sss ssss      rrrrrrrrrrr
                      ssss    ss       rrrr   rrrr
                     sssss     s       rrrr    rrrr
                     ssssss            rrrr    rrrr
                      ssssssss         rrrr   rrrr
                          ssssss       rrrrrrrrr
                    s      ssssss      rrrr  rrrr
                    ss      sssss      rrrr   rrrr
                    sss    sssss       rrrr    rrrr
                    s  sssssss        rrrrr     rrrrr
         +=======    Quality Techniques Newsletter    =======+
         +=======             January 2002            =======+

Subscribers worldwide to support the Software Research, Inc. (SR),
TestWorks, QualityLabs, and eValid user communities and other
interested parties to provide information of general use to the
worldwide internet and software quality and testing community.

Permission to copy and/or re-distribute is granted, and secondary
circulation is encouraged by recipients of QTN provided that the
entire document/file is kept intact and this complete copyright
notice appears with it in all copies.  Information on how to
subscribe or unsubscribe is at the end of this issue.  (c) Copyright
2003 by Software Research, Inc.


                       Contents of This Issue

   o  A Guided Tour of QWE2002

   o  Use Your Resources, by Danny Faught

   o  eValid FREE Website HealthCheck Offer

   o  SQRL Report Available: Documenting Requirements

   o  Annals of Software Engineering:  Call for Contributions

   o  Trustworthy Computing, by Bill Gates (with caveats)

   o  CONQUEST 2002 Call for Participation

   o  QTN Article Submittal, Subscription Information


                      A Guided Tour of QWE2002

      QWE2002's complete technical program and schedule of
      events in on the Conference WebSite.  This item
      summarizes the technical content of the Tutorials,
      Keynotes, and Papers being presented at the QWE2002

      Complete QWE2002 Conference Details including
      registration information at:


QWE2002's full-day and half-day address the most important issues
and questions facing the world software and internet community.

To begin with, there is the issue of WebSite Quality.

First, get inspiration from "RobSab" in his "Getting Started -
Stressing Web Applications, Stress Early - Stress Often," by Mr.
Robert Sabourin [, Canada] and follow that up with a new-
technology approach (based in the browser) "Web Testing - A
Practical Approach," by Dr. Edward Miller [eValid, Inc., USA].

If you are into XP ideas, you'll love hearing "Just In Time Testing
- Testing Turbulent Web Based Applications," by Mr. Robert Sabourin
[, Canada].  Finally, to summarize it all, we have "Web
Testing Master Class," by Dr. G. Bazzana and Mrs. Ioana Ene [Onion,

Next, we have concerns about software process. Thinking and action
are the keys.  Consider attending "Think Green! Think Different!
Think Modular! (The LEGO Principle)," by Mr. Olivier Denoo
[ps_testware, Belgium] or "Managing the Testing Process -
Organization, Motivation, and Techniques," by Mr. Rex Black [RBCS,
Inc., USA].  And, for a somewhat more formalized approach, don't
miss "Stepwise Improvement of the Test Process using TPI," by Mr.
Martin Pol [Polteq, Netherlands] & [Mr. Ruud Teunissen [Gitek nv,

Newer technology can make a real difference.  Here are four major
technological expositions that you won't want to miss.  "Writing
Good Requirements," by Mr. Erik Simmons [Inter Corporation, USA],
"Model-Based Testing," by Mr. Ibrahim K. El-Far [Florida Institute
of Technology, USA], "Guided Inspection of UML Models," by Dr. John
McGregor [Luminary Software, USA], and, "Software Measurement: The
Goal/Question/Metric Method," by Dr. Rini vanSolingen [CMG,

Lastly, and certainly not least by any means, is the significant
impact you gain from systematic testing.  Hear an inspiring talk by
experienced veterans "Emotional Intelligence as the Key to Software
Testing," by Mr. Jens Pas [I2B, Belgium], and "Structured Testing,"
by Mr. Martin Pol [Polteq, Netherlands] & [Mr. Ruud Teunissen [Gitek
nv, Belgium].  Measure you own level of expertise with "
Introduction to the Test Maturity Model," by Dr. Erik P.
vanVeenendaal [Improve Quality Services BV, Netherlands], and impose
the best possible process with "Introduction to Defect Analysis," by
Mr. Otto Vinter [Software Engineering Mentor, Denmark].

