Skip to main content

Who Cares?


Should the public care about software testing? That's the question that the Association for Software Testing and the BCS Software Testing Specialist Group asked at our first joint peer conference on 22nd November 2020. The remit was:

It’s our contention that most people don’t think very much about software development and software testing, despite software being deeply embedded in almost all aspects of our lives.

When there’s a publicised issue such as a national bank failing to process customer orders for several days, a government IT project overrunning for years and then being canned, or a self-driving car causing a fatal accident, then society might take notice for a while.

However, even when that happens it’s rare for the complexities and risks associated with the creation, integration, and maintenance of software systems to be front and centre in the discussion, and testing almost never makes it to the agenda at all.

In this workshop we aim to explore why that is, and what testers, testing organisations, software development companies, and governments could do to persuade the public that software testing is worth understanding and caring about.

As with so many events in these troubled times, we shifted an in-person experience online and were concerned that the buzz that comes from being in the same room as other people who are both knowledgeable and care deeply about the topic would be lost. 

I'll blog about the way we set it up later, but I'm pleased to report that the buzz was still there. I'll also blog about the breadth and depth of the conversations we had around the presentations but here I'm just going to summarise what the speakers said.

--00--

We kicked things off with Fiona Charles using Qantas flight QF72 as an example of how well-intentioned automation, complexity, and fail-safe mechanisms can result in at best unwanted behaviour and, at worst, disastrous outcomes. In that incident, faulty sensors caused on-board systems to misinterpret the plane's attitude as dangerous and take unnecessary action to correct it. Flight envelope constraints prevented the pilot from overriding the manoeuvre, leaving him a helpless spectator as passengers were tossed violently around the cabin.

Fiona posed the question "what level of control should we keep for ourselves?" and suggested that we have to build products that keep people at the centre of operations, facilitating and enhancing skilled human decision-making and enabling the human operator to work in whatever way is best for them, not fight against a system built for its own convenience.

Many modern systems (particularly those labelled AI) rely heavily on data, but data is not knowledge, and it comes with biases. As an industry and a scociety we are increasingly recognising this, but we tend not to recognise that the way the data is collected is biased, the architecture of the systems is biased, the models underlying the design are biased, the decision processes are biased, and, in fact, anything humans create is likely biased in some way.  

To help ourselves to see that bias and counteract it, Fiona said, we need to take seriously such questions as what could possibly go wrong, what possible outcomes there could be, and how does our product solve well-known concerns such as security or accessibility? Oh yes, and we should look to tune our bullshit detectors.

Harmful outcomes also concern Amit Wertheimer. In his presentation he took the position that software testing as an activity in its own right is just one way to help to create working products that do no harm. He described a separate team of testers distinct from developers as a crutch, providing a way for the builders of a product to disengage from the need for checking their work.

For Amit, in general, developers should be reviewing what they create and should be ready to "feel the pain" of it being found wanting by its users. That's not to say that the critical thinking skills that we testers like to claim have no value, but rather that other people, directly involved in development, can provide them too. He makes an exception for highly-specialised fields where domain knowledge may be instrumental in understanding the desired and observed behaviour of a product.

The public should not care about these details, though, he says. The public should care whether their product works and does no damage, not whether testers were involved in its production, or how.

Huib Schoots offered this perspective too, and also the opposite: the public should not care about software testing because that's the responsibility of the producers, yet the public should care about software testing because they need to be able to trust products, particularly in safety-critical situations.

He asked us to consider what happens when there's some kind of significant software failure. People tweet about it for a while, it blows up in the news perhaps, and then we all forget about it. Where is the forum in which the public can ask questions and request improvements? How can regulation and the law evolve with rapidly-changing technology?

He called for efforts to make an environment in which the public and software producers can get together to discuss how people's needs and concerns can be met, but then also warned about the risks of these being overrun by fringe views and conspiracy theories and noise.

Eric Proegler had no qualms about coming down on one side of the question: the public must care about software testing because of the increasing dependency of our lives and lifestyles on software.

Testers also have something to think about, he says. With current technology, it's easier than ever to create an "AI solution" and push it out to innumerable devices at a terrifying pace with huge numbers of poorly-understood and dynamic dependencies.

Software testing is under siege, in Eric's view.  One way forward is to find ways to incentivise better testing. Weak testing is motivated by short-termism, by getting to market, and by meeting quarterly targets. The business need trumps the societal need most times and Eric challenged us to wonder how we can change that.

The BCS are trying to change that, Adam Leon Smith claims, by engaging with government, the media, the public, and industry to highlight failures in IT and understand how they can be reduced both in frequency and impact. "We shouldn't hinder innovation" shouldn't be a popular opinion, in his opinion.

Regulation and certification is one avenue that can be explored. While this might seem like an anathema to some, Adam noted that software testing in some parts of some industries is already regulated, and cited the UK gaming machine testing strategy regulation as an example.

Acknowledging that testing is context-dependent, Adam speculated that there is scope for wider regulation of this kind. He would begin with high-risk scenarios where context could be restricted sufficiently that a non-generic standard for testing could plausibly be created. The high-level results of this kind of work could be communicated to consumers using a simple labelling scheme, similar to that used on food packaging to summarise the "healthiness" of the contents.

