Be Serious About Your Testing – or Die

I meet up with the philosopher just outside the city wall of Copenhagen. To the left, the city rises behind it’s wall. To the right is open land. He lives out there, in the quiet fields just outside of the busy city.

“Why do you test?”, he asks me.

Testing is my job, my profession, and I tell him the story of how I made it into testing as a consultant more-or-less by accident, and then became passionate about it.

“But,” he says, “why are you serious about testing?”

I then tell him about how my curiosity drives me, and the information I gather, and how I communicate to people. Also, I learn new things by exploring products, which I like. It feels like science.

“Testing is about curiosity and knowledge,” I say. This I say almost as a declaration, without doubt. I feel certain.

“Let’s talk about your funeral,” he replies. “What will people say about you when you’re not there?”

For a moment I feel a void opening beyond me and fear my words can no longer hold me. I pull myself together, though.

“I want people to remember me for my passion for exploration, that I was motivated, skilled, critically thinking, a modern tester … I want to be known and remembered for that, and…”

The philosopher interrupts me:

“Those things are for people living merely aesthetic lives,” he says.
I look at him.

“I’m a motivated professional“, I reply, “I work with some of the best people in the world, people who are motivated like me, passionate about the things I’m passionate about: Testing, risk, exploration…”

The philosopher looks away. A horse cart passes us, and the strange feeling returns. Where am I? The place looks familiar, yet strange. What am I wearing? Not my usual clothes. The passenger in the horse cart stops the driver to exchange words with the philosopher about his latest publications. I’m eager to continue the conversation and demonstrate my passion and motivation, kill the nagging feeling of fragility and confusion. Finally, the philosopher turns away from the other man, and looks at me:

“Are you serious about your testing work. Or do you just want to be known?” I can’t figure out if the voice is his, or my own voice sounding in my mind.

I wake up with my heart ponding in my chest.

DSC_2452.jpg

One sleepless night, about a month ago, I picked up my tablet and found one of Søren Kierkegaard’s books on Google. The one I found was published in 1845 and contained three discourses for imagined occasions. I’ll prefer to call them talks. One of the three is a talk for an imagined funeral, and the subject of the talk is seriousness. Kierkegaard is known for walking Copenhagen and talking to people, and in my imagined dream above, it was him, I met, walking the outskirts of the City as it was about 170 years ago (the walls were since removed, and the city has expanded into the open lands around it).

Kierkegaard was Danish and wrote in Danish. The Danish word for seriousness is alvor. It is pronounced ál-vór and the origins of the word can be traced to old German “alawari” meaning “all true”, “friendly”, “willing”. The individual syllables in the Danish word have meanings: “All ours”. Alvor is more than attitude, there’s really a lot of value in that word.

I’m a free lance consultant, and a successful one. I’ve worked with software testing and test management for 15 years. I’m skilled, valued, and motivated.

A recent brain storm on testing lead me to think what testing can do, and I came up with these: Goal-keeping, learning, proving, checking, validating, exploring, researching, verifying, learning, teaching, educating. (Thanks to Ash Coleman for inspiring this.)

But testing is strange: Dijkstra said that the only thing testing can prove is the presence of a bug, not it’s absence. So how can we keep a goal, prove or educate anything? Am I wrong, or could testing be more than what Dijkstra said? The word alvor and even the English serious to me contain and indication that it can, at least when trying to understand it the way Kierkegaard did.

Søren Kierkegaard says seriousness is not in the subject, attitude, power or anything else that’s explicit or aesthetic. Beauty is our business, Dijkstra said, but Kierkegaard would disregard beauty as serious business, as beauty was to him just an external thing, and what mattered to him was the tacit, internal and relational. Seriousness, to Kierkegaard, can be thought of as a mental state, and we can be serious making a choice, but it is still something that is related to ourselves and the relations we have with others.

Let me try to reframe what I learned reading Kierkegaard’s funeral talk that sleepless night by putting it into a modern context:

DSC_2451

The retrospective

Not all testing is done in sprints, but a lot of modern testing is, and I’d like you to think of a sprint you took part in.

You probably remember some things and have forgotten a lot. My guess is that as of right now, you – as I do when I think back on one – remember certain events like the demo, bugs that were found, and probably more likely the bugs and problems people at the demo pointed out that you had missed.

Thinking back on the sprint, however, is not seriousness. Kierkegaard is clear: It’s only emotion!

Therefore, now I want you to instead think of the sprint you are in now: It doesn’t matter if there’s just a few hours left of it, or several weeks. The sprint is the present, now.

Seriousness, in the way Kierkegaard wants us to think about it is in experiencing time running out as the days until the end of the sprint counts down to 0.

We need to make important choices before it’s too late.
Otherwise, the sprint will end, and after that, all we’ll be left with is emotion about the mistakes we made and shouldn’t repeat.
There’s a further level to this, though.

In death, Kierkegaard says, everyone is equal. Now, this sounds dramatic, but there’s a link to the sprint: In the sprint, we had roles, but after the sprint the roles are just part of history. Death is where nothing happens. Time becomes meaningless to the dead, just as it’s meaningless to the sprint that has ended. Time doesn’t matter to us talking about the sprint that has ended, in fact, time easily becomes a reconstructed illusion, as we try to remember the order of things that happened in the sprint.

Kierkegaard’s point, I think, is that the image we build, our power and influence, number of Twitter followers, likes we got on Instagram, job offers we have received, etc … all those things have nothing to do with seriousness. They are just emotions.

Seriousness is in choosing to be present right now and to care about what we do and especially about how others will experience it after we’re gone.

DK001136

Reading Kierkegaard made me tired. I eventually fell asleep without finishing his talk.

I feel I’m sometimes trying too much to be serious. I can be anxious, and can’t relax. That can make me feel important, but I must be careful: It’s not seriousness. It’s a dangerous state of mind, and I will often end up sleepless, and probably bug others with my overdosed seriousness worrying about details that don’t matter.

So I can be serious, but I still needs rest, breaks, time away, time for doing nothing, even time to be foolish, childish, silly. Happy.

I become serious by choosing myself in social interaction with those to whom my work matter: Teams, colleagues, managers, stakeholders, users. Seriousness is no longer seriousness when it becomes an ego-trip, a battle with colleagues and stake holders. Seriousness, to be what it promises to be in the Danish word “alvor” or the old German “allawari”, is all ours.

I discussed an early draft of this essay with Damian Synadinos.

He has an interesting point on death as he reminds us in his talks on “improv(e) your testing” to contemplate death.

Damian talks about these two phrases in improv: Killing on stage versus dying on stage. He is serious about improv, which he trained for years and used to perform professionally.

What he says, I think, is this: Improv that dies on stage ends with no laughs, no emotions, no narrative. You want to kill on stage. Not literally, of course, but not only emotionally either.

A couple of years ago, Damian and I crazed out to a live band playing AC/DC-songs at Let’s Test 2016 in Stockholm. They sang this:

Shoot to Thrill,
Play to Kill…

I understand Damian this way:

Be serious about the testing you’re doing, contemplate death, and set out to create a meaningful testing event. In other words:

Shoot to thrill
Play to kill;
Don’t let your testing die by your ego-trip.

DSC_1295

Reklamer

Quality is…

In a recent post, Anne Marie Charrett discusses quality as an emergent property.

I see quality as a term for value, and it is in itself complex. It can be read as being synonymous to aesthetics, beauty, and probably even to complexity, but it can also – as a term – refer to existential properties such as safety, existence, life etc: doing no harm is considered a fundamental quality in health care, for example. In the real, especially in the reality of projects, quality is indeed emergent: The product begins its life as an idea, we assemble the parts, and in the end the whole becomes something of greater value than the sum of the individual pieces.

But no matter how it emerges, quality, to me, is fundamentally tied to the human. We can define metrics for quality if we work hard, but even the best metrics will never be more true that the humans who relate to quality. This perspective can be debated, but as a premise for my work, I don’t want to engage in such a debate. Rather, I’m interested in debating how to make the human perspective operational in my work with quality and testing software systems.

And for that I have 12 models that can be applied, on three levels in four dimensions each.

I draw it like this (explanations follow, and yes, it’s a pyramid):

_20181206_1841394306266375574636519.jpg

First order quality

Quality is something to someone, somewhere at some time. What is that something then composed of. Based on Ole Fogh Kirkeby’s “Greek Square” as described in his books on proptreptic value based coaching, Cynefin’s domains and Kant’s categories of terms, I think of quality as something on a compass disc with four corners:

  1. Quality as factual, obvious and true. Correctness is a quality in arithmetics, and subjecting a pupil to a number test with a number of addition assignnents allows us to evaluate how good she or he is adding numbers simply by comparing based on the fact that given a+b=c, given a, b being numbers of a known number system, c is a defined value. Sometimes, facts require more than algorithms, as in evaluating “North is that way”, but the principle is still the same, that a presupposition can be proven right or wrong given a concrete context of testing using someone, somewhere at some given time.
  2. Quality as relational, as when we for evaluate fairness and agreement with something or someone. Still in the context of someone in a given time and place, this kind of quality is relatively simple: We can ask the person, or we can put ourselves in her shoes, understand her, and evaluate for her. Agreement can probably always be evaluated mechanistically, but we still have to make sure that we know what to evaluate against: is it under our control, or a moving target? Fairness is more difficult, as even legislation needs to be interpreted in terms of both its written word, and its intention and ‘spirit’.
  3. Quality as an emergent, aesthetic, complex property is what we see in software Projects, especially if we look at the human values of the software. In that, people experience wealth of experiences existing on a continuum ranging from bad to good, ugly to beautiful.
  4. Finally, we sholdn’t rule out the safety aspect of quality. Even when we consider quality in the most personal and individualistic view, one that is rooted in a single persons’ experience with the product, we should not rule out the anxiety present: Will it destroy my idea (WordPress’s App deleted most of this blog post while I was editing it)? Will it destroy my day? Will it destroy me? As I mentioned above, a quality in healthcare is not harming patients. It’s fundamental, but it’s important, and a basis for ensuring that cure can emerge.

That was the first four models of quality. There are four more one level up:

Second order Quality

When I was a child, I played for my own sake. The quality of my play emerged, but it was personal. As I grew up, I began playing with others, and for them: At work, and as a parent, what I do is more serious: Part of growing up is learning to do things for others. Part of learning product engineering (which I did) is learning to engineer things for users.

The second level in the model is tied to the group of users, the team, an organization, the stakeholders etc. Quality is social here, but still bounded. But it can refer to the different domains in which the product has value: In the project, to sales, and to users. There are several ways to move to this level of abstraction, but we need to know what kind of abstract level we’re moving to for this to work.

My experience is that we can only move our thinking to this level if we know what we’re addressing. It doesn’t require absolute certainty, we can create props to represent users by describing them, or we can describe users in abstract terms. But there needs to be some kind of concrete knowledge available about the target of our idea of quality before we can talk rationally about quality at this levels.

But once we have that, we can start working with quality within the same Compass system of fundamental quality values I described above: Factual, relational, and emegergent quality, and safety. (Or as they are named in the Greek Square: The true, the just, the beautiful, and the good.)

Universal quality?

At the top of any pyramid is a smaller pyramid. In this case, this is where we move to the universal perspective, the quality that applies to everyone, everywhere, at all times. This would be God’s view on quality.

Factual qualities are often easy to work with, even at this level. Take math for example, which doesn’t depend on neither time, space or humans. Math is a thing in itself, it seems. Therefore it makes perfect sense to judge an attempt to solve an equation as universally good or bad depending on simple correctness:

2 + b = 4 <=> b = 3

The above is obviously incorrect and false.

It get’s much harder when we move further around in the value compass: Can we talk about good relations in a universal context? Is “the just” a universal thing? It’s not as easy as the above example, and I think this is where we really need to call in an expert who has done research in the quality of relations, or someone who knows about law and justice.

Even worse about emergence, complexity, aesthetics: Is there such a thing as universal beauty? I think there is research supporting this, but as a tester, I’ll skeptical about it: I’d rather test with a group of potential users, i.e. stay on the lower level, than employ rules for verifying aesthetic or emergent properties of a thing. Also, I would always suspect such rules are heuristic in nature, not universal.

Safety seems more obvious: Avoid chaos at all cost, and chaos is a reasonably well defined thing, I think, perhaps even mathematically.

But still: In the real it’s complicated. The Picture below is of the UN Building in New York. This is where universal rules for everyone on the earth are negotiated, but even those that have been decided on are often up for debate: We agree we want peace, but how? We agree we don’t want climate change, but at what cost, and who should do it? It’s hard, and as a tester, I want to avoid talking about this level, except as an abstract level I should avoid expressing myself too concretely about.

But that’s all right: I can say a lot of other things. Most of the quality pyramid is readily accessible in my work testing software and the relations real humans have with it.

DSC_3317

The Care and Feeding of Continuous Learning

The opening keynote at Pipeline Conference, the yearly, non-profit, continuous delivery conference that took place in London on March 20th, 2018 was given by Elisabeth Hendrickson. Her words to us are still resonating:

There is no failure, only learning – an awful lot of learning
– Elisabeth Hendrickson

Where is Testing in CD?

Continuous Delivery is about integrating code and moving to production continuously. It’s a core principle in Agile.

Some 15 years ago, the idea of moving code to production fourthnightly or weekly was pretty cool. Today, deploying to production daily, even several times a day is the norm. To make it happen:

  • Projects avoid branches and releases
  • Instead development and delivery is happening in a flow
  • Regression testing is largely automated to support the flow
  • Production is monitored to detect problems before they happen

The question is where that leaves the job of exploring a product to learn about it?

I found an answer in London, but not just at the conference.

Continue reading “The Care and Feeding of Continuous Learning”

Immanuel Kant and the Hallucinating Tester

Quality is an illusion. That may seem like a bold statement, but there is a deeper truth to it that I will discuss in this blog. I’ll also discuss how we can approach the real.

We can think of testers as doctors, scientists, or researchers whose job is to research, explore, or examine some software, gather, analyze, and communicate factual knowledge based on observations.

But science teaches us that when we research and observe things, including software, what we “see” is not reality. At TED 2017, University of Sussex neuroscience professor Anil Seth called what we see “hallucinations”.

This gives the hopefully scientific tester some severe epistemological challenges: As she is a person, and is hallucinating, how can she (or we) trust her observations?

The problem for her is that the images that she experiences as real are a synthesis, an intuitive product of her observances based on a minimal amount of sensory data. The critical mindset is important in testing but doesn’t help by itself.

Fortunately philosophy has a solution for her (and us). Before I explain it, let me share a daily life story about intuitive illusions and assumptions.

 

Walking on Black Ice

I was out walking my poodle Terry a few days ago. A car came against us, but as we were on the sidewalk and the car on the road, the situation was intuitively safe.

Unfortunately, my intuition turned out to be wrong as only a moment later my foot slipped on the sidewalk and I realized that the wet road was not wet; both the road and the sidewalk were covered in black ice.

When another car approached I was aware of the danger, and made sure to keep myself and my dog safe.

There could be a moral in this story about always being cautious about cars and roads, but it might end up in over-cautiousness of the type that grandmothers sometimes impose on their grandchildren.

Instead I consider it a reminder that we don’t see things as they are: The road was wet until my foot slipped and I realized it was icy.

Already the Stoic philosophers in Rome 2000 years ago had figured this out.

 

Immanuel Kant’s Model of Mind

In 1781 the German philosopher Immanuel Kant published his mammoth work Critique of Pure Reason in which a key concept is the transcendental, which can be thought of as a bridge between the real and the hallucination.

Let me explain: Something that is only realized by intuition, dreams, myths etc, and which doesn’t link to experience, is transcendent. Something realized by pairing sensing and experience is transcendental.

Kant’s model is simple and straightforward, as Kant was pedantic, but it still needs some explanation:

Outside us is of course the objects which we sense. Kant calls them “the things in themselves”. It could be the road I was walking with my dog.

Kant thinks of us as rational beings who act on the basis of the thing in itself, and that has caused much debate. Skepticism will claim that the thing in itself is not available, and that there is only the subjective experience. Logical positivism will claim that the thing in itself doesn’t exist at all. Realism will doubt the subjective. We can probably all appreciate that the always rational human doesn’t exist.

But Kant’s bridge is interesting. What he says is that even though “the thing in itself” is not available to us, we can still say rational things about what we see.

So the mind is connected to the real in a way so we can gain and share experience. Does it sound weird? In a way it is, but Kant’s arguments has generally stood the test of time and critical philosophers – and even neuroscience.

So let me tie this to testing.

 

Belief as a Premise

There are different ways to test: In exploratory testing, we do it interactively by operating and observing the software. In automated testing we “outsource” the actions to another piece of software, and our task is then reduced to making sense of data from the tests and suggest and possible implement changes to the test-software. Scripted and chartered testing sits somewhere in-between the two “extremes”.

However,no matter how we practice testing, we need to make sense of what is observed. And since observing is subjected to sensing, the only thing we have available is our intuitive image about the thing we are testing.

James Bach is quoted as saying “Belief is a sin for testers.” I like the quote as it is an important reminder to be careful what we think: It’s not reality. The road might not only be wet. The software probably doesn’t always do what it did this time. I probably missed something. My mind is hallucinating.

So with a bit of wordplay in Kant’s home language, German, I’ll say that “die Sinne ist die Sünde.”

Our senses are the sinner, but as they are also our only hope to see some tings about reality belief is not an option. It’s a premise.

But since we know, we can establish the transcendental: Think the real rationally by testing our beliefs.

In other words: The realist approach to testing is to test the product. The transcendental approach is to test beliefs.

 

On Common Terms

There is something missing in the above as so far I’ve only talked about sensing, imagining, and experiencing. The brilliant part of Kant’s philosophy is that he explains how we can collect experiences.

Kant develops four categories of terms that we think by, and argues how they are given to us a priori, i.e. before we experience anything. He argues how they come from the existence of time and space. Back in his time Newton had just published his theories. Today, we’ve progressed, and it probably makes better sense to think of the terms as a result of the experience of space and time.

But what’s important is that although our experiences vary, we’re on common terms, so to speak.

This is important as it means we can think and express our knowledge about experiences generally.

Let me give some examples: I told you about the black ice on the road above, and while cannot be certain what I said is true, you can understand my experience. I can also share a testing problem, and we can imagine solutions together. I can try them out afterwards, and share experiences with you. We can even talk about testing in general, and imagine solutions to certain testing problems in general.

In other words: The terms allow us to relate, connect, discuss, collaborate, learn, reflect, prospect etc.

This makes the transcendental model of experience complete: We can sense, imagine, think, and express our thoughts into words and actions that we can share with others, who can do the same.

 

The Two Things I Want to Say

So what do I want to say with all this? I want to say two things:

The first is that yes, we are trapped in hallucinating minds. We might theoretically be able to escape them if we subject our testing to strict scripted procedures, make sure what we do is repetitively accurate, and only communicate what we can verifiably record and therefore objectively observe. But we’ll essentially be turning ourselves into machines and miss intuitive and tacit knowledge. And one way or another, we’re still stuck in a mess where at every and any judgement and decision made will be based on hallucinations.

But we’re not lost as we can explore the product and our intuitive ideas about it transcendentally, i.e. by realizing that both are in play when we test. Although we can’t get access to the “thing as it is”, we can experience it. Our expeirences do not have to be transcendent, i.e. disconnected from real, but can be transcendental.

And this is the second thing I’ll say: Since we are not alone in the trancendental, our roles as testers become clearer.

People are different, but I think a fundamental, perhaps even genetically coded, qualification for testers is to be sensitive people with intuitions which are easily disturbed by reality. On top of that, great testers need critical thinking skills, i.e. courage to doubt intuitive illusions, and creativity to come up with test ideas useful in the context. The rest is about interaction and communication with teams and stakeholders so that the good hallucinations about the software that we develop through our testing are shared.

 

Testing Transcendentally

In the spirit of Anil Seth, the neurology professor, let’s be honest: Software quality is a hallucination.

We can’t escape our minds and the apparent mess created by the hallucinations we think of as real. But we can experience quality transcendentally by testing.
To me testing is not so much an exploration of a product.

I see testing first and foremost as the transcendental practice of exploring of our own, and our team colleagues’ and stakeholders’ hallucinations about the product.

References

Introducing STPA – a new Test Analysis Technique

At the core of innovation in IT is someone getting the idea of connecting existing services and data in new ways to create new and better services. The old wisdom behind it is this:

The Whole is Greater than the Sum of its parts
– Aristotele

There is a flipside to this type of innovation that the opposite is also true: The whole can become more problematic than the negative sums of all the known risks.

My experience as a tester and test manager is that projects generally manage risks in individual subsystems and components quite well.

But I have on occasions found that we have difficulty imagining and properly taking care of things that might go wrong when a new system is connected to the infrastructure, subjected to real production data and actual business processes, and exposed to the dynamics of real users and the environment.

Safety, Accidents and Software Testing

Some years ago, I researched and came across the works of Dr. Nancy Leveson and found them very interesting. She is approaching the problem of making complex systems safe in a different way than most.

Leveson is professor of aeronautical engineering at MIT and author of Safeware (1994) and Engineering A Safer World (2011).

In the 2011 book, she describes her Systems-Theoretic Accident Model and Process – STAMP. STAMP gives up the idea that accidents are causal events and instead perceives safety as an emergent property of a system.

I read the book a while ago, but has only recently managed to begin the transformation of her ideas to software testing.

It actually took a tutorial and some conversations with both Dr. Leveson and her colleague Dr. John Thomas at the 5th European STAMP/STPA workshop in Reykjavik, Iceland in September to completely wrap my head around these ideas.

I’m now working on an actual case and an article, but have decided to write this blog as a teaser for other testers to look into Leveson’s work. There are quality resources freely available which can help testers (I list them at the end of this blog).

The part of STAMP I’m looking at is the STPA technique for hazard analysis.

According to Leveson, hazard analysis can be described as “investigating an accident before it occurs”. Hazards can be thought of as a specific type of bug, one with potentially hazardous consequences.

STPA is interesting to me as a tester for a few reasons:

  • As an analysis technique, STPA helps identify potential causes of complex problems before business, human, and societal assets are damaged.
  • One can analyze a system and figure out how individual parts need to behave for the whole system to be safe.
  • This means that we can test parts for total systems safety.
  • It works top-down and does not require access to knowledge of all implementation details.
  • Rather, it can even work on incomplete models of a system that’s in the process of being built.

To work, STPA requires a few assumptions to be made:

  • The complete system of human and automated processes can be modeled as a “control model”.
  • A control model consists of interconnected processes that issue control actions and receive feedback/input.
  • Safety is an emergent property of the actual system including users and operators, it is not something that is “hardwired” into the system.

I’d like to talk a bit about the processes and the control model. In IT we might think of the elements in the control model as user stories consisting of descriptions of actors controlling or triggering “something” which in turn produce some kind of output. The output is fed as input either to other processes or back to the actor.

The actual implementation details should be left out initially. The control structure is a mainly a model of interconnections between user stories.

Given the control model sufficiently developed, the STPA analysis itself is a two step activity where one iterates through each user story in the control structure to figure out exactly what is required from them individually to make the whole system safe. I won’t go into details here about how it works, but I can say that it’s actually surprisingly simple – once you get the hang of it.

36574241164_d2989109b0_o.jpg
Dr. John Thomas presented an inspiring tutorial on STPA at the conference.

Safety in IT

I have mentioned Knight Capital Group’s new trading algorithm on this blog before as it’s a good example of a “black swan project” (thanks to Bernie Berger for facilitating the discussion about it at the first WOTBLACK workshop).

Knight was one of the more aggressive investment companies in Wall Street. In 2012 they developed a new trading algorithm which was tested using a simulation engine. However, the deployment of the algorithm to the production environment turned out to be unsafe: Although only to be used in testing, the simulation engine was deployed and started in production resulting in fake data being fed to the trading algorithm. After 45 minutes of running this system on the market (without any kind of monitoring), Knight Capital Group was bankrupt. Although no persons were harmed, the losses were massive.

Commonly only some IT systems are considered “safety critical” because they have potential to cause harm to someone or something. Cases like that of Knight Capital indicate to me that we need to expand this perspective and consider safety a property of all systems that are considered critical to a business, society, the environment or individuals.

Safety is a relevant to consider whenever there are risks that significant business, environmental, human, personal or societal assets can be damaged by actions performed by a system.

STAMP/STPA and the Future of Testing

So, STPA offers a way to analyze systems. Let’s get this back to testing.

Software testing relies fundamentally on testers’ critical thinking abilities to imagine scenarios and generate test ideas using systematic and exploratory approaches.

This type of testing is challenged at the moment by

  • Growing complexity of systems
  • Limited time to test
  • Problems performing in-depth, good coverage end-to-end testing

DevOps and CD (continuous delivery) attempts to address these issues, but they also amplify the challenges.

I find we’re as professional testers more and more often finding ourselves trapped into frustrating “races against the clock” because of the innovation of new and more complex designs.

Rapid Software Testing seems the only sustainable testing methodology out there that can deal with it, but we still need to get a good grip on the complexity of the systems we’re testing.

Cynefin is a set of theories which are already helping testers embrace new levels of complexity in both projects and products. I’m actively using Cynefin myself.

STAMP is another set of theories that I think are worth looking closely at. Compared to Cynefin, STAMP embraces a systems theoretical perspective and offers processes for analyzing systems and identify component level requirements that are necessary for safety. If phrased appropriately, these requirements are direct equivalents of test ideas.

STAMP/STPA has been around for more than a decade and is already in wide use in engineering. It is solid material from one of the worlds’ leading engineering universities.

At the Vrije Universiteit in Amsterdam, the Netherlands they have people taching STPA to students in software testing.

The automobile industry is adopting STPA rapidly to manage the huge complexity of interconnected systems with millions of lines of code.

And there are many other cases.

If you are curious to know more, I suggest you take a look at the resources below. If you wish to discuss this or corporate with me on this, please write me on twitter @andersdinsen or e-mail, or join me at the second WOTBLACK workshop in New York on December 3rd, where we might find good time to talk about this and other emerging ideas.

Resources

Thanks to John Thomas and Jess Ingrassellino for reviewing drafts of this blog post. Errors you may find are mine, though.

DSC_0146
This photo shows machinery in an Icelandic geothermal power plant. Water heated to 300 deg C by the underground magma flows up and drives turbines and produces warm water for Reykjavik.