                           KEYNOTE TALKS

The QWE2002 Theme, "Internet Now!" is intended to focus our
attention on the main issues of the day.  And the keynote talks do
just that.  Representing the future are "Building the Infrastructure
for The Future," by Mr. Rik Nuytten [Cisco Systems, Belgium],
"Creating Quality Web Systems," by Mr. Robert A. Sabourin
[, Canada], and "Organizing for High Tech Innovation," by
Prof. Koenraad Debackere [KUL, Belgium].

An dealing with squeezing the absolute most out of current
technology and experience are:  "Power Testing Mr. Bob Bartlett," by
Mr. Bob Bartlett [SIM Group, UK], "Independent Verification and
Validation Implementation at NASA ," by Dr. Linda Rosenberg [GSFC
NASA, USA], and "From Requirements to Release Criteria," by Mr. Erik
Simmons [Intel Corporation, USA].

                         TECHNOLOGY TRACK

Software testing -- with the same basic methods applied to websites
-- remains a mainstay.  Hear about new advances in "How to Use
Scientific Methods In Software Testing," by Mr. Anders Claesson
[Enea Realtime AB, Sweden] and "Choosing an Appropriate Software
Testing Method," by Mr. Ibrahim K. El-Far, Ms. Florence E. Mottay,
Mr. Herbert H. Thompson & Mr. Nikhil Nilakantan [Florida Institute
of Technology, USA].  And, a new twist, here is work on handling a
geographically dispersed project:  "Virtual Test Management- Rapid
Testing Over Multiple Time Zone," by Mr. Jim Bampos [Lionbridge,
USA] & Mr. Eric Patel [Nokia, USA].

But the impact of the Internet (remember the theme, Internet Now!,
is clear in these to technology talks:  "Automated Functional
Testing of Web-Based Applications," by Mr. Oliver Niese, Dr. Tiziana
Margaria & Prof. Bernhard Steffen [METAFrame Technologies GmbH,
Germany], and, "InBrowser WebSite Testing- The Client-Side
Approach," by Mr. Tobias Mayer [eValid, Inc., USA].

New tool technology always contributes to simplifying work and
enhancing the quality of life for software testers.  Don't miss
these talks that deal with new and novel approaches:  "Tool Support
for Model Based Statistical Testing," by Dr. Stacy Prowell [The
University of Tennessee, USA], "State-of-the Art Information on
Petri Nets Applied to Software Quality," by Dr. Mihaela Barreau, Dr.
Jean-Yves Morel & Dr. Alexis Todoskoff [University of Angers,
France], "Traceability and Reproducibility in Integrated System Test
Environments," by Dr. Nancy Eickelmann & Mr. Allan Willey [Motorola
Labs, USA], and, "Validating Quality Requirements of Object Oriented
Design," by Mr. Jamal Said & Mr. Eric Steegmans [Department of
Computer Science, K.U. Leuven, Belgium].

Experience may be the best teacher -- and if we don't learn from the
past...well, everyone knows the rest of that one.  Here are four
super examples of how to be the most from the past:  "A Tool for the
Design & Analysis of Software Safety-Critical Systems," by Ms. Janet
A. Gill & Dr. Frederick Ferguson [NAVAIR, Software Safety-Critical
Systems, Inc., USA], "Systematic Validation of an Interlocking
System," by Ms. Begona Laibarra [SQS SA, Spain] & Mr. Francisco Vega
[Alcatel SEL, Spain], and, "Improving Component Quality Through the
Systematic Combination of Construction and Analysis," by Dr.
Christian Bunse & Dr. Oliver Laitenberger [Fraunhofer Institute for
Experimental Software Engineering, Germany].

                         APPLICATIONS TRACK

It's not all for naught! Yes, there really are success stories.  For
example, "QA Success Story for Embedded Systems in Real Time Control
Systems," by Mr. Jon Maurolagoitia [SQS S.A., Spain], and,
"Experience in Testing Pocket PC Applications," by Mr. Ibrahim K.
El-Far, Ms. Florence E. Mottay & Mr. Herbert H. Thompson [Florida
Institute of Technology, USA].

