sss ssss      rrrrrrrrrrr
                      ssss    ss       rrrr   rrrr
                     sssss     s       rrrr    rrrr
                     ssssss            rrrr    rrrr
                      ssssssss         rrrr   rrrr
                          ssssss       rrrrrrrrr
                    s      ssssss      rrrr  rrrr
                    ss      sssss      rrrr   rrrr
                    sss    sssss       rrrr    rrrr
                    s  sssssss        rrrrr     rrrrr
         +=======    Quality Techniques Newsletter    =======+
         +=======              March 2000             =======+

QUALITY TECHNIQUES NEWSLETTER (QTN) (Previously Testing Techniques
Newsletter) is E-mailed monthly to subscribers worldwide to support the
Software Research, Inc. (SR), TestWorks, QualityLabs, and eValid WebTest
Services user community and to provide information of general use to the
worldwide software and internet quality and testing community.

Permission to copy and/or re-distribute is granted, and secondary
circulation is encouraged by recipients of QTN provided that the entire
document/file is kept intact and this complete copyright notice appears
with it in all copies.  (c) Copyright 2003 by Software Research, Inc.


   o  13th Annual International Software & Internet Quality Week 2000

   o  Software Testing - Myth or Reality? (Part 3 of 3)

   o  Denial Of Service Attack -- Additional Information

   o  CAPBAK/Web Release Now Supports Java Applets, Built-In Charting

   o  Advisory for the Happy99 Virus

   o  First Asia-Pacific Conference on Quality Software (APAQS 2000)

   o  New Thinking OObjectively Column for CACM by M. E. Fayad



       13th International Software/Internet Quality Week (QW2000)

               QW2000 Theme: New Century! New Beginnings!

The Y2K event has passed.  The celebrations are over.  It's a new
century and it's time for new beginnings.  It's time for change.

The explosive growth in interest in the Internet (WWW) is the main
driving factor in much of what's happening in software testing and
quality assurance.  WebSites are very complex pieces of software, and
many of the proven application-based and client-server approaches
software quality approaches ought to apply to websites as well.

QW2000's theme, "New Century! New Beginnings!"  reflects this shift.
This year our Keynoters have real-world experience that can be used on
your projects, our QuickStart speakers' expertise will save you time and
effort, and our over 60 speakers are focused on Technology,
Applications, Internet and Management topics.  QW2000 is an event NOT to
be missed!

                    What They Say About Quality Week

Here are some samplings of attendee's comments about past Quality Week

   o  ...Quality Week in San Francisco was a valuable experience.  The
      content of the tracks was kept at a educational level and anything
      that involved a specific product was very clearly identified.  No
      unpleasant surprises...
   o  ...Well organized, stimulating event...
   o  ...In meeting with speakers and attendees at Quality Week I have
      been impressed with their breadth of experience, breadth of
      languages, and diversity of fields.
   o  ...I need to mention to you how impressed I have been with the
      thought you have given to promoting the big picture.

QW2000 papers are selected based on reviews and recommendations from our
distinguished whose members represent a broad range of expertise in the
software and internet quality area from Industry and Academic positions

                      International Advisory Board

The "Quality" of the Quality Week Conferences is a direct result of the
contribution of their expertise.  QW2000's Advisory Board includes:

     Selim Aissi (Intel Corporation) - Larry Apfelbaum (Teradyne)
               James Bach (Satisfice) - Vic Basili (UOM)
          Boris Beizer (Analysis) - Bill Bently (Mu_Research)
          Robert Binder (RBSC, Inc.) - Robert Birss (Talarian)
             Jack Bishop (SVN)  - Nick Borelli (Microsoft)
          Rita Bral (SR/Institute)  - Taz Daughtrey (ASQC/SQP)
        Tom Drake (CRTI)  - Sam Guckenheimer (Rational Software)
       Dick Hamlet (Portland State) - Doug Jacobson (Iowa State)
  Andre Kok (CMG/Netherlands) - Ara Kouchakdjian (Q-Labs/Netherlands)
         Edward Miller (SR/Institute) - John Musa (Consultant)
         Michael O'Duffy (CSE/Ireland) - Lee Osterweil (UMASS)
             Greg Pope (AZOR) - Otto Vinter (Delta/Denmark)
               Mark Wiley (nCUBE) - Denise Woit (Ryerson)