Take a step back, Janet Gregory urged us. We need to think about risks while producing our products and then find a way to communicate the risks to our users. A labelling scheme of the kind Adam suggested could certainly help, but Janet would like to see something like industry-wide checklists for things to consider on purchase, similar to the paperwork packaged with medicines that list potential side-effects.

She also asked for much tighter controls on the way in which products are advertised and cited self-driving cars as an example. For those kinds of products, adverts might claim "this model is an industry standard for safety" but consumers need to be aware that this doesn't mean getting in, pressing the take-me-to-mother's-house button and then going to sleep.

It's not enough to simply make this information available, of course. It needs to be made available in format that consumers can and, crucially, want to engage with. Techniques such as visualisations and analogy could be employed here. Bodies like AST and BCS can definitely be part of a dialogue around that.

Lalit Bhamare rounded things off for us with a call to action for consumers themselves. He talked about clean software — parallel to clean air — and said that unless consumers demand it, producers are unlikely to sacrifice convenience and profit to provide it.

What is clean software? Features that Lalit mentioned included reliability, quality, customer service, and a strong consideration of a product's impact on the world and not just the bottom line. Companies today largely take the public's acceptance of low-quality software for granted.

Testing is a crucial part of Lalit's idea. The public should care about software testing because testing helps them to have confidence that the software is clean, and if there's a public conversation about testing then manufacturers will be forced to pay attention to it.

The material created at the conference is jointly owned by the participants: Lalitkumar Bhamare, Fiona Charles, Janet Gregory, Paul Holland, Nicola Martin, Eric Proegler, Huib Schoots, Adam Leon Smith, James Thomas, and Amit Wertheimer.
Image: Rare Records

Comments

  1. I've gotten into the habit of circulating news stories around my company where it seems likely that something bad that happened might well have had a testing (or rather, lack of testing) dimension, so as to provoke discussion (or at least, thought).

    And if I personally come across something In Real Life where I think that might have happened, I will write to a CEO to say "I struggled with your app/product/website. I applied the methods I apply in my Day Job as a software tester, and I think you need to go back and have some human beings look at this." Usually this happens where a product works 100% fine but only if you know the happy path to get the result, and that happy path isn't obvious to an Ordinary User. This often suggests to me that the developers only employed automated testing and never let a human being loose on the product before it was released. I rarely get much of a response, but I live in hope.

    ReplyDelete
  2. It's a credit to you that you take the time and effort to do those things.

    Do you have thoughts on how our industry, or software testing specifically, should change to make it less likely that users have those kinds of experiences?

    ReplyDelete

Post a Comment

Popular posts from this blog

The Ideal Test Plan

A colleague pinged me the other day, asking about an "ideal test plan" and wondering whether I could suggest something. Not without a bit more information, I said. OK, they said. Who needs the plan, for what purpose? I asked. Their response: it's for internal use, to improve documentation, and provide a standard structure. We work in a medical context and have strict compliance requirements, so I wondered aloud whether the plan is needed for audit, or to show to customers? It's not, they replied, it's just for the team. Smiling now, I stopped asking questions and delivered the good news that I had what they were looking for. Yes? they asked, in anticipation. Naturally I paused for dramatic effect and to enhance the appearance of deep wisdom, before saying: the ideal plan is one that works for you. Which is great and all that, but not heavy on practical advice. --00-- I am currently running a project at the Association for Software Testing and there is a plan for

Notes on Testing Notes

Ben Dowen pinged me and others on Twitter last week , asking for "a nice concise resource to link to for a blog post - about taking good Testing notes." I didn't have one so I thought I'd write a few words on how I'm doing it at the moment for my work at Ada Health, alongside Ben. You may have read previously that I use a script to upload Markdown-based text files to Confluence . Here's the template that I start from: # Date + Title # Mission # Summary WIP! # Notes Then I fill out what I plan to do. The Mission can be as high or low level as I want it to be. Sometimes, if deeper context might be valuable I'll add a Background subsection to it. I don't fill in the Summary section until the end. It's a high-level overview of what I did, what I found, risks identified, value provided, and so on. Between the Mission and Summary I hope that a reader can see what I initially intended and what actually

69.3%, OK?

The Association for Software Testing is crowd-sourcing a book, Navigating the World as a Context-Driven Tester , which aims to provide responses to common questions and statements about testing from a context-driven perspective . It's being edited by Lee Hawkins who is posing questions on Twitter ,  LinkedIn ,  Slack , and the AST mailing list and then collating the replies, focusing on practice over theory. I've decided to contribute by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "What percentage of our test cases are automated?" There's a lot wrapped up in that question, particularly when it's a metric for monitoring the state of testing. It's not the first time I've been asked either. In my

Why Do They Test Software?