And, new technology does have a role, as these two presentations
point out:  "Testing of CORBA Products," by Ms. Mang Li, Mr. Axel
Rennoch, Dr. Ina Schieferdecker & Ms.Dorota Witaszek [GMD FOKUS,
Germany], and, "The AGEDIS Software Test Technology Project," by Mr.
Bernd Mattern [imbus AG, Germany].

How you "play the game" is important to getting good results.  Take
a look at these experience-based presentations:  "Metrics-Cockpit
Means of 'Viewing' the Project," by Mr. Sridhar Narayanan [Cognizant
Technology Solutions, USA] , "Performance Testing - "Step On
It"," by Ms. Nadine Pelicaen [ps_testware, Belgium], and, "The
Importance of Data in Functional Testing," by Mr. James Lyndsay
[Workroom Productions, Germany].

Knowing how to get the best out of long-tried technologies is also
key, as these papers make clear:  "Configuration Management in a
Test Centre," by Mr. Kie Liang Tan [CMG, Netherlands], "Structuring
Your Tests in a Component Based Environment," by Mr. Chris C.
Schotanus [CMG, Netherlands], and, "Product Triage - A Medical
Approach to Predicting and Monitoring Product," by Mr. Erik Simmons
[Intel Corporation, USA].

But there is always room for improvement.  Her are two papers that
focus on how to bring new methods "on stream":  "Testing Challenges
of Incremental Component Based Development," by Mr. Leo VanDerAalst
[Gitek nv, Belgium], and, "Steps to Bring the V-Model Into Real Life
- A Case Study," by Dr. Rainer Stetter [ITQ GmbH & Software Factory
GmbH, Germany].

                          INTERNET TRACK

The Internet is here to stay and quality concerns are growing in
importance every day.  How does WebSite development differ from
"conventional" software development?  Here are three takes on where
the answers lie:  "Web Development - A New Quality Paradigm," by
Prof. Antonio de Amescua [Carlos III University of Madrid, Spain] &
Mr. Guillermo Pastor [INAD, Spain], "Testing Inside and Outside the
Firewall," by Mr. Michael Avni [Mercury Interactive, UK], and, "A
Requirements-Based Approach to Delivering E-Business and Enterprise
Applications," by Mr. Scott Jefferies [Starbase Corporation, USA].

If you are concerned about quality, you have to know about the thing
you concerned about.  Here are three presentations that dig deep
into critical WebSite issues:  "Practical Experiences in Bug Cluster
Management," by Mr. Kim Davis [My Virtual Model, Inc., Canada] & Mr.
Robert Sabourin [, Canada], "Innovative WebSite Mapping
Tool," by Dr. Edward Miller [eValid, Inc., USA], and, "Providing
Automated Support for Web Metrics," by Ms. Julia Gonzalez, Mr.
Guillermo Lafuente, Mr. Luis Olsina, & Mr. Oscar Pastor [Extremadura
University, Spain]

Everyone knows that click-away happens if the user is bored -- or
has to wait more than 8.0 seconds. So performance is an issue. Here
are three presentations that deal with Internet performance testing:
"Performance Testing Applications In Internet Time," by Ms. Nancy
Landau [Alltel Technology Services, USA], "Challenges of Automating
Performance Tests for New Internet Technologies," by Mr. Raymond
Rivest [Computer Research Institute of Montreal, Canada], and,
"Deployment of Globalised Wireless Internet Applications," by Mr.
Paul McBride [VeriTest, Ireland].

Overall, though, we have to reflect Internet realities into process,
and that is what these presentations do:  "Vulnerabilities and
Developing for the Net," by Mr. Robert A. Martin [The MITRE
Corporation, USA], "Checklist for Web Site Quality Assurance," by
Dr. Klaus Quibeldey-Cirkel [TLC GmbH, Germany], and, "Multifaceted
Internet Application Quality Validation Methodology," by Mr. Simon
J. Hardiman [SQS S.A., Spain].

                         MANAGEMENT TRACK

Risk is everywhere, so why not exploit risk factors up front?
Indeed, why not?, as these fine presentations imply:  "Risk Based
Test Strategy," by Mr. Rob Baarda [IQUIP Informatica BV,
Netherlands], and, "A Risk Based Testing Process," by Mr. Anders
Claesson [Enea Realtime AB, Sweden].

Everything is in the details, and that's no less so that for test
process steps.  Here are talks by experienced experts who know where
they have been, and will help you learn how to get there too --
process-wise:  "Test Process Improvement - Theory and Practice," by
Mr. Stale Amland [Amland Consulting, Norway] & Mr. Martin Pol
[Polteq IT Services B.V., Netherlands], "The Art of Managing Fixed
Price Test Project," by Mr. Ruud Teunissen [Gitek nv, Belgium],
"Quality Starts by Defining Goals," by Dr. Robert Darimont, Ms.
Emmanuelle Delor & Mr. Andre Rifaut [CEDITI, Belgium], "Quality
Radar - Getting Grip on Customer Expectations," by Mr. Ton Dekkers &
Mr. Mario Van Os [IQUIP Informatica BV, Netherlands], and, "Survival
Guide for Applying a Software Development Process," by Mr. Bernd
Eberhardt [Rational Software, Germany].

Closing the loop has the potential to fine-tune the control you can
exercise in a test process.  Here are ways to use current and past
data to improve current and future performance:  "Improving the
Software Estimation Process," by Mr. Geir Kjetil Hanssen, Mr. Hans
Westerheim [SINTEF, Norway] & Mr. Tor Stalhane [NTNU, Norway],
"Process Management Maturity," by Mr. Dean Hanley [Computer
Associates, USA], "Using SPICE as an Internal Software Engineering
Process Improvement Tool," by Mr. Michael J. Hillelsohn [Software
Performance Systems, USA], "Information Systems as an Instrument for
Quality Programs," by Mr. Jose M. Xexeo, Dr. Ana Regina, Mr. Alvaro
Alves, & Dr. Jose Blaschek [COPPE/Universidade Federal do Rio de
Janeiro, Brazil], and, "Variable Test Strategy - Learn To Only Do
What You Need To Do," by Mr. Geert Pinxten & Mr. Jens Pas [I2B,

         Complete details at: <>


                         Use Your Resources
            By Danny Faught 

I recently attended Weinberg & Weinberg's Problem-Solving Leadership
workshop (PSL). A major feature of the workshop is the fact that
it's an "experiential" training experience. Not a single PowerPoint
slide in 5 1/2 days of training; it was learning by doing. It was a
wonderful experience.

While this sort of training is fairly rare in the computer field, I
was reminded of many experiential leadership training sessions I
participated in as a Boy Scout. One of them was called "Brownsea
Double-Two." Named after the original Scout camp set up by the
founder of the Boy Scout movement, Brownsea was a week-long course
conducted at the local Scout camp facilities. It was residential
like PSL, in that we all were staying in the same area. This allowed
the training to continue into the evenings. Plus, at Brownsea, we
were responsible for taking care of all of life's necessities, so if
we had a leadership breakdown, it might mean that we didn't get to
eat! It was full immersion.

I'm still absorbing all the different learnings that I took away
from PSL. But I want to share one thing about Brownsea Double-Two.
The one thing I remember most, that was drilled into my head
repeatedly through the week, was the phrase "Use your resources."
According to the Random House Webster's College Dictionary, a
resource is "a source of supply, support, or aid, especially one
that can be readily drawn upon when needed." Resources might mean
material resources, people resources, or information resources. When
we think outside the "box" where we usually look for resources, we
might find more effective ways to do our jobs.

I may have to think outside my self-imposed resource box to find all
the material resources that are available. On a recent project, I
managed to obtain some equipment I needed that was sitting idle in a
coworker's office. I also was able to obtain an underutilized
computer to use as a testing platform. I often find people going
without material resources they need, simply because they assume
that they aren't allowed to ask for them. At Brownsea, we were
trying to earn a prize by improving our campsite. We were in the
Texas badlands, where rocks were plentiful. We normally didn't think
of the rocks unless we stubbed a toe on one or bent yet another tent
stake on the bedrock. But someone in my patrol got the bright idea
to line the paths through our campsite with the rocks.  It looked
great when we finished, and we earned a large brightly colored
feather to hang from our patrol flag. We also found out what happens
when we abuse our resources. We left the campsite with the campfire
still burning, and for that mistake, we earned a drab turkey
feather. If only all of our mistakes in the workplace had such
benign consequences!