                           Who Should Attend

QW2000 is an educational experience aimed at many levels.  Attendees
should include:

   o Lead senior quality assurance managers and web chiefs looking for
      powerful testing methods and an opportunity to check out the
      latest tools and methodologies.
   o Software developers and website developers -- beginners and experts
      alike -- who need exposure to authoritative sources for improving
      their products.
   o Programmers, software developers, website designers -- anyone who
      wants to learn more about producing better quality products.
   o Managers and senior Technologists who want to catch up on the
      state-of-the-art in software and website testing and quality

                        Participating Companies

Here is a sampling of 100 of the more than 1200 companies that have sent
delegates to Quality Week Conferences in past two years:

      3Com, ABN AMRO, Adobe Systems Inc., ADP, AGFA Gevaert,
      AirTouch, Alcatel,, Amdahl, Andersen Consulting,
      AT&T, Autodesk, Inc., Bank of America, Barclays Bank, Bayer
      Corporation, Bechtel, Becton Dickinson, BellSouth, Blue
      Cross/Blue Shield, Boeing, Bomardier, Bosch, British
      Telecom, Cadence Design System, Cap-Gemini, CERN, Cisco,
      CMG, CNET, Compaq, Compuware, Coopers & Lybrand, CSC,
      Cypress Semiconductor, Daimler-Benz, Deutsche Telekom, DHL,
      Dresdner Bank, Eastman Kodak, EDS, Ericsson, Eurocontrol,
      FedEx, Ford Motor Company, Fujitsu, GE, Hewlett-Packard,
      Hitachi, Honeywell, Hughes, IBM Corporation, Informix, Intel
      , Intuit, J.D.Power, JPL, Johnson Controls, KPMG, Lernout &
      Hauspie, Lockheed Martin, Lucent, McGraw-Hill, MCI, Mentor
      Graphics, Merryll Lynch, Microsoft, MITRE, Motorola, NASA,
      NCR, Netscape, Nokia, Nortel, Northwestern Mutal, Novell,
      Oracle, Pacific Bell, PeopleSoft, Perkins Elmer, Philips,
      Platinum Technology, QUALCOMM, Raytheon, Rockwell Collins,
      SAS Institute, SGI, Shell, Siemens, Sony, Sun Microsystems,
      Sybase, Tektronix, TRW, Underwriters Laboratories, UNISYS,
      VeriFone, VISA, Volvo, Xerox

         C O M P L E T E   C O N F E R E N C E   P R O G R A M

                           T U T O R I A L S

          Tuesday, 30 May 2000, 8:30 - 12:00 -- AM Tutorials

Ms. Johanna Rothman (Rothman Consulting Group) "Life as a New Test
Manager (A1) [USA]"
Dr. Norman Schneidewind (Naval Postgraduate School) "A Roadmap to
Distributed Client-Server Software Reliability Engineering (B1) [USA]"
Mr. Michael Deck (Cleanroom Software Engineering, Inc.)  "Requirements
Analysis Using Formal Methods (C1) [USA]"
Mr. Bill Deibler (SSQC) "Making the CMM Work: Streamlining the CMM for
Small Projects and Organizations (D1) [USA]"
Mr. Ross Collard (Collard & Company) "Test Planning Workshop (E1) [USA]"

Dr. G. Bazzana & E. Fagnoni (ONION s.r.l.)  "Testing Web-based
Applications: Techniques for Conformance Testing (F1) [Italy]"

Mr. Edward Kit (Software Development Technologies) "Software Testing in
the Real World (G1) [USA]"

           Tuesday, 30 May 2000, 1:30 - 5:00 -- PM Tutorials

Mr. Robert Binder (RBSC Corporation) "How to Write A Test Design Pattern
(A2) [USA]"

Dr. John Musa (Consultant) "Developing More Reliable Software Faster and
Cheaper (B2) [USA]"

Mr. Tom Gilb (Result Planning Limited ) "Requirements Engineering for
Software Developers and Testers (C2) [Norway]"

Mr. Tim Koomen & Mr. Rob Baarda (IQUIP Informatica BV) "Stepwise
Improvement of the Testing Process using TPI(tm) (D2) [Netherlands]"

Dr. Linda Rosenberg, Ms. Ruth Stapko, & Mr. Albert Gallo (NASA GSFC)
"Risk-based Object Oriented Testing (E2) [USA]"

