get a complete software testing solution with test environment support

STATIC & DYNAMIC ANALYSIS

UNIT TESTING

“ The importance of software testing and error prevention has risen dramatically, paralleling the continued escalation of software complexity. Parasoft provides developers with the tools and infrastructure necessary to test early and regularly, ensuring quality throughout the software development lifecycle. Theresa Lanowitz, voke inc.

API, LOAD, PERFORMANCE, & SECURITY TESTING

” SERVICE VIRTUALIZATION

Learn more at parasoft.com

LEARN MORE

SDT04 page 37.qxp_Layout 1 9/15/17 2:42 PM Page 37

TESTING SHOWCASE

Parasoft: Orchestrated Virtualized Testing

fficiently and effectively testing code in an Agile environment has proven to be a challenge that most software developers are woefully ill-equipped to do. After all, Agile is all about constant iterations, and a rapid deployment cycle that leverages the slipstream ideology. With that in mind, it becomes easy to understand why the QA process can be somewhat daunting in the world of Agile. Marc Brown, CMO at Parasoft, said “While Agile does create a challenge for software testing iterations, the simple fact of the matter is that there are testing procedures and technologies that overcome those challenges.” One such technology is virtualization, where a virtual representation of the physical environment can be manifested and used to test

“The answer for properly manifesting a QA test environment means that orchestration as well as virtualization must be used and testers should be creating virtual labs to create the appropriate dependencies and test environments that mimic production systems,” Brown said.

The Power of Service Virtualization To better understand how an application or service acts in the real world, a true analog must be created that can mimic dependencies, data, processes, and loads that would be experienced by a deployed service or application. That is exactly where service virtualization comes into the testing picture. Service virtualization simulates all of the dependencies needed by the application or service under test in

“Service virtualization has become a foundational element for Agile teams and DevOps teams that need continuous testing capabilities.” —Marc Brown software, quickly and repetitively. Brown added, “The same issues that impact agile are also prevalent in the world of IoT, where QA testing has become a must to prevent unsecure products from reaching the market. The same can be said for mission-critical and safetycritical products as well.” Therein lies the real challenge: How can today’s software QA practitioners effectively insert themselves into the development process and prevent buggy and poorly secured code from making it into a shipping product? Brown said, “QA testers have to start viewing themselves as part of the process, and offer demonstrable value to their organizations by establishing themselves as a critical part of the development team.” Once enterprises realize that efficient testing can help them to avoid major issues, such as the breach that impacted Equifax or the spate of ransomware impacting operations, it becomes clear that QA is of the utmost importance.

order to perform full-system testing. This includes all connections and protocols used by the device with realistic responses to communication. For example, service virtualization can simulate an enterprise server back-end that an IoT device communicates with to provide periodic sensor readings. Similarly, virtualization can control the IoT device in a realistic manner. Service and API testing provides a way to drive the device under test in a manner that ensures the services it provides (and APIs provided) are performing flawlessly. What’s more, those tests can be manipulated via the automation platform to perform performance and security tests as needed. Meanwhile, runtime monitoring detects errors in real-time on the device under test and captures important trace information. That trace information can be used to resolve issues that normally do not occur until after an application is actually deployed. Take for example problems related to memory leaks, which normally

remain undetected until a product is finished and deployed under real world loads. The combination of service virtualization, orchestrated testing powered by automation, and the ability to monitor in real time delivers the intelligence that allows problems such as memory leaks to be caught and resolved early and cheaply. Brown said “Unsurprisingly, most defects are introduced into a project at the beginning, even before the first line of code is written. Most bugs are found and fixed during testing, but a good percentage (as much as 20%!) are discovered during operation, after the product has been sold and shipped.”

Building a Virtual Lab Testing normally occurs in a lab environment; however, physical labs can rarely offer the same robustness as a production system. With that in mind, it becomes evident that even in the most sophisticated lab, it’s difficult to scale to a realistic environment. Brown adds “Without service virtualization, none of the above would be possible. However, Parasoft has gone beyond just including service virtualization to making sure it can be deployed in a test environment without too much difficulty.” Brown said “while many organizations are still new to the concepts of service virtualization, service virtualization has become a foundational element for Agile teams and DevOps teams that need continuous testing capabilities.” WIth that in mind, it becomes very clear that organizations do not have to re-invent the wheel to bring service virtualization to fruition. Parasoft has gone to great lengths to build a suite of testing orchestration products that leverages virtualization. The company's Parasoft Virtualize product suite allows testers to access a complete test environment, anytime, anywhere. Parasoft Virtualize, an open automated service virtualization solution, creates, deploys, and manages simulated dev/test environments. It simulates the behavior of dependent applications that are still-evolving, difficult to access, or difficult to configure for development or testing. 3

SDT04 page 38.qxp_Layout 1 9/18/17 11:06 AM Page 38

TESTING SHOWCASE

TechExcel’s TestDev: Game On W

ith Agile development becoming so widely adopted and timelines being shorter in general for all types of development, testing solutions must test more efficiently, understand which areas are higher risk, and step up and deliver in the increasingly complex enterprise testing and production environment. TechExcel’s main customer base is the gaming industry, and it’s begun branching out to the medical device field, as well as other areas that require regulatory compliance. Both fields are seeing explosive growth, harnessing new technologies, going through rapid changes with products, and adding new capabilities and

to having to use other tools or spreadsheets and import data.” DevTest provides control of every aspect of the testing process from test case creation, planning and execution to defect submission and resolution. It manages the complete quality lifecycle because it implements quality testing processes earlier in the development lifecycle. Most test planning begins by identifying product features and creating a list of all features that require testing. It becomes the outline for the testing project. In DevTest, the feature list is architected as a hierarchical tree structure that organizes test cases and represents

“There are aspects of game development and mobile device development in general that we’re excited to explore designing new test interfaces and new testing approaches for.” —Jason Hammon

upgrades at near-warp speed. Jason Hammon, director of product management for TechExcel, is enthusiastic about the company’s focus, saying, “There are aspects of game development and mobile device development in general that we’re excited to explore designing new test interfaces and new testing approaches for.” He adds that their mainstay users are a mix of developers at companies who make either hardware, or software, or a mix of both.

Control the Test Process Hammon describes TechExcel’s DevTest. “Our solution has a lot of functionality built in to it that gives testing teams the ability to do advanced planning, organize tests and track them in a database. It also provides you with advanced recording capability so it’s easy to establish the tests, and it uses queries so you can determine which tests you need to run. It’s easier to update test cases as opposed

the product to be tested. DevTest takes this information and transforms it into a dynamic structure it calls a test library that teams can use to manage their testing project, improve team efficiency, and find bugs. As the team is testing, DevTest is running the numbers in the background for your team, providing built-in, dynamic test analysis without having to open a single

spreadsheet. The result is it increases team productivity with reduced data entry, definable test interfaces, and process automation. It’s important in today’s agile environment that all project stakeholders — management, developers, and testers — have access to the most current control documents so they can communicate with each other whether internally or externally. To address this requirement, TechExcel DevTest places the collection, management, and distribution of information at the core of all development and quality assurance processes. TechExcel knowledge management enables all stakeholders to access, manage, and share information so quality assurance can make better decisions throughout the testing process and use the information collected to implement more efficient and intelligent processes.

Testing at Scale Hammon says that DevTest differentiates itself from competitors because of its scalability. “Some of the newer solutions on the market may be great for a small team but may not scale, either from a number of users standpoint, or data volume, or just process.” DevTest is available as an on-premises or cloud solution. Pricing is tiered according to number of users, making it more affordable as a customer adds more users. The one difference between the two options is that the on-premises version offers a FAT Windows option, and the hosted cloud version does not. TechExcel has just released a new interface that gives testers the option of having a grid-based interface. With this new functionality teams that are doing mobile or multi-platform testing can quickly see the status of all the platforms they’re working on and can also see overall status of an item based on all the platforms. On the horizon, TechExcel will be releasing more new interfaces particularly for small teams that are doing multiplatform testing in the gaming and mobile industries. 3

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:36 PM Page 39

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:38 PM Page 40

The Gartner Magic Quadrant for Software Test Automation is here! Download your copy now!

www.tricentis.com/GartnerSDTimes

Tricentis

Gartner recognizes Tricentis as a Continuous Testing Leader

SDT04 page 41.qxp_Layout 1 9/14/17 12:30 PM Page 41

TESTING SHOWCASE

Tricentis Enables Continuous Testing

gile and DevOps practices make Continuous Testing essential. Yet, software testing is still dominated by legacy tools and outdated processes. Recent studies show that enterprise test automation rates average 20% overall, with Agile adopters at 26% to 30%. Using Tricentis’ innovative functional testing technologies, enterprises can achieve unprecedented test automation rates of 90% or better to keep pace with Agile and DevOps. Tricentis Tosca simplifies end-to-end functional testing by automating tests across all layers of modern enterprise architectures — from the API to web, mobile and custom/packaged app UIs, to BI and data warehouses. It also extends

efficient set of test cases and test data for optimal risk coverage, accelerating test execution, maintenance and debugging. Beyond test automation, Tricentis Tosca enables Continuous Testing to address the increased complexity and pace of modern application development and delivery. Finally, testers can get realtime insight into risk with businessfocused, actionable results.

Achieve Quality at Speed As more businesses use software to create competitive advantages, CI, Continuous Testing and CD have emerged as key catalysts for enabling quality at speed. Of the three, Continuous Testing is the most challenging.

“In most cases, test automation ultimately becomes the responsibility of testing specialists who are not programming specialists. They need a tool that helps them apply their testing expertise.”

Test Continuously As the demand for software increases year over year, leading organizations are responding with faster, more productive means of delivering innovative applications — such as scaling Agile and adopting DevOps. Most invest heavily in transforming Development and Operations in terms of training, tooling and coaching. However, testing is commonly an afterthought until it becomes clear that testing is holding the organization back. QA typically responds by trying to automate more tests using legacy testing tools and processes. However, the scripts need to be maintained, execution time is slow and the tests fail frequently. Tricentis’ approach to solving this dilemma is Continuous Testing — providing realtime insight into risk with business-focused, actionable results. Tricentis Tosca is so effective, Gartner named it a leader in its recent Gartner Magic Quadrant for Software Test Automation. With Tricentis Tosca, enterprises can transform testing to accelerate digital transformation.

—Wolfgang Platz

Simplify Testing existing tests created with Selenium, Soap UI and HP UFT while enabling Continuous Testing within the Continuous Integration/Continuous Delivery (CI/CD) process. Using a single intuitive interface, testers can rapidly define end-to-end tests across multiple technologies, analyze test results and automatically update tests as the application evolves. “Tricentis Tosca enables sustainable test automation for today’s fast-paced development processes,” said Wolfgang Platz, Tricentis founder and CPO. “Our model-based test automation relieves the maintenance burden that undermines test automation initiatives.” When business process– es change, testers can just update the Tricentis Tosca model to automatically synchronize the impacted tests. Additionally, Tricentis’ test case design technology determines the most

While CI is primarily a tool-driven activity and CD is a tool- and team-driven activity, Continuous Testing involves tools, teams, individuals and services. Building and integrating code changes is still important, but if the automated delivery process cannot identify how changes impact business risk or disrupt the end-user experience, then the increased frequency and speed of CI and CD could become more of a liability than an asset. Continuous Testing is the centerpiece of the Agile downstream process — executing automated tests as part of the software delivery pipeline to provide rapid, risk-based feedback. Mastering Continuous Testing is essential for controlling business risk given the increased complexity and pace of modern application delivery.

Legacy testing tools require specialized technical knowledge that prevents enterprises from achieving acceptable test automation rates. Tricentis Tosca provides a business-readable abstraction layer so testers can create and maintain automated tests without dealing with all the low-level technical details. “Developers and other very technical team members commonly launch test automation initiatives. They are comfortable with code and can wield it as an instrument of power,” said Wolfgang Platz. “Yet, in most cases, test automation ultimately becomes the responsibility of testing specialists who are not programming specialists. They need a tool that helps them apply their testing expertise.” Most testing solutions still use scriptbased approaches. Tricentis’ model-based test automation provides business-level simplicity supported by extremely mature, sophisticated technology at the back-end. 3

SDT04 page 42.qxp_Layout 1 9/15/17 1:13 PM Page 42

TESTING SHOWCASE

Weather Seismic Shifts in Testing

t’s an interesting time for the application space. The pressures being put on enterprise development teams have accelerated to a point unseen in the past. The technologies and architectures patterns that are designed to help teams become more agile today are putting a level of complexity into the equation. New software service areas, not the least of which is IoT, are multiplying and need reliable testing. Customers have become more demanding, expecting new capabilities to be delivered, in some cases, on a weekly basis. All of these phenomena can lead to chaos and confusion in the test lab. Kelly Emo, director of product, solutions and technical marketing for application testing at Micro Focus, sees three specific challenges that enterprise development teams face. She calls these pressures “seismic shifts.”

ing methods must support that transformation. You can’t just spray and pray, then roll it back if there’s an issue.”

Transforming To Meet Customer Needs Micro Focus (HPE Software) has gone through an evolution in the last several months. It has had its own transition to DevOps, Lean, and Agile practices. The first major change is that the company is delivering new capabilities to SaaS customers every six weeks and on-premises customers every three months as opposed to one major upgrade every six months. The company’s mobile testing suite now provides support for MQTT, one of the peer-topeer sensor messaging protocols for IoT. To encourage testers to use what they have, the organization is also embracing the open-source movement and has opened up its products so the actual automations can

“Think about where digital value is landing. It’s not just on your laptop, your computer, phone, or your watch. It’s moving to ‘things.’ Test labs need to be built to test these environments.” —Kelly Emo “First, is the complexity within software. On the architecture side, I’m seeing development teams move beyond APIs and services-oriented architecture (SOAs) into cloud-native, containerization, microservices, all designed to increase development agility, but the pressure it puts on the teams that are managing and testing the software is large,” she says. The second shift is that the digital value software delivers in new service areas must be tested. “Think about where digital value is landing. It’s not just on your laptop, your computer, phone, or your watch. It’s moving to ‘things.’ Test labs need to be built to test these environments in an ongoing way and ensure functional performance and security,” Emo points out. Rapid delivery is the third seismic shift Emo sees. She cautions, “When delivering new capabilities at a cadence of weekly, or even daily, methodologies like Agile and Lean help, but the whole ‘Develop, Test, Deliver’ pipeline has to evolve, and the test-

be built with Appium or Selenium, as well as with its own software’s test automation solutions.

Flagship Tools For Continuous Testing ALM Octane, HPE UFT Pro, StormRunner Load, and Service Virtualization all work in a continuous integration pattern for integrated continuous testing in Agile and DevOps environments, with a CI engine like Jenkins and/or TeamCity. Think of ALM Octane as your management layer that gives you the visibility into what is going on in terms of the application or service being managed and tested in your pipeline. It’s a cloud-based or onpremises and containerized application lifecycle management offering that uses common toolsets and frameworks, such as Jenkins, GIT, and Gherkin. It’s geared towards making customers’ DevOps processes more efficient. HPE UFT Pro is a functional test automation development tool set and exe-

cution engine. It executes both UFT scripts, created in multiple languages such as C# and JavaScript, and can execute Selenium scripts as well. It’s built specifically for continuous testing and continuous integration. It supports the most common AUT technologies, and integrates with standard IDEs on multiple platforms to increase DevOps and Agile teams productivity. HPE StormRunner Load is a SaaS-delivered cloud load and performance testing tool set and engine. It can be triggered as part of the CI process. It uses both onpremises and cloud virtual users so when it’s needed, it’s capable of scaling up to a millions of users for a Black Friday-type test, saving you those user licenses. Service Virtualization is the key, behindthe-scenes element that keeps the continuous integration pipeline running, since many of today’s applications are now compositions. It virtualizes API calls that may be out in the cloud or from a legacy system that you may not be able to access as a tester. Service Virtualization continuously learns and simluates the constrained application or service behavior and keeps your testing moving forward.

On The Horizon Building analytics into testing products is an emerging necessity. With all the data that test tools can provide, teams need to understand which data is important to their organization. Having a test tool that gives a comprehensive picture of how an application is used on a production network delivers significant value and informs what test cases need to be run. Micro Focus, which includes HPE Software as of Sept. 1, is building predictive and analytic layers into its products, applying big data algorithms, machine learning and AI to help teams focus on where their issues are. Emo reveals, “We’ve been working with these technologies for a couple of years. There’s a lot of power in them but incorporating them so we get good data in and good data out isn’t an easy thing to accomplish. We want to design tools that will give people the ability to say, ‘Yes, this is my area of risk, and where I want to focus additional test resources.’ It’s very powerful.” 3

SDT04 Full Page Ads.qxp_Layout 1 9/15/17 11:56 AM Page 43

Are you ready for the evolving world of the digitally connected experience?

Ĺ&#x; <RXU FXVWRPHUV DUH The advent of DevOps, microservices, mobile and IoT have led to increased user experience and expectations. Every business seeks the right environment for delivering quality applications with speed. This is why companies trust MicroFocus and our application testing solutions. microfocus.com/adm

SDT04 page 44,45,47.qxp_Layout 1 9/15/17 2:40 PM Page 44

BY MADISON MOORE

In baseball, it’s three strikes and you’re out. In this age of app fatigue and digital transformations, the rules of America’s favorite pastime don’t apply to web application development. For most brands and enterprises, they have seconds to delight a user or they are skipping out of the ball park and onto the next competitor. Because for web app users today, having a fantastic application isn’t enough — if it doesn’t exceed their expectations in terms of performance, accessibility and responsiveness, you’re out. While it’s getting harder to find quality web apps and software that works, development teams can build the best apps possible if they put the user front and center — this means considering usability testing as part of a software development lifecycle, looking into today’s modern technologies and frameworks, and finding new ways to give users the experiences they need so they always come back.

Usability testing One of the ways to really home in on the user’s wants and needs is to consider focused sessions as part of targeted user experience testing, according to engineering director at Sencha, Mark

Brocato. This can cut down on development time since issues and potential problems are highlighted before the web application reaches its launch date. Usability testing is an easy way to see how something is used, from real users, he added. Typically these users are asked to perform certain tasks, and it gives teams the ability to see where users may stumble and it helps the development team see if users are tripping up in any areas that they shouldn’t be, said Brocato. Brocato said that his team has learned much about their own users at Sencha from conducting usability tests, and he said it’s better than trying to guess in your head what people are going to do (or not going to do) within a web application. There are a few added benefits to usability testing. For instance, it gives teams direct feedback from the target

audience to the project team, any internal debates can be resolved by testing issues with real users, and it minimizes the risk of the web application failing when it goes into production. Of course, there are a few disadvantages to usability testing, according to an ExperienceUX report. Usability testing is not always representative of the reallife web app scenario, and it is qualitative, so it doesn’t provide large samples of feedback that an online questionnaire might, according to the report. But, usability testing can help development teams gather information about the user’s needs when it comes to design, like the functionality and features of the web application. It won’t necessarily give teams an understanding of the needs that goes into the delivery of the application. According to head of products at NGINX, Owen Garrett, the way to figure out those needs is to ask questions like, where is my user located? What is the standard of performance they expect? What devices are they using? How is the web application going to be deployed? Will the application need protection from spikes of traffic? These

SDT04 page 44,45,47.qxp_Layout 1 9/15/17 2:40 PM Page 45

www.sdtimes.com

“[We’re at] the point where you click something and you don’t want to notice that there is a delay, and if there is, you are already frustrated,” said Cope. “We are getting more and more used to having everything instantaneously.” When it comes time to actually develop a web application, development teams need to think about more than just performance. They need to take a different approach than they would with developing a mobile application, too. For a long time, according to vice president and principal analyst at Forrester, Michael Facemire, businesses would take their website and jam it into a mobile application. Now, businesses are looking at their mobile apps and consid-

User experience remains front and center for web application developers are the important questions to ask if you want the answers that directly relate to the user’s use of a web application, he added.

Considering developing a web app? Even after a development team thinks about what they are going to build, and after they get that feedback from potential users, they still need to put the user experience front and center. Users have so many choices right now, and if they are unhappy in the slightest bit, they know that they can go somewhere else because they’re not locked into one application anymore, said Rod Cope, CTO at Rogue Wave. Performance continues to be a challenge for organizations, because like Cope mentioned, users want to stay in their flow and experience no delay. According to Rogue Wave’s research, they’ve seen that a one-second delay in page load time leads to a 7% decrease in purchase conversion. That’s significant, said Cope. Consider an ecommerce site that gets 100,000 business transactions per day, said Cope. A one-second page could cost the business $2 million a year.

ering how they can replicate that design and user experience as a web application, according to Facemire. Instead of taking a mobile application and trying to recreate that same experience in a web application form, it makes more sense to consider users’ channels. For instance, if they are on a desktop, they are probably okay with a longer session with more in-depth experiences, whereas on a mobile device, users often want quick sessions, said Facemire. He added that the average session on a mobile device floats around a minute or minute and a half, and on a desktop, it’s longer than that, so a development team needs to deliver a much more detailed experience on the web, he said. Screen real estate plays a role in web application development as well. Web application development requires different viewport sizes, the resolution, and web layouts. On a smaller device, users interact with their finger, swiping, tapping, and holding their finger down to complete a given task. On a larger device like a desktop, users lose that ability to tap and swipe. According to Brocato, it’s the little things that can sway a user from using one application to another. Users’ toler-

October 2017

SD Times

ance for any experience, especially in the consumer setting, is very low, he said. One solution to this development challenge is to simply build smaller releases, said Facemire. Software is shipped often and the releases are getting smaller and smaller, yet they still include something valuable to the customer. Shipping small allows development teams to gather feedback, conduct an analysis, and determine if the release was successful or not. And if it’s not, it shouldn’t cost a team 16 months in turnaround time, said Facemire. Teams need to fail fast and understand why their customers were unsatisfied. “The concept of failing fast is important here,” said Facemire. “Let’s fail quickly, and then learn from that — you don’t have to get it right the first time, but if you don’t have it right, let’s understand why and let’s not make the same mistake again.”

Web application technologies Another challenge for web application developers today is the “never-ending war of the frameworks,” as Brocato puts it. “It’s like Game of Thrones, web style,” he said. “A year ago, when I went to my local Java meetup, the talk was all about React, now it’s shifting a bit.” He said that now, Angular is still fairly popular, but there are things like web components and additional frameworks that keep evolving, and fast. Chances are, the framework you pick today is going to be close to outdated by the time you “finish” your web app. And if it’s not the framework, Brocato said it’s the language. Web application developers need to come to terms with this, they need to figure out a strategy for development and how to update and manage the apps so their app doesn’t look antiquated, said Brocato. However, when it comes to languages, JavaScript still remains king of the castle. There are new flavors of the language for web development, with TypeScript and Flowscript getting some attention, according to Cope. They are compatible with JavaScript so developers can write in those languages and continued on page 47 >

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:38 PM Page 46

www.sdtimes.com

October 2017

SD Times

The rise of the Progressive Web App (PWA) Developer advocate at Google, Pete LePage, gave a talk at the Velocity download a web experience onto their device. It requires no app store, conference in NYC last year, and he said that today, the mobile web no installation, and it loads fast and delivers a good experience, according to LePage. should be three things: reliable, fast and engaging. Sencha’s engineering director, Mark Brocato, said that PWAs are This remains true today, since users expect their web browser to work fast every time. It is why almost half of web app users today will among the next emerging technologies, and a lot of companies are actually abandon an app if it takes more than a second or two to load, considering these experiences. According to Brocato, the two big app stores (Google Play and the App Store) control what according to recent reports. READ MORE ON PWAs goes onto a user’s device, but he doesn’t think this One way developers can deliver better user expeThe web app model will last forever. riences is to create a progressive web app (PWA). becomes progressive “People enjoy these lower friction environments Google first proposed the idea of PWAs back in 2015 as a way to solve problems like slow performance and unrespon- from both a developer and user perspective,” said Brocato. “It’s easier sive user experiences. While there are a few best practices to consider than getting approval from an app store, and developers are embracwhen developing a PWA, developers should consider a few qualifica- ing PWAs.” He also said that PWAs need to be easy for the user, nonintrusive, and it has to give them that same great experience. tions in order to call their website a progressive web app. “[PWAs] could change or augment the app store way of doing For instance, a PWA needs to be fast, it needs to be progressive, things,” he added. and it needs to engage the user. And it’s possible PWAs will take over mobile applications and web Also, a PWA lets a developer take a web experience that is generally in a web browser, and transfer it onto a mobile device as a stand- experiences, especially since customers don’t care so much about alone experience. It will have an icon that looks just like an app, and in applications anymore, said Facemire. “They want you to deliver a great experience on their devices, so many cases, PWAs can run offline, according to Michael Facemire, vice president and principal analyst at Forrester. He said app discoverability they don’t care if it’s an app, they don’t care how you develop it, they today is poor, and with a PWA, users can come to a website and simply just want that great experience,” said Facemire. —Madison Moore

< continued from page 45

write code that runs in all browsers and devices. Of course, added Cope, PHP is still popular, and Java and Python continue to make moves in artificial intelligence, too. Other software and coding sites highlighted technology like AngularJS, React, Node.js, Ruby on Rails, ASP.NET, and Vue.js, which provide additional functionalities that can be utilized within your own web application development project. When it comes time to actually develop a web application, Cope said that he thinks about it in two separate “camps” of development. Some teams think web applications need to be a separate mobile application written from the ground up, and those need to be native because you want maximum performance and the best user experience, he said. Then there’s another camp: “Instead of doing all this extra effort to write these native apps in separate languages, let’s just use standard web technology and basically write a web application that runs on mobile devices, looks good and performs well,” said Cope.

He added, “I think you’ll see different companies going in different directions, depending on what they are comfortable with.” Development teams should also consider the microservice approach for the server side of the application, which allows you to build applications in a cloud native fashion so they are broken down into independent components which will scale and update individually. NGINX’s Garrett said that this gives teams flexibility and security as compared to monolithic application.

The convergence of mobile and web While users are still mobile-first, and there are specific technologies that are better suited for mobile development, leaders in the development space are starting to see the technology that separates mobile applications and web applications is now starting to converge, according to Garrett. For example, desktop web applications are operating at a mobile style, mobile apps rely on web page technologies and HTML renders custom code, he added.

But in terms of practical differences, Garrett said that mobile applications tend to use API requests much more than web apps. Web applications do traditional HTTP requests and mobile uses standardized APIs. Mobile apps go to great pains to batch up API requests so they can make a single large network request rather than multiple small ones, he said; however, one technology that is unifying both web and mobile is HTTP/2, which is a major revision of the HTTP network protocol used by the World Wide Web, and it is derived from the earlier experimental SPDY protocol. “It’s a new way of delivering web content; it has security built in and performance optimization built in, and it allows mobile and web apps to get a great level of performance even if the underlying network is high latency,” said Garrett. Also, what started as responsive design in the mobile application space is now becoming standard for web applications. HTML, web rendering technologies on the desktop — it’s all becoming the de facto standard for a great many web applications, said Garrett. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:38 PM Page 48

OutSystems is the #1 low-code application platform for building: Brilliant Digital Customer Experiences Flexible Departmental Apps Robust Large-Scale Systems

See it at work at www.outsystems.com/sdtimes

SDT04 page 49,50,52.qxp_Layout 1 9/15/17 6:17 PM Page 49

www.sdtimes.com

ow-code platforms have offered the opportunity for non-developers to take the first steps towards transforming their business processes through accessible software design tools for decades, and it’s a market that has not stopped growing. According to business management consultant Forrester Research, by 2020, the simplified, or low-code, development space will be valued at US$15.4 billion. “We’re seeing the space growing very quickly along with the demand for low-code platforms from enterprise customers, as well as smaller business customers,” said Dan Juengst, principal product evangelist for OutSystems, whose customers for their enterprise-focused low-code platform range from banks and auto manufacturers to tech giants like Intel and Hewlett Packard Enterprise (now Micro Focus). “We think that it’s because of the expectation from customers and IT organizations that this is something that can help them.” With some of the big players in the low-code market finding an essential software development role at some of the largest companies in the world, it’s clear that these platforms are losing the stigma that they have limited capability or can’t keep pace with experienced developers. From rapid prototyping to eliminating redundant workload for the IT staff, there are many ways that a low-code platform can transform a business. But a positive transformation comes from using the right tools for the job, so it’s important that before customers take the plunge, they know their options.

The common perception In its report, “The Forrester Wave: Mobile Low-Code Development Platforms, Q1 2017,” Forrester outlined the most common reasons that companies reported that they have added a lowcode platform to their toolset. Unsurprisingly, it was essential to allow the

Buyers Guide BY IAN C. SCHAFER

non-developers most knowledgeable about the needs of their business and customers to translate function into form. “The business needs to be heavily involved in the initiative,” said Div Manickam, product evangelist with Dell Boomi, the company’s low-code solution. “I think that’s the real benefit of low code — that they can be part of the development process.” With drag-and-drop interfaces and great documentation, accessibility is key to the appeal of these platforms, along with what David Landa, CEO of low-code solution provider Kintone, says are essential to customer satisfaction: ease of development, ease of deployment, data security and access controls, and reasonable cost. That was Forrester’s finding too. The most important factor for businesses looking to employ a low-code platform is development time from user story to user experience. And even when an IT department feels stretched, Forrester says it will often turn to these solutions “as a force multiplier.”

Let IT do the heavy lifting “I don’t want to be the guy that’s coding up these forms and resolving all of these, quite frankly, really boring problems all over again,” Manickam said of developers. “We need to be able to

October 2017

SD Times

solve the tough technical challenges.” There are any number of solutions to common issues that don’t require the technical knowledge of a career programmer to execute. Manickam explained that this factored heavily into the design of Dell Boomi. “A lot of industry best practice is based on a Lego bricks approach. You can’t go badly wrong through experimentation.” Geoff Perlman, CEO of Xojo, one of the longest-lived low-code solutions in active development for two decades this year, backed up Manickam’s assertion. “The job of the IT guy gets even better,” Perlman said. “Because new technologies, that no citizen developer is ever going to be using, come along that IT can bring into their business and help the business be more efficient. It means the IT guys can spend more time on the enterprise-level things.”

Access to the back-end In the case of platforms like Xojo, whose target audience veers more towards the hobbyist or citizen developer, access to the deepest levels of the back end of your web application can be traded for Xojo’s proprietary cloud hosting and security measures, which Perlman says have withstood every one of the over 1 billion attacks leveraged at their servers over the years. For mobile and desktop apps, there’s a level of security that you don’t need to think too much about because it’s being run client-side. But for web apps, Perlman said, Xojo needed to ask: “How much access do you give [developers on your platform] to the details?” Options focused more squarely on enterprise customers, like Dell Boomi, OutSystems and Kintone, tend to veer more towards, “a lot.” Perlman says that it’s a balancing act, and something that the customer should focus on when choosing a platform. continued on page 52 >

SDT04 page 49,50,52.qxp_Layout 1 9/15/17 5:59 PM Page 50

SD Times

October 2017

www.sdtimes.com

Low-code tools for digital transformation We asked leading low-code solution providers to tell us how their solutions can help set companies up for digital transformation success. Geoff Perlman, CEO, Xojo

Xojo’s biggest strength is making app development accessible to citizen developers; those who don’t have “developer” or “programmer” in their job title. This makes it possible for the very people who know their jobs the best to identify the areas where automation can provide productivity gains. For example, a process that was normally done by phone only during business hours can be automated via a web or mobile application, allowing the customer to complete it at their own convenience. Many traditional software development tools have very long learning curves which make them impractical for citizen developers. Xojo provides a unified set of commands for nearly all the common operations (printing a document, saving to a file, sending data over a network, drawing graphics, etc.) so that once you’ve built an app for one type of target, you’ve already learned nearly everything you need to create apps for other types. Being able to build applications for Linux, macOS, Windows, the Web, Raspberry Pi, iOS (and coming in 2018 — Android), all from a single development tool and language is a huge win for anyone transforming their business processes to the digital world. Dan Juengst, principal technology evangelist, OutSystems

The OutSystems low-code, rapid application development platform is a key ingredient that drives many organization’s digital transformation strategies. OutSystems combines a full-stack visual development environment with a full-lifecycle application management platform. It allows enterprises to rapidly build and run the

enterprise-grade mobile and web apps that are the foundation of a digital transformation. OutSystems helps organizations rapidly innovate. They can experiment with low risk, thanks to the platform’s development speed and low cost of app change. Organizations can quickly develop and deploy new digital business solutions and scale to support growth. With OutSystems, organizations can deliver apps 5x faster than traditional development. And these applications are robust, enterprise-grade apps that integrate with existing data sources and legacy systems. OutSystems also allows integration with almost any existing system through prebuilt connectors and open extensibility. Applications built with OutSystems are scalable and secure — a requirement for today’s modern enterprise. Built-in DevOps and change and dependency management tooling round out the features, making sure that IT organizations won’t hit any walls. Steve Wood, VP and GM Dell Boomi Low Code Platform

Dell Boomi pioneered low-code integration when we introduced the world’s first cloudnative integration platform as a service (iPaaS) in 2007. Even a decade ago, we understood the challenges organizations were facing with traditional integration tools. This is why today businesses around the globe are turning to Boomi’s lowcode environment to eliminate traditional development obstacles and accelerate digital transformation. Organizations need to be far more agile in how they integrate their applications and data to drive digital transformation. The volume and diversity of integrations necessary for running a digital business are growing exponentially. Social, mobile, analytics, big data, IoT and AI technologies all require integration into core business systems. But the traditional approaches of

hand-coding integrations and managing middleware have become a major obstacle to digital transformation. Boomi provides businesses a common, easily understood interface that requires no specialized expertise in a particular programming language. This makes building and maintaining integrations far easier and faster. And Boomi provides core integration with API, MDM, EDI and workflow management, all combined in a unified environment. Dave Landa, CEO, Kintone

Kintone sets up organizations for digital transformation success by enabling IT to empower businesspeople to build what they need to manage their business best while maintaining the governance IT needs. Kintone’s hyper-agile, high-productivity low-code application platform makes teamwork better. Over 7,500 companies worldwide have built and run over 340,000 custom applications on Kintone’s cloud and are adding over 880 new applications daily. Tools to quickly build database applications like a free application template library, 1-click spreadsheet conversion, and duplication features enhance clients’ productivity. Core functions like access controls, process management, notifications, analytics, and auditing provide the agility, transparency and controls necessary for mission critical solutions. All easy enough for non-coders to build. Pre-built plug-ins and add-ons, webhooks, APIs customizations and integrations, and connection to integration hub Zapier make Kintone flexible, extensible and powerful. Collaboration is one of Kintone’s 3 Core Pillars and is built into the DNA of the platform. For example, Kintone provides Spaces for teams, groups and departments to manage their projects, apps and work within and instant mobile access via IOS and Android apps with push notifications. z

SDT04 Full Page Ads.qxp_Layout 1 9/18/17 12:31 PM Page 51

SDT04 page 49,50,52.qxp_Layout 1 9/15/17 6:17 PM Page 52

SD Times

October 2017

www.sdtimes.com

< continued from page 51

“Understand the needs of your business,” said Manickam. “How happy is our IT team going to be when they find out that our compliance data or our customer data is being locked away in this low-code platform that isn’t connected to anything else?” With this in mind, it’s important that organizations choose a low-code platform can facilitate a workflow that

incorporates every level of development that your business requires.

Working together But to facilitate the type of digital transformation that many businesses hope low-code technologies will bring, the IT team should make it clear what the role of the technology will be and who will need to use it. “What we find IT folks coming to us

for is a platform that they can present to their business teams and have some oversight and management of,” said Kintone’s Landa. “As in: ‘You’ve got a list of 150 apps here. We’re not going to be able to get to them. But we can look at the different applications, and here is a platform that we can give you a little bit of guidance to get started with and make sure that any data sources we need to integrate with – we can help you with that.” z

A guide to low-code development solutions n Alpha Software: Alpha Anywhere has the unique capability to rapidly create offline capable, mobile-optimized forms and business apps that can easily access and integrate with existing databases and web services, and can exploit built-in rolebased security.

n Appian: Appian’s platform combines the speed of low-code development with the power of process management, and more. It allows teams to quickly build unified views of business information from across existing systems, and lets them create optimized processes that manage and interact with their data. n K2: K2 provides a data-modeling environment that allows developers to create virtual data views that bring multiple systems of record together into a single view. Additionally, K2 provides strong workflow capabilities for modeling and automating processes and assigning tasks to workers. n Kony: Kony Visualizer is a powerful enterprise-grade platform for designing, developing and deploying rapid, low-code, native mobile and web apps using open and standard-based tools with JavaScript. Teams can create low-code, fully native and hybrid mobile and web applications. n Magic Software: Magic xpa Application Platform lets you leverage the same business logic to develop once and deploy across platforms. You can create a portfolio of high performance business apps with a single skill set and minimal resources. Magic supports your digital transformation and enterprise mobility strategies. n Mendix: Mendix provides a comprehensive, integrated set of tools and platform services for the entire app lifecycle. Empower a continuum of people to build

FEATURED PROVIDERS n

n Dell Boomi: Dell Boomi is an IT service management company that lets teams build integrations anytime, anywhere with no coding required using Dell Boomi’s industry leading iPaaS platform. There’s no hardware or software to manage, so teams can easily build, deploy and manage their integrations with ease. The Boomi platform also includes API management, EDI management, master data management, workflows, and it connects more than 200 applications and 1,000 endpoints for businesses. n Kintone: kintone is a company behind the database application platform that employees can use without writing a single line of code. Teams can run processes, test them, iterate on them, and find the best configuration with kintone’s nocode/low-code business process management. The platform features branched workflows, no-code process management, and notifications and trigger based reminders. Teams can also navigate databases quickly and easily, diving into their data with easy-to-use and easy-to-configure views and filters. n OutSystems: OutSystems is a low-code platform that lets you visually develop your application, integrate with existing systems and add your own code when needed. The OutSystems platform is top-rated because of its speed, integration with everything, great UX by default, and its low-code abilities without constraints. OutSystems was rated a leader in two low-code development waves, and it was rated a mobile application development platforms leader from Gartner. n Xojo: Xojo, a development tool, lets teams use the same tool and language to build native apps for multiple platforms. Experienced developers can tap into Xojo’s platform for additional resources, but it’s easy to learn and powerful enough to develop anything, making it the ideal development tool for all experience levels. Xojo currently has over 330,000 users worldwide and Xojo apps can be found anywhere, from Fortune 500 to commercial software, small businesses, and everything in between. apps without code, from business experts to professional developers. Teams can visually model full-stack applications, including data models, UIs, and logic. n Oracle: Oracle Visual Builder Cloud Service accelerates development and hosting of engaging web and mobile applications with an intuitive browser-based visual development on the same enterprisegrade cloud platform powering Oracle SaaS Applications. n Salesforce: Force.com, the Community Cloud, and the Lightning platform anchor

this low-code customer base, although Salesforce also has platforms (Heroku), tools (Force.com IDE), and partnerships (with continuous-delivery tool vendors) that address coders. n Sencha: Sencha Ext JS helps developers build data-intensive, cross-platform web applications for desktops, tablets and smartphones, with 115+ high-performance, pre-tested and integrated UI components. Using Sencha Themer with Ext JS enables developers to quickly and easily design customized application themes using graphical tools, without writing a single line of code. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:39 PM Page 53

SDT04 page 54.qxp_Layout 1 9/15/17 1:12 PM Page 54

SD Times

October 2017

www.sdtimes.com

Guest View BY STEVE ROBERTS

Five tips for software-driven companies Steve Roberts is a managing director with Accenture’s Product Engineering and Lifecycle Services business.

s Mark Andreessen so aptly predicted, software is eating the world. A growing number of companies that developed physical products are adding software capabilities to their offerings. This means a growing need for companies to add software development expertise, software product engineering, embedded software engineering, ecosystem platform engineering, and new software-based application programming interfaces. Here are five important actions companies should consider taking to become software-driven businesses.

One: Make software an enterprise-level priority Companies that aspire to become market leaders need to embrace software as an enterprise-wide responsibility across all facets of the company. Experimentation and prototyping should occur across business functions, proNearly all companies, regardless ducing a continuous pipeline of new ideas and product capabiliof industry or market, need to ties. The most successful compadevelop a certain level of software nies engineer their software expertise and mentality to succeed. products to enable constant customer feedback to new features so they can be resolved and inform continuous and rapid product innovation. Using powerful analytics capabilities, companies have transformed product definition from an art to a science. And all areas of their businesses, ranging from finance to marketing, need to adopt a software-driven mindset to support quick development cycles associated with software-driven businesses.

Two: Adopt lean and agile ways of working Nearly all companies, regardless of industry or market, need to develop a certain level of software expertise and mentality to succeed. The companies that do this can open a sizable gap from a field of followers by increasing the rate of product releases through continued investment in automated build, test, and deployment systems. Early innovators are embracing the mantra that agile adoption is no longer only for engineers; it’s assumed across the entire value chain. The goal is establishing a continuous flow in which established teams consume and deliver against a company-managed backlog of fea-

ture requests. This contrasts with the traditional and less efficient model of assembling project teams or discrete engagements.

Three: Harness instrumentation and analytics To attain market leadership, companies should consider using powerful instrumentation and analytics to observe, enhance and understand how their products powered by software are being used, and to feed insights and strategies for future iterations and agile development. The cloud, connected devices and platform economy have generated more data to analyze, which is creating new opportunities to monetize that data.

Four: Focus on the platform economy Leaders in the cloud computing software market recognize their ground-breaking products and services are based on platforms. Their continued success rests on two key elements: the technology platforms they have built to support their businesses; and the business models these platforms enable. These leaders have open platforms for developing new applications and services for the broader ecosystem, which creates an expanded and growing revenue model. Leaders have also developed a set of common services with which their businesses and external developers can create applications and innovative new propositions on their platform to unlock new revenue flows and increase customer dependency.

Five: Tie products to the back office Today’s demanding markets require products integrated with external ecosystems and internal corporate systems to deliver outcomes and experiences focused on customers. In this software-driven world, the back office is no longer a discrete set of processes that support sales and services. Instead, the back office is an integral part of the engine that powers the agile software-driven experience. Back office functions such as customer relationship management, finance and supply chain facilitate the transactional services that enable the ongoing delivery and fulfillment of software. While there is an increased reliance on software to deliver product features, connected, software-driven products are creating new “Everything-as-a-Service” and Internet of Things market opportunities. z

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:39 PM Page 55

100 practitioner-led sessions. 24 hours live online. No vendor pitches. alldaydevops.com/register

October 24th â&#x20AC;&#x201D; 100% Free

SDT04 page 57.qxp_Layout 1 9/15/17 1:13 PM Page 57

www.sdtimes.com

October 2017

SD Times

Analyst View BY ROB ENDERLE

When smartphones become obsolete L

ike all technologies, smartphones are transitory. They came up from a blending of two-way pagers, PDAs (Personal Digital Assistants), MP3 players (like the iPod), and have recently been taking over much of the space once occupied by tablets — which had a surprisingly short run as the “it” product. We are starting to give wearables phone capability and beginning to explore mixed reality headsets, which are the more likely of the two technologies to replace smartphones at the top of the personal communications food chain. Let’s take a moment to look ahead and anticipate what, and about when, the smartphone effectively becomes obsolete. For a mixed reality headset to displace a smartphone it will need to evolve a lot from where it is. This isn’t to say that evolution isn’t close, however. If you think about it, one entire class of the product is basically a smartphone placed in a headset and while that is more virtual reality than mixed reality now, phones have ever more powerful and capable cameras already and it would seem a simple matter to add one more sensor (for stereoscopic vision) and make the headset the default implementation. But there remain many big issues that must be effectively resolved. The first is that no one has yet come up with an attractive version of this technology. Even the relatively non-invasive but failed Google Glass experiment detracted from how you look. You could build the device into a helmet but while that would work for bike riding, some types of driving, and some sports, getting people to wear a helmet all day will be problematic — unless the weather gets a lot worse than it now is. The closest thing to an attractive headset we have is the Microsoft Hololens, and it still looks like something you’d wear to protect your eyes in a machine shop more than something you’d wear to work or in polite company.

Battery life/performance Having the display(s) and camera(s) on all the time would be problematic for current battery technology. Worse by far than smartphones, if your MR headset loses power you would be effectively blind — unable to see the ever-more critical notices and the rendered world you increasingly live in. The performance level of the processor currently being

used in smartphones just isn’t high enough to renRob Enderle is a der the 4K level images that would be needed to principal analyst at the Enderle Group. fully occlude and enhance reality. Further, we’d likely need to improve human vision to make the whole thing compelling enough to get to a critical mass of users. We could likely get close with battery packs, low-latency 5G radios, and more powerful CPUs and GPUs but the result would be too bulky for anything but initial concept testing. We really need a battery breakthrough and, while many are being worked, none are yet within a 5-year envelope of implementation. However, if we can get to the performance threshold on a wearable device, given the broad industry need for a battery breakthrough, the events to create this thing would likely come together quickly. The eventual result will There is a possibility in that future blend the above with things your closest and dearest friend, that are already almost cooked, like a conversational interface, the one that truly is loyal and does the ability to re-render everyknow more about you than you thing we’d normally see, and the merging of the capabilities know yourself, will be virtual. in our TVs, smartphones, digital assistants, and PCs into a single connected solution. A conversational interface is one that is primarily voice but uses a rendered avatar — like the Cortana in the video game Halo — that, backed an AI, becomes arguably better than a human assistant (and perhaps a tad more real). Yes, there is a possibility in that future your closest and dearest friend, the one that truly is loyal and does know more about you than you know yourself, will be virtual. But we are a few years out.

Wrapping up: 10-20 years The earliest that this device could emerge is likely five years out and it would likely take another five years to fully displace smartphones, thus I place the range from displacement in the late 2020’s to 2030s. Eventually smartphones will be replaced by something, that something will likely be a headmounted wearable device that not only does what smartphones, PCs, and digital assistants now do, but renders a view of the world that we can edit to our heart’s content and creates the potential for real magic. z

SDT04 page 58.qxp_Layout 1 9/18/17 1:59 PM Page 58

SD Times

October 2017

www.sdtimes.com

Industry Watch BY DAVID RUBINSTEIN

The liquification of software David Rubinstein is editor-in-chief of SD Times.

he days of software packages are coming to an end. Say hello to what JFrog co-founder and chief architect Fred Simon calls “liquid software.” “Once the number of applications and libraries and pieces of the software that needed to be managed reached a certain point, we started to see an exponential increase in the amount of software modules, and the frequency of updates and versions, all the way to the end user,” he began. “What we used to consider in software packages to manage with tagging and versioning — a destination, address number, type, barcode and then you ship it away in any kind of format — all these concepts of actually creating a package and delivering software in the form of a package, little by little, have disappeared due to the fact that we are making more and more of them and releasing them more and more frequently. “We shifted our approach to software updates, not out of packages, but out of the concept of continuous flow of software. You start to think in terms of piping. Then you start to connect the different software factories and the different departments and the different vendors and the different teams by connecting them with pipes, not by connecting them by delivering the files from one place to another, but continuously providing the latest version of whatever software is available to the next destination.”

The full liquification of software is contradicting a lot of the processes many companies set in place.

Unpolluted and secure This is what Simon says (couldn’t help it!) is the liquification of software systems. “Little by little, we are seeing any kind of software in any kind of environment moving to this liquid delivery mechanism, where you plug yourself into a client that you trust to deliver clear water which is unpolluted and secure — and, by the way, you’ll get all security updates and the latest versions of whatever you want,” he explained. If this sounds like the DevOps revolution, it’s because Simon said it is. “There is another catchphrase we use quite a bit to reflect this; it’s release fast or die. The ones that are not even trying to do

that are probably companies we won’t see in the next decade.” At JFrog, Simon said they want to make sure the tools they are creating can be used by the “plumber,” who creates the piping and lets the liquid software flow. “The replication and the pipes that are created between the different repositories, which can be located all over the world, need to continuously deliver the right things to the right destination,” he said. “All the synchronization is a critical piece of our tooling. So of course is the ability to see and to transparently view the actual flow of the software. Before, when it was actual trucks, the way to control it was to control the timing of the delivery of the package. When you go to liquid software, you need visibility and transparency, but need to change the control mechanism for frequency, quality and flow of delivery.” Liquification is a strong force in the market, but for organizations with existing processes, the move to a continuous flow of software has many challenges. “To be frank, the full liquification of software is contradicting a lot of the processes many companies set in place. There are a lot of companies who have a six-month block of time before the vendor has a new version and the new version gets inside the company. It’s not rare to have such a strong mechanism of compliance and any kind of test that companies and processes set in place, where they only accept a very few releases per year — those processes are the ones that are suffering today. “When you have a monolith, you start with a version in your version control system and you build everything and test everything and deliver everything,” he continued. “It’s a very sequential process that, for really big software, could actually take weeks. Once you start in microservices, each of the microservices has its own lifecycle, so you can make your own single build and test locally and have a new version automatically created. The ability to aggregate all those microservices and to tag a specific version at a specific time and create another application out of those microservices and those different versions rapidly and efficiently is critical for the next step.” z

SDT04 Full Page Ads.qxp_Layout 1 9/15/17 12:09 PM Page 59

SDT04 Full Page Ads.qxp_Layout 1 9/14/17 1:40 PM Page 60

SYNCFUSION

DATA PLATFORM Unique, One-Stop Solution for All Your Data Science Needs

Dashboard Platform

Big Data Platform

Data Integration Platform

Report Platform

Take data from any source, transform it visually, build models, and deploy interactive dashboards with ease.

Before spending millions, try us! License your entire team for $4,000 or less per year. No per-user or per-server charges. Completely free Community License also available.