As leaders, we have to be very aware of our people resources. We
should learn all the ways that our managers can help us, and we need
to be sure to ask for their help when needed. We also have to enable
the people on our teams to contribute using all of their skills. On
a project I'm leading now, I've been a bit overloaded lately. So
I've made a concerted effort to delegate some tasks so that I don't
become a bottleneck slowing down the team. I also got creative in
soliciting help with the quality process from people outside of the
SQA team. At Brownsea, I learned about people resources when I was
put in charge of organizing a campfire program.

If you're not familiar with a Boy Scout campfire program, think of
it as a variety show, with all of the audience contributing in
various ways. I called upon all of the patrols in the camp to
contribute, and I made sure that I didn't get tied up with creating
the content myself. If I had gotten too worried about the content, I
would have neglected the opportunities for other people to pitch in
with their unique talents. I was very nervous before we started, but
it turned out great, and we all felt a shared ownership of the

Information resources have been my specialty in the software quality
field for quite some time. I make sure I know what books and
periodicals can help, what web sites could provide additional
information, and what training courses and conferences can enlighten
me. At Brownsea, we had course materials to refer to, as well as
manuals such as the Boy Scout Handbook and the Field Guide. We also
had staff members who could answer questions. Information resources
are really just an extension of material resources (things that give
us information) and people resources (people who give us

Perhaps this article was just an excuse for me to tell old Boy Scout
stories. But hopefully it will get you thinking about the resources
that you have available to you. The most useful resources may not be
the ones that you traditionally look for, and they might not even
come in the form that you usually expect to see them in. Make sure
you're using all the information, materials, and human resources
that are available to you. Have I missed any big categories of
resources? If I have, please let me know. After all, my readers are
a great resource for me!

(c) Copyright 2001, Danny R. Faught

Danny Faught is an independent software quality consultant and
proprietor of Tejas Software Consulting


               eValid FREE WebSite HealthCheck Offer

Do you know how healthy your WebSite really is?

Does it have any broken links?  Any slow-loading pages?

Are your WebSite pages optimized to provide for the fastest download

The eValid WebSite test engine provides a very wide variety of tests
and analyses that help you keep your WebSite healthy.

                  FREE eValid WebSite HealthCheck

We are now offering on a limited basis a FREE eValid WebSite
HealthCheck that includes a sample of key eValid reports:
unavailable links analysis, detailed page timing report, slow-
loading pages report, and detailed SiteMap.

The FREE eValid WebSite HealthCheck gives you an analysis of part of
your WebSite in automatically generated eValid reports that address
such critical quality areas as:

  > An Unavailable Links Report using the LinkCheck feature of
    eValid's Site Analysis engine.  It shows you client-side
    availability failures that you can't detect from the server

  > A Slow-Loading Pages Report that identifies, among all pages
    downloaded, every page that takes longer than 2 seconds to
    download (using a fast DSL connection).

  > A Detailed Page Download Timing Chart, produced for one of your
    WebSite pages, so you can see how to improve the download
    response times for that page.

  > A Unique Link SiteMap for the all the analyzed pages that
    details your WebSite structure and page dependencies.

          How To Get Your FREE eValid WebSite HealthCheck

All you have to do is reply to this email and we'll contact you to
arrange the details of your FREE eValid WebSite HealthCheck.  Or,
make your request direct to .

Complete details about the FREE eValid WebSite HealthCheck,
including sample reports and results, are available at:


| eValid, Inc.                  | Phone:       [+1] (415) 861-2800 |
| Software Research, Inc.       | Toll Free:        1-800-942-SOFT |
| 1663 Mission St., Suite 400   | FAX:         [+1] (415) 861-9801 |
| San Francisco, CA  94103  USA | E-Mail: |
|                               | WWW:    <> |


                         SQRL Report No. 1

                On Documenting the Requirements for
      Computer Programs Based on Models of Physical Phenomena

             Konstantin Kreyman and David Lorge Parnas

Abstract:  Programs for use by Scientists and Engineers are usually
embodiments of mathematical models of physical phenomena. Complete
and accurate models are usually quite complex because they must deal
with the wide-variety of situations that can arise in the real-
world. Informal descriptions of these models are often incomplete,
imprecise, and, inaccurate and are not suitable for specifying what
is required of a software package. This paper presents an approach
to writing requirements documents for such programs. It demonstrates
how tabular notation can make precise mathematical expressions more
readable. It also shows how we can document systems in which the
user is given some control of the computational method to be used.

The web address for downloading reports is:


       Annals of Software Engineering: Call for Contributions
Special Volume on "Computational Intelligence In Software Engineering"


The Annals of Software Engineering journal seeks articles for a
special volume on "Computational Intelligence In Software

The constantly evolving technological infrastructure of the modern
world presents a great challenge of developing software systems with
increasing size and complexity. Software engineers and researchers
are striving to meet these and other continuously growing challenges
by developing and implementing useful software engineering
methodologies. However, despite the introduction of some important
and useful paradigms in the software engineering discipline, their
technological transfers on a larger scale has been extremely gradual
and limited.

The recent emergence of the field of Computational Intelligence (CI)
in Software Engineering provides a software development team with an
opportunity by taking advantage of the currently developed,
documented, and mature CI technologies such as fuzzy logic,
artificial neural networks, genetic and artificial intelligence
based computational systems, expert knowledge based systems, and
case based reasoning. These and other computational intelligence
technologies have been used to resolve issues arising from the
ever-increasing complexity and size of software systems.

The aim and scope of this special issue is focused on the current
research trends of introducing and implementing CI techniques to
address the various software engineering needs arising during
different phases of software development and analysis. This special
issue is intended to serve as a comprehensive collection of some of
the current state-of-the-art CI in software engineering

Topics of Interest

Topics of particular interest on "Computational Intelligence In
Software Engineering" include but are not limited to:

      * Neural Networks
      * Fuzzy Logic
      * Genetic Algorithms & Programming
      * Case Based Reasoning
      * Data Mining Techniques
      * Adaptive Computing Systems
      * Knowledge Based Systems
      * Software Cost Estimation
      * Software Reliability Modeling
      * Formal Verification Methods
      * Software Testing & Software Validation
      * Expert Software Systems
      * Software Requirements & Specifications Engineering
      * Machine Learning Techniques
      * Hybrid Intelligent Systems


Professor Taghi M. Khoshgoftaar
Department of Computer Science & Engineering
Florida Atlantic University
Boca Raton, Florida 33433, U.S.A.
Tel:   +1-561-297-3994
Fax:   +1-561-297-2800


                  Subject: Trustworthy Computing
                           by Bill Gates

      Editor's Note:  We got this item from a friend who got
      it from a friend who...  The friend actually abstracted
      the memo he got, just to focus on the parts about
      trustworthiness.  So, we cannot vouch totally for its
      correctness.  The best we can say is he told us that he
      was told that it is legit.  All of the usual caveats
      apply.  -EFM

From: Bill Gates
Sent: Tuesday, January 15, 2002 2:22 PM
To: Microsoft and Subsidiaries: All FTE
Subject: Trustworthy computing

Every few years I have sent out a memo talking about the highest
priority for Microsoft. Two years ago, it was the kickoff of our
".NET" strategy.  Before that, it was several memos about the
importance of the Internet to our future and the ways we could make
the Internet truly useful for people.  Over the last year it has
become clear that ensuring ".NET" is a platform for Trustworthy
Computing is more important than any other part of our work. If we
don't do this, people simply won't be willing--or able--to take
advantage of all the other great work we do. Trustworthy Computing
is the highest priority for all the work we are doing. We must lead
the industry to a whole new level of Trustworthiness in computing.

When we started work on Microsoft ".NET" more than two years ago, we
set a new direction for the company--and articulated a new way to
think about our software. Rather than developing standalone
applications and Web sites, today we're moving towards smart clients
with rich user interfaces interacting with Web services. We're
driving the XML Web services standards so that systems from all
vendors can share information, while working to make Windows the
best client and server for this new era.  There is a lot of
excitement about what this architecture makes possible. It allows
the dreams about e-business that have been hyped over the last few
years to become a reality. It enables people to collaborate in new
ways, including how they read, communicate, share annotations,
analyze information and meet.

However, even more important than any of these new capabilities is
the fact that it is designed from the ground up to deliver
Trustworthy Computing.  What I mean by this is that customers will
always be able to rely on these systems to be available and to
secure their information. Trustworthy Computing is computing that is
as available, reliable and secure as electricity, water services and

Today, in the developed world, we do not worry about electricity and
water services being available. With telephony, we rely both on its
availability and its security for conducting highly confidential
business transactions without worrying that information about who we
call or what we say will be compromised. Computing falls well short
of this, ranging from the individual user who isn't willing to add a
new application because it might destabilize their system, to a
corporation that moves slowly to embrace e-business because today's
platforms don't make the grade.

The events of last year--from September's terrorist attacks to a
number of malicious and highly publicized computer viruses--reminded
every one of us how important it is to ensure the integrity and
security of our critical infrastructure, whether it's the airlines
or computer systems.  Computing is already an important part of many
people's lives. Within ten years, it will be an integral and
indispensable part of almost everything we do. Microsoft and the
computer industry will only succeed in that world if CIOs, consumers
and everyone else sees that Microsoft has created a platform for
Trustworthy Computing.

Every week there are reports of newly discovered security problems
in all kinds of software, from individual applications and services
to Windows, Linux, Unix and other platforms. We have done a great
job of having teams work around the clock to deliver security fixes
for any problems that arise.  Our responsiveness has been unmatched
- but as an industry leader we can and must do better. Our new
design approaches need to dramatically reduce the number of such
issues that come up in the software that Microsoft, its partners and
its customers create. We need to make it automatic for customers to
get the benefits of these fixes. Eventually, our software should be
so fundamentally secure that customers never even worry about it.
No Trustworthy Computing platform exists today. It is only in the
context of the basic redesign we have done around ".NET" that we can
achieve this. The key design decisions we made around ".NET" include
the advances we need to deliver on this vision. Visual Studio ".NET"
is the first multi-language tool that is optimized for the creation
of secure code, so it is a key foundation element.

I've spent the past few months working with Craig Mundie's group and
others across the company to define what achieving Trustworthy
Computing will entail, and to focus our efforts on building trust
into every one of our products and services. Key aspects include:
Availability: Our products should always be available when our
customers need them. System outages should become a thing of the
past because of a software architecture that supports redundancy and
automatic recovery.  Self-management should allow for service
resumption without user intervention in almost every case.

Security: The data our software and services store on behalf of our
customers should be protected from harm and used or modified only in
appropriate ways. Security models should be easy for developers to
understand and build into their applications.  Privacy: Users should
be in control of how their data is used. Policies for information
use should be clear to the user. Users should be in control of when
and if they receive information to make best use of their time. It
should be easy for users to specify appropriate use of their
information including controlling the use of email they send.

Trustworthiness is a much broader concept than security, and winning
our customers' trust involves more than just fixing bugs and
achieving "five-nines" availability. It's a fundamental challenge
that spans the entire computing ecosystem, from individual chips all
the way to global Internet services. It's about smart software,
services and industry-wide cooperation.

There are many changes Microsoft needs to make as a company to
ensure and keep our customers' trust at every level - from the way
we develop software, to our support efforts, to our operational and
business practices. As software has become ever more complex,
interdependent and interconnected, our reputation as a company has
in turn become more vulnerable. Flaws in a single Microsoft product,
service or policy not only affect the quality of our platform and
services overall, but also our customers' view of us as a company.

In recent months, we've stepped up programs and services that help
us create better software and increase security for our customers.
Last fall, we launched the Strategic Technology Protection Program,
making software like IIS and Windows ".NET" Server secure by
default, and educating our customers on how to get--and stay--
secure. The error-reporting features built into Office XP and
Windows XP are giving us a clear view of how to raise the level of
reliability. The Office team is focused on training and processes
that will anticipate and prevent security problems. In December, the
Visual Studio ".NET" team conducted a comprehensive review of every
aspect of their product for potential security issues. We will be
conducting similarly intensive reviews in the Windows division and
throughout the company in the coming months.

At the same time, we're in the process of training all our
developers in the latest secure coding techniques. We've also
published books like "Writing Secure Code," by Michael Howard and
David LeBlanc, which gives all developers the tools they need to
build secure software from the ground up.  In addition, we must have
even more highly trained sales, service and support people, along
with offerings such as security assessments and broad security
solutions. I encourage everyone at Microsoft to look at what we've
done so far and think about how they can contribute.

But we need to go much further.

In the past, we've made our software and services more compelling
for users by adding new features and functionality, and by making
our platform richly extensible. We've done a terrific job at that,
but all those great features won't matter unless customers trust our
software. So now, when we face a choice between adding features and
resolving security issues, we need to choose security. Our products
should emphasize security right out of the box, and we must
constantly refine and improve that security as threats evolve. A
good example of this is the changes we made in Outlook to avoid
email borne viruses. If we discover a risk that a feature could
compromise someone's privacy, that problem gets solved first. If
there is any way we can better protect important data and minimize
downtime, we should focus on this. These principles should apply at
every stage of the development cycle of every kind of software we
create, from operating systems and desktop applications to global
Web services.

Going forward, we must develop technologies and policies that help
businesses better manage ever larger networks of PCs, servers and
other intelligent devices, knowing that their critical business
systems are safe from harm. Systems will have to become self-
managing and inherently resilient. We need to prepare now for the
kind of software that will make this happen, and we must be the kind
of company that people can rely on to deliver it.

This priority touches on all the software work we do. By delivering
on Trustworthy Computing, customers will get dramatically more value
out of our advances than they have in the past. The challenge here
is one that Microsoft is uniquely suited to solve.


 CONQUEST Conference on Quality Engineering in Software Technology
       CONQUEST-2002, Nuremberg, Germany, 18-20 October 2002

Objectives:  The ASQF is one of the key platforms for software
professionals in Germany.  The aims of the ASQF are: promoting
discussion and raising awareness of the important role that software
quality plays for the general public; fostering exchange of
experience amongst software developers and quality managers;
underpinning sharing of knowledge between software developers from
industry, research institutions as well as academia; and
encouraging publication in the field of software quality.

Supporting these goals the ASQF, in collaboration with EuroSPI and
the Gesellschaft fur Informatik e.V. (GI), hosts the sixth
international "Conference on Quality Engineering in Software
Technology".  In recent years, CONQUEST has attracted an average of
over 250 participants, 30 speakers and 20 exhibitors.

Topics:  Contributions may cover any quality related aspect of
software engineering.  Please classify your contribution by
selecting the topic below that best describes your paper's subject
area.  We also offer 1/2 day tutorials about these topics on
September 18th:

      1. Models for Software Development Processes
      2. Analytical Methods of Software Engineering
      3. Metrics and Measurement Models
      4. Componentware & Component Architecture
      5. Management Aspects of Software Engineering
      6. Requirements Engineering

The conference languages are German and English!  The print version
of Call for Papers can be retrieved here:

    ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------

QTN is E-mailed around the middle of each month to over 9000
subscribers worldwide.  To have your event listed in an upcoming
issue E-mail a complete description and full details of your Call
for Papers or Call for Participation to .

QTN's submittal policy is:

o Submission deadlines indicated in "Calls for Papers" should
  provide at least a 1-month lead time from the QTN issue date.  For
  example, submission deadlines for "Calls for Papers" in the March
  issue of QTN On-Line should be for April and beyond.
o Length of submitted non-calendar items should not exceed 350 lines
  (about four pages).  Longer articles are OK but may be serialized.
o Length of submitted calendar items should not exceed 60 lines.
o Publication of submitted items is determined by Software Research,
  Inc., and may be edited for style and content as necessary.

DISCLAIMER:  Articles and items appearing in QTN represent the
opinions of their authors or submitters; QTN disclaims any
responsibility for their content.

STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR logo are
trademarks or registered trademarks of Software Research, Inc. All
other systems are either trademarks or registered trademarks of
their respective companies.

        -------->>> QTN SUBSCRIPTION INFORMATION <<<--------

To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to
CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please
use the convenient Subscribe/Unsubscribe facility at:


As a backup you may send Email direct to  as follows:

   TO SUBSCRIBE: Include this phrase in the body of your message:

   TO UNSUBSCRIBE: Include this phrase in the body of your message:

Please, when using either method to subscribe or unsubscribe, type
the  exactly and completely.  Requests to unsubscribe
that do not match an email address on the subscriber list are

		Software Research, Inc.
		1663 Mission Street, Suite 400
		San Francisco, CA  94103  USA

		Phone:     +1 (415) 861-2800
		Toll Free: +1 (800) 942-SOFT (USA Only)
		Fax:       +1 (415) 861-9801
		Web:       <>