My friend Rachel Kibler asked me the other day "do you have a blog post about why we test software?" and I was surprised to find that, despite having touched on the topic many times, I haven't. So then I thought I'd write one. And then I thought it might be fun to crowdsource so I asked in the Association for Software Testing member's Slack, on LinkedIn , and on Twitter for reasons, one sentence each. And it was fun!  Here are the varied answers, a couple lightly edited, with thanks to everyone who contributed. Edit: I did a bit of analysis of the responses in Reasons to be Cheerful, Part 2 . --00-- Software is complicated, and the people that use it are even worse. — Andy Hird Because there is what software does, what people say it does, and what other people want it to do, and those are often not the same. — Andy Hird Because someone asked/told us to — Lee Hawkins To learn, and identify risks — Louise Perold sometimes: reducing the risk of harming people —

Testing is Knowledge Work

  The Association for Software Testing is crowd-sourcing a book, Navigating the World as a Context-Driven Tester , which aims to provide responses to common questions and statements about testing from a context-driven perspective . It's being edited by Lee Hawkins who is posing questions on Twitter ,  LinkedIn ,  Slack , and the AST mailing list and then collating the replies, focusing on practice over theory. I've decided to contribute by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "We need some productivity metrics from testers" OK. I'd like to help you meet your need if I can but to do that I'll need to ask a few questions. Let's start with these: Who needs the metrics? Is there a particular pr

My Favourite Tool

Last week I did a presentation to a software testing course at EC Utbildning in Sweden titled Exploring with Automation where I demoed ways in which I use software tools to help me to test. Following up later, one of the students asked whether I had a favourite tool. A favourite tool? Wow, so simple but sooo deep!  Asking for a favourite tool could make a great interview question, to understand the breadth and depth of a candidate's knowledge about tools, how they think about an apparently basic request with deep complexity beneath (favourite for what task, on what basis, in what contexts, over what timescale?  what is a tool anyway?) and how they formulate a response to take all of that into account. I could truthfully but unhelpfully answer this question with a curt Yes or No. Or I could try and give something more nuanced. I went for the latter. At an extremely meta level I would echo Jerry Weinberg in Perfect Software : The number one te

Trying to be CEWT

I attend, enjoy, hopefully contribute to, and get a lot from, the local tester meetups and Lean Coffee  in Cambridge. But I'd had the thought kicking around for a long time that I'd like to try a peer workshop inspired by MEWT , DEWT , LEWT and the like. I finally asked a few others, including the local meetup organisers, and got mostly positive noises, so I decided to give it a go. I wrote a short statement to frame the idea, based on LEWT's: CEWT ( Cambirdge Exploratory Workshop on Testing ) is an exploratory peer workshop. We take the view that discussions are more interesting than lectures. We enjoy diverse ideas, and limit some activities in order to work with more ideas. and proposed a mission for an initial attempt to validate it locally on a small scale. Other local testers helped to refine the details in usual the testing ways - you know: criticism, questions, thought experiments, challenges, comparisons, mockery and the rest - and a list of potential at

Fail Here or Fail There

The First Law of Systems-Survival, according to John Gall, is this: A SYSTEM THAT IGNORES FEEDBACK HAS ALREADY BEGUN THE PROCESS OF TERMINAL INSTABILITY Laws are all-caps in Systemantics . Not just laws, but also theorems, axioms, and corollaries. There are many of them so here's another (location 2393-2394): JUST CALLING IT “FEEDBACK” DOESN’T MEAN THAT IT HAS ACTUALLY FED BACK There was a point when I realised, as the capitalised aphorisms rolled by, that I was sinking into the warm and sweetly-scented comforting foamy bathwater of confirmatory bias. Seen, seen, seen! Tick, tick, tick! I took the opportunity to let myself know that I'd been caught in the act, and that I needed to get out of the tub and start to challenge the content.  Intervening at that moment was congruent: I was in a context where I would accept it and prepared to change because of it. Of course, I enjoyed the deep irony of nodding along with Gall when he talked about

Testing and Words

  The other day I got tagged on a Twitter thread started by Wicked Witch of the Test about people with a background in linguistics who’ve ended up in testing. That prompted me to think about the language concepts I've found valuable in my day job, then I started listing them, and then realised how many of them I've mentioned here over the years .   This post is one of an occasional series collecting some of those thoughts.  --00-- In The Complete Plain Words , Ernest Gowers notes, acidly, that: What appears to be a sloppy or meaningless use of words may well be a completely correct use of words to express sloppy or meaningless ideas. It surely sounds trite to say it but our choice of words can make a significant difference to how well our message is understood, and how we are judged. We choose from amongst those words we know, our lexicons . The more my lexicon agrees with yours, the greater our chance of us achieving a shared understanding when we converse. But lexic

Use the Force Multiplier

On Fridays I pair with doctors from Ada 's medical quality team. It's a fun and productive collaboration where I gain deeper insight into the way that diagnostic information is encoded in our product and they get to see a testing perspective unhindered by domain knowledge. We meet at the same time each week and decide late on our focus, choosing something that one of us is working on that's in a state where it can be shared. This week we picked up a task that I'd been hoping to get to for a while: exploring an API which takes a list of symptoms and returns a list of potential medical conditions that are consistent with those symptoms.  I was interested to know whether I could find small input differences that led to large output differences. Without domain knowledge, though, I wasn't really sure what "small" and "large" might mean. I prepared an input payload and wrote a simple shell script which did the following: make a