Authored by: Karl Rubin, COO at Orasi Software
Automation, agility, new models, and the big-picture context – the way we look at and check, quality of the software – that’s changing. “Quality in a product or service is not what you put into it, but what a customer gets out of it’.”– Peter Drucker
Nothing could be more valid than this wisdom when we see the state of quality in today’s environment. It is a digital world that we live in today. Our lives, work, and healthcare are powered by software and applications. So, letting quality suffer in this digital era is not just a testing flaw but an enormous consequence that can lead to costly errors, frauds, and accidents.
Never has human being depended so much on the quality of software than in today’s world. In fact, on account of the pandemic, both the need and implications of software everywhere have added to the gravity of flaws in software. As a result, we have seen many security mishaps, outages, and exploitations of deficiencies in the last year itself. Plus, the omnipresence of work-from-home environments has increased the number of data breaches and cyberattacks – with a direct impact on security testing.
Almost 83 percent of CIOs and IT directors noted an increase in security concerns over the last year. However, a recent World Quality Report (Capgemini-Micro Focus) shows that the proportion of budget allocated to QA has continued to fall. It stood at 35 percent in 2015 and has slid to 22 percent this year. Software teams are finding it takes approximately six months to fix half of the security flaws discovered. 75.8 percent of applications have at least one security flaw, while 23.7 percent have high severity flaws.
The top security flaws uncovered here were as follows:
- Information leakage (65.9 percent)
- CRLF injection (65.4 percent)
- Cryptographic issues (63.7 percent)
- Code quality (60.4 percent)
So, with all this happening, is quality assurance (QA) important for enterprises? Are they embracing its significance in the right way?
Challenges and Imperatives
While there is significant room for improvement, business assurance was the chief aim that respondents cited as an essential mission for QA – almost 74 percent found it a priority in the World Quality Report (WQR). That compares to 72 percent who said detecting software defects before go-live was a critical aim. Companies ranked QA as essential for ensuring user satisfaction and customer experience as the next set of priorities. And almost 52 percent of organizations reported in the WQR showed a lack of skills test automation resources available to them. There was just 18 percent that was automating their user acceptance tests and unit testing. The overall test automation rate stands at 15 percent. Also, 65 percent of respondents feel applications change too frequently for them to keep up.
So, testing and QA are not minor headaches and priorities anymore. Instead, they have undergone massive turbulence.
The Changing Landscape of Software Testing Technology
According to this World Quality Report 2020-21, QA is no longer seen as a backroom discipline that was removed from the rest of the organization. It is an area that has been steadily evolving; it’s shifting from an independent function to an integrated function – soon it would turn into an inclusive function.
The role of the QA practitioner is changing from finding and reporting defects to become the orchestrator of quality. That helps us to understand why fresh approaches for testing and QA are gaining ground these days.
Automation is a significant underlying factor that is empowering a lot of other changes and technologies here.
The Micro Focus QA report shows that QA is being pushed to speed up and optimize testing in the realm of agile and DevOps development, and 40 percent of respondents expressed that nearly one-third of project efforts are devoted to testing. According to the Veracode report, multiple scan types can improve the efficacy of DevSecOps.
Software teams combining scan types such as dynamic analysis (DAST), static analysis (SAST), and software composition analysis (SCA) have higher fix rates. It was observed that teams applying SAST and DAST fix half of the flaws 24 days faster. Also, employing software security testing automation in the SDLC can fix half of the defects 17.5 days faster.
There is a renewed emphasis on reducing security debt. This is done by fixing the backlog of known faults that reduces software security risk. Incidentally, older applications with higher security flaws density take longer to resolve. It comes to an average of 63 more days required to close half of the flaws.
Hence, we can see that there is an emergence of fresh approaches and tools now.
Software Quality Assurance and Testing Trends
- Scriptless Test Automation – This approach enables testers and business users to automate test cases, but they can do so without being concerned about the coding. This leads to faster results and shrinks the time spent to understand the code.
- IoT and Big Data Testing – It is a type of testing to check IoT devices for better insight and control over various interconnected IoT devices.
- AI & ML in Testing – Today, 90 percent of enterprises find testing an enormous growth area with AI. As per the WQR, almost 80 percent aim to increase the number of AI-based trials and proofs of concept. There are many benefits of test automation – such as better control and transparency of test activities and a reduction in test cycle time. About 37 percent of respondents claimed an ROI in automation.
- Growing Use of QAOps – Now, enterprises are integrating QA into the CI/CD pipeline. Here the software testing process gets forged well into the CI/CD pipeline rather than an isolated process. The QA team can now work closely with the development team and the operations team.
- Performance Engineering – It is a form of proactive, continuous, and end-to-end application performance testing and monitoring that works by leveraging right-sized tools. It leans towards shift-left performance testing and shift-right application performance monitoring.
- Regression Testing – A form of testing that entails re-running functional and non-functional tests to ensure that previously developed and tested software performs after a change.
- Integration Testing – Here, individual software modules are combined and tested as a group to ensure the compliance of a system or component with specified functional requirements.
- User Acceptance Testing – Almost the ultimate stage of the software development cycle, where we can determine if the requirements of a specification or contract are met.
- Accessibility Testing – It is about respecting the diversity of users. This is where applications are made accessible to users with disabilities, such as vision impairment, hearing disabilities, and other physical or cognitive conditions.
- Selenium Testing – It is a portable framework for testing web applications and a playback tool for authoring functional tests without learning a test scripting language. It is an automated testing suite for web applications across different browsers and platforms.
The importance of testing will continue to rise and change in its impact. There is a noteworthy realization that quality practices should be integrated into every part of the software development life cycle. They should be everyone’s responsibility in some way. The testing mindset is now much more than simply a focus on some software bug. It is now about being prepared for business continuity, where disaster planning and testing are often done. We need applications to adapt to dynamic business models and changing circumstances. Testing and QA dovetail that direction and mindset now.