Mr. Adrian Cowderoy (MMHQ) "Cool Q - Quality Improvement for Multi-
disciplinary Tasks in Website Development (F2) [England]"

Mr. Chris Loosey & Eric Siegel (Keynote Systems) "Internet Performance
Measurement (G2) [USA]"

                   T E C H N I C A L   P R O G R A M

       Wednesday, 31 May 2000, 8:30 - 10:00 -- KEYNOTE SESSION #1

Dr. Stu Feldman (IBM Corporation) "Internet and E-Commerce: Issues and
Answers (1P1) [USA]"

Mr. Bill Gilmore (Intel Corporation) "The Intel Corporate Software
Quality Network (1P2) [USA]"

   Wednesday, 31 May 2000, 10:30 - 5:00 -- Parallel Technical Tracks

                            TECHNOLOGY TRACK

Mr. Michael Silverstein (SilverMark, Inc.)  "Automating Testing of
Object-Oriented Components Using Intelligent Test Artifacts (2T1) [USA]"

Mr. James Elder & Mr. Ricard Roma i Dalfo (Microsoft) "Object Based
Machine Automation ("OSIRIS Project") (2T2) [USA]"

Mr. Robert Bauer & Mr. Russell F. Ingram (Levetate Design Systems)
"Building a Parallel Test Environment (3T1) [USA]"

Mr. Robert Oshana (Raytheon Systems Company) "Performance Engineering of
an Embedded System Application (3T2) [USA]"

Dr. Rainer Stetter (Software Factory GmbH ) "Software Quality for
Embedded Systems (4T1) [Germany]"

Dr. Mark Blackburn (Software Productivity Consortium) "Application of
the Test Automation Framework for Model Analysis and Test Generation
(4T2) [USA]"

                           APPLICATIONS TRACK

Mr. James Andrews (The Open Group) "Automated Conformance Testing for IT
& T Product Certification (2A1) [USA]"

Mr. Juichi Takahashi (Florida Institute of Technology) "Is Special
Software Testing Necessary Before Releasing Products to an International
Market? (2A2) [USA]"

Mr. David Carman (Telcordia Technologies) "Measuring Test Effectiveness:
The Use and Misuse of Test Coverage (3A1) [USA]"

Ms. Linda Hayes (WorkSoft) "Advanced Scripting Techniques: Making
Automation Accessible (3A2) [USA]"

Mr. William Lorensen & Mr. James Miller (GE Corporate Research &
Development) "Visualization Toolkit Extreme Testing: A Production
Release Every Day (4A1) [USA]"

Mr. Kevin VanFlandern (Microsoft, Inc.)  "Benchmarking Large Windows
Based Applications (4A2) [USA]"

                             INTERNET TRACK

Mr. Ted Fuller ( "Notes From The Front Lines: How to Test
Anything and Everything on a Web Site (2W1) [USA]"

Mr. Steven Porter (API / Independent) "From Web Site to Web App:
Ensuring Quality in a Complex Environment (2W2) [USA]"

Mr. Alberto Savoia (Velogic Inc.)  "The Science of Website Load Testing
(3W1) [USA]"

Dr. B.M. Subraya & Mr. S. V. Subrahmanya (Infosys) "Performance Testing:
A Methodical Approach to E-Commerce Applications (3W2) [USA]"

Mr. Pat Garverick (Landmark Systems Corporation) "Testing the
Performance Impact of a Web-based Application (4W1) [USA]"

Mr. Steven Rabin (Interworld Corp.)  "eCommerce Performance Management
Lifecycle -- Benchmarking, Methodology and Criteria (4W2) [USA]"

                            MANAGEMENT TRACK

Mr. Joel Fleiss (VeriTest) "The ABCs of Managing a Software Testing
Project (2M1) [USA]"

Ms. Johanna Rothman (Rothman Consulting Group) "The Influential Test
Manager (2M2) [USA]"

Mr. Phil Lones (Lucent Technologies) "A Practical Approach to Testing
Software in an Evolutionary Delivery Environment (3M1) [USA]"

Mr. Cem Kaner "Yes, But What Are We Measuring? (3M2) [USA]"

Mr. Doug Whitney and Pete Nordquist (Intel Corporation, Home Products
Group) "Protecting Intellectual Property in an Open Source World (Panel)
(4M1) [USA]"


Mr. James Bach (Satisfice, Inc.)  "The Heuristic Approach to Testing
(2Q) [USA]"

Mr. Tom Gilb (Result Planning Limited ) "Pitiful and Powerful Measures
of Software Metrics (4Q) [Norway]"

       Thursday, 1 June 2000, 8:30 - 10:00 -- KEYNOTE SESSION #1

Mr. Leon Osterweil (University of Massachusetts) "Determining the
Quality of Electronic Commerce Processes (5P1) [USA]"

Mr. Rainer Pirker (IBM / Austria) "The Need for Quality -- e-business
Performance Testing (5P2) [Austria]"

   Thursday, 1 June 2000, 10:30 - 5:00 -- Parallel Technical Tracks

                            TECHNOLOGY TRACK

Mr. Alan Myrvold (Entrust Technologies Limited) "Feeling Tcl-ish?
Applying Tcl to Real Test Tasks (6T1) [Canada]"

Ms. Elisabeth Hendrickson (Aveo Inc.)  "Quality in an ASP Environment
(6T2) [USA]"

Dr. Andreas Spillner & Dr. Ulrich Breymann (Hochschule Bremen) "Semantic
Differences Between C++ and Java: Consequences for the Review and Test
Process (7T1) [Germany]"

Mr. Charles White (Segue Software, Inc.)  "Functional Testing of CORBA
based Systems in Java (7T2) [USA]"

Mr. Atif Memon, Dr. Martha E. Pollack, & Dr. Mary Lou Soffa (University
of Pittsburgh) "A Planning-Based Approach to GUI Testing (8T1) [USA]"

Mr. Stephen Sullivan (Mathcom Solutions, Inc.)  "Performance Engineering
for Java and the Web (8T2) [USA]"

                           APPLICATIONS TRACK

Dr. Jean Hartmann & Mr. Claudio Imoberdorf (Siemens Corporate Research)
"Functional Testing of Distributed, Component-Based Software (6A1)

Dr. Jerry Gao, Mr. Kamal Gupta & Ms. Shilina Gupta (San Jose State
University) "Design for Testability of Software Components (6A2) [USA]"

Dr. Yingxu Wang (Centre for Software Engineering) "A Practical New
Approach to COTS Testing (7A1) [Sweden]"

Mr. Scott Trappe (Reasoning Inc.)  "Find the Defects that Traditional
Testing Misses with Automated Software Inspection Services (7A2) [USA]"

Dr. John Musa (Consultant) "SRE: A Good Idea But How Do We Get People To
Use It? (8A1) [USA]"

Mr. Giuseppe Lami, Ms. Stefania Gnesi, Prof. Mario Fusani & Mr. Fabrizio
Fabbrini (Istituto di Elaborazione dell'Informazione) "Quality
Evaluation of Software Requirements Specifications (8A2) [Italy]"

Mr. Nick Borelli (Microsoft) "Ask The Experts (Panel Session) (8A3)

                             INTERNET TRACK

Mr. Anand Sundaram (RSW Software, Inc.)  "Managing E-Business Quality in
Internet Time (6W1) [USA]"

Ms. Lisa Crispin ( "Stranger in a Strange Land -- Bringing
Quality Assurance to a Web Startup (6W2) [USA]"

Ms. Jeanette Folkes & Mr. Bert Lamar (Ogilvy Interactive) "The
Challenges of Web Testing (7W1) [USA]"

Ms. Andrea MacIntosh & Mr. Wolfgang Strigel (QA Labs Inc.)  "The Living
Creature - Testing Web Applications (7W2) [Canada]"

Mr. Adrian Cowderoy (MMHQ) "Technical Quality is Just the Start -- The
Real Battle is Commercial Quality (8W1) [England]"

Mr. Steven Watson (CNET Inc.)  "Quality Assurance Challenges in the
Internet Industry (8W2) [USA]"

                            MANAGEMENT TRACK

Ms. Lisa Crispin ( "Guerilla Tool Selection (6M1) [USA]"

Mr. Brian Lawrence & Ms. Johanna Rothman (Coyote Valley Software /
Rothman Consulting, Inc.)  "Testing in the Dark (6M2) [USA]"

Mr. Patrick Copeland (Microsoft) "Redesigning a Testing Organization for
Delivery to the Web (7M1) [USA]"

Mr. Rex Black (Rex Black Consulting Services, Inc.)  "The Fine Art of
Writing a Good Bug Report (7M2) [USA]"

Mr. D.J. Law (QWest Communications) