Category: software testing

A Metric is a quantitative measure of the degree to which a system, component or process possesses a given attribute. Software metrics are measures that are used to quantify the software, software development resources and software development process. A metric is defined to be the name of a mathematical function used to measure some attribute of a product or process. The actual numerical value produced by a metric is a measure.

For example, cyclomatic complexity is a metric; when applied to program code, the number yielded by the formula is the cyclomatic complexity measure.

* Management metrics , which assist in the management of the software development process.
* Quality metrics , which are predictors or indicators of the product qualities.

Metrics related to software error detection (“Testing”) in the broad sense, grouped into the following categories:

General metrics that may be captured and analysed throughout the product life cycle

Software Requirements metrics , which may give early warning of quality problems in requirements specifications

Software Design metrics , which may be used to assess the status of software designs;

Code metrics reveal properties of the program source code;

Test metrics can be used to control the testing process, to assess its effectiveness, and to set improvement targets;

Software Installation metrics, which are applicable during the installation process;

Software Operation and Maintenance metrics , including those used in providing software product support.

Test Metrics

The following are the metrics collected in the testing process.

1.Defect age .
Defect age is the time from when a defect is introduced to when it is detected (or fixed). Assign the numbers 1 through 6 to each of the software development activities from software requirements to software operation and maintenance. The defect age is computed as shown.

(Activity Detected – Activity Introduced)

Average Defect Age = –——————————————————

Number of Defects

2. Defect response time
This measure is the time between when a defect is detected to when it is fixed or closed.
3. Defect cost ($ d )
The cost of a defect may be computed as:

$ d = ( cost to analyse the defect) + (cost to fix it)
+ (cost of failures already incurred due to it)

4. Defect removal efficiency (DRE)
The DRE is the percentage of defects that have been removed during an activity, computed with the equation below. The DRE can also be computed for each software development activity and plotted on a bar graph to show the relative defect removal efficiencies for each activity. Or, the DRE may be computed for a specific task or technique (e.g., design inspection, code walkthrough, unit test, 6 month operation, etc.). [SQE]
Number Defects Removed
DRE = –—————————————————— * 100
Number Defects At Start Of Process

5 Mean time to failure (MTTF)
Gives an estimate of the mean time to the next failure, by accurately recording failure times t i , the elapsed time between the ith and the (i-1)st failures, and computing the average of all the failure times. This metric is the basic parameter required by most software reliability models. High values imply good reliability.

MMTF should be corrected by a weighted scheme similar to that used for computing Fault density (see under Test Metrics).

6 . Fault density (FD)
This measure is computed by dividing the number of faults by the size (usually in

KLOC, thousands of lines of code).

Hope these are useful.



Here is one Security Testing Checklist that may help you
1. Are all the Internet-facing servers within the system registered with the corporate web office?
2. Do the test plans for the system include tests to verify that security functionality has been properly
3. If the system is rated high on the business effect assessment or if it is Internet facing, has the
company security office been consulted to determine whether or not additional security testing
is required?
4. Has the security test covered the following?
a. application testing
b. back doors in code
c. denial of service testing
d. directory permissions
e. document grinding (electronic waste research)
f. exploit research
g. firewall and application control list
h. intrusion detection systems
i. manual vulnerability testing and verification
j. network surveying
k. password cracking
l. PBX testing
m. port scanning
n. privacy review
o. redundant automated vulnerability scanning
p. review of IDS and server logs
q. security policy review
r. services probing
s. social engineering
t. system fingerprinting
u. trusted systems testing
v. user accounts
w. wireless leak tests



Hi Readers,

Many of you have requested for some more sample papers.

So here is a site that offers free ISTQB practise exams

The IQTQB online tests on this site not only helps you to test yourself, they also help you learn. The best point here is that as soon as you give wrong answer their system will prompt you the right answer.

So just visit them



If you have read PMBOK at some point of time then you know that Leadership Style are very well related to motivation. Here is something very well written that I would like to share with you.

Leadership style influence level of motivation. However, throughout a lifetime, man’s motivation is influenced by changing ambitions and/or leadership style he works under or socializes with. Command-and-control leadership drains off ambition while worker responsibility increases ambition.

Leadership Style versus Motivation
Leadership Style Motivation Type Motivation is Based on: Personality Type Efficiency

Limited supervision
Worker with decision making responsibility

Self motivated Creativity Leader of ideas or people.Independent Achiever Thrives on change


Team motivated

Mixed styles

Goal motivated Opportunity

Personality type and efficiency depends on leader’s skill and/or the work environment he’s created.

Reward motivated Materialism
Recognition motivated Social status

High level of supervision

Peer motivated To be like others Status quoDependency Resist change


Authority motivated Follows policy
Threat, fear motivated Reacts to force

Remember that: Self-motivated or visionaries will not accept authority controlled environments. They will find a way to escape if trapped. In a team-motivated environment, dependency types will become inspired and strive to be acceptable with independent thinking coworkers.

here are some finer points:

Self-motivated people are goal motivated. Once they conquer one goal, they establish another. Every goal is a learning process that requires all the elements in level one. Organizations that attract and keep this type of person stay on the leading edge of technology.

Recognition is important; it builds positive self-esteem. By itself, its benefits are short lived. Long-term benefits are achieved when the employee feels the job could not have been done without them. This means they were faced with a challenge, which means, they had the responsibility and authority to take action.


I’ll keep on updating this post….

This is a cry frequently heard as deadlines approach 😉 .
You can hear most of the managers screaming about this issue….
However there could be a number of answers:

1. The testers were not able to complete testing due to a new release being loaded.
2. The bug was not in an earlier release (reload that earlier release and see).
3. The bug could not be tested for earlier because some part of the release did not work and inhibited
the test’s ability to “see” the bug.
4. The bug was in some part of the system not originally planned for the release for which a test has
only just been written.
5. The bug was found while running some other test.
6. The bug was in a part of a system which was not the focus of testing.
7. The bug would have been found eventually, but the tester hadn’t run the test (which would have
found it) yet.
8. And yes, maybe if we’d been more thorough we’d have found that bug earlier.

Its always good to keep in place a corrective action in place so that the impact of the issue can be minimized and the stake holders and the client/s do not lose faith on you and your team.

Here is an artcle by Aashu Chandra my manager at Infogain (my previous company) about What to do if a bug has leaked into production?

Enjoy and let me know your thoughts on this.



Here is an article by Parvatha Vardhini C in the Hindubusinessline that talks about Taxation matters, especially when going on a stint abroad.

Before you go on overseas deputation, you must be aware of certain regulatory requirements. A little effort to fully understand the issues involved can prevent a lot of eleventh-hour hassles.Read on…..

You are in that dream job with that dream company. And, like the icing on the cake, that much-awaited stint abroad has arrived. While you have made the mandatory visa visits to the embassy, given your wardrobe a new look and written down recipes for your favourite dishes, spare a thought for the new tax and regulatory environment you will find yourself in. If you put in a bit of effort to fully understand the issues involved, you can save yourself a lot of eleventh-hour ha ssles.

Browse the Internet, and you will find numerous queries from employees like you travelling overseas on deputation or assignment:

— I am an employee of a Chennai-based company deputed to London for one year. Do I fall in the NRI category?
— I left India on international transfer to our UK office in September and am getting a UK salary since then. Is it taxable in India?

— I’ve just been posted to the US for a long term. Can I continue to operate my Indian bank accounts?

— I have some savings in the allowances during my assignment abroad. If I bring it back to India, will it be taxed?

Determine your residential status first. As a first step, you need to find out if you are a ‘resident’ in India for every year in which you are out of the country, under tax laws. This is necessary as, under the Income Tax (IT) Act, the tax treatment of your earnings will vary depending on your residential status. For someone travelling overseas, a simple rule of thumb to determine if he is a resident will be to check if his stay in India in a financial year (April 1 to March 31) will exceed 182 days.

For example, take the case of a programmer who works onsite in Canada from October 15, 2007 to January 22, 2008. For the year ended March 31, 2008, he will be a resident as he has been abroad only for about 100 days during that year and has stayed in India for the remaining 265 days.

If he is sent abroad from January 22, 2008 to, say, January 22, 2009, then, for the year ended March 31, 2008, he will be a resident but for the year ended March 31, 2009, he will become a non-resident as he would have spent less than 182 days in India.

So, the next time you hear the words ‘short-term’ and ‘long-term’, remember, IT law does not decide your residential status that way. It’s the 182-day rule that rules.

The FEMA angle

But, wait, didn’t your friend tell you that he opened a non-resident bank account just before he left for the UK on a ‘long-term’ deputation? How could he have opened a non-resident account even before determining his residential status?

This is because under FEMA, (Foreign Exchange Management Act) a person may become non-resident simply by leaving India on purposes of employment or for any other purpose that would indicate his intention to stay abroad for an indefinite period. While FEMA is concerned with your rights and obligations in moving funds in and out of India, the IT Act is bothered about the taxability of such funds and their movements.

So, don’t be foxed if you are considered resident for income-tax purposes and non-resident for banking purposes in the same year!

Remuneration and taxes

When an employee goes abroad for a few weeks or months, the Indian company retains him on their payrolls and continues to credit his salary to his local bank account. In addition, he will get some allowances to meet his personal expenses during the period of his stay.

In such a situation, he will be a resident in India by virtue of having spent more than 182 days here and his Indian salary will be subject to tax in the usual manner. The allowances will be exempt from tax.

In many cases, the employee is given a salary both in India and abroad. If you are on deputation for, say, three years, what will you be taxed on? A golden rule to remember is that a resident should pay tax on his global income. So, in the first year, if you are a resident, then both your Indian and your foreign salary will be taxed in India.

In the second year, when you become a non-resident, only income received, accruing or arising or deemed to be received or accrue or arise in India will be taxed in your hands.

This means that, although you are a non-resident, your Indian salary will still be taxed here while your foreign salary will be tax-free as it is received outside India from a foreign source.

When you are paid salary only in the foreign country, the tax incidence will be the same as above. Thus, in the first year, if you are a resident, your foreign salary will be taxable in India.

In the subsequent years, it will be tax-free as it arises outside India from a foreign source in the hands of a non-resident.

Double Taxation?

Relax. There’s a way out Take the case of Shilpa, who works with a software company in India. From July 2006-November 2006, she was sent to the US and was paid her salary there after withholding tax. For the rest of the months, she was paid salary in India as usual.

For year ended March 31 2007, Shilpa was surprised she had to pay tax in India for the income received in the US (because she was a ‘resident’ under IT Act for that period) though the US authorities had already deducted tax when they paid her. This is unfair! She has been taxed twice on the same income!

If you find yourself sailing in the same boat, cool off. India has signed Double Taxation Avoidance Agreements (DTAA) with several countries. You can claim a relief in India on the doubly taxed income, which will be the lower of taxes leviable in India or the other country you visited.

Want to send money home?

Most companies who send their employees abroad for a longer term, say two or three years, do so after helping them open a non-resident account with a local bank. Besides, you can also open an NRE (Non-Resident External) account. The NRE account allows funds to be freely repatriable (moved back). This fund will be maintained in rupees and any debit or credit of foreign currency will be converted immediately to rupees.

You can give your parents the ‘power of attorney’ to operate it on your behalf. Whenever your family needs money, you can credit it into the NRE account from your account abroad and your parent can withdraw it. If not, you could also send cheques or drafts.

Should you go to a foreign location for a very short period, says two months, you may not have the privilege of using bank accounts or cheques. In such cases, the most popular method seems to be to first credit the money into a friend’s bank account and then send it to India. Online money transfers are also a popular mode of sending money into India.

All remittances are tax-free.

Read the full article here

Every now and then I hear people saying that we don’t have enough time for testing or our estimates have gone wrong due to some resource issues, however we can resolve these things by doing risk analysis, we need to identify the areas where testing should be focused.
Since it’s rarely possible to test every possible aspect of an application, every possible combination of events, every dependency, or everything that could go wrong, risk analysis is appropriate to most software development projects.

This requires judgement skills, common sense, and experience. (If warranted, formal methods are also available.) Considerations can include:
– Which functionality is most important to the project’s intended purpose?
– Which functionality is most visible to the user?
– Which functionality has the largest safety impact?
– Which functionality has the largest financial impact on users?
– Which aspects of the application are most important to the customer?
– Which aspects of the application can be tested early in the development cycle?
– Which parts of the code are most complex, and thus most subject to errors?
– Which parts of the application were developed in rush or panic mode?
– Which aspects of similar/related previous projects caused problems?
– Which aspects of similar/related previous projects had large maintenance expenses?
– Which parts of the requirements and design are unclear or poorly thought out?
– What do the developers think are the highest-risk aspects of the application?
– What kinds of problems would cause the worst publicity?
– What kinds of problems would cause the most customer service complaints?
– What kinds of tests could easily cover multiple functionalities?
– Which tests will have the best high-risk-coverage to time-required ratio?

I hope this helps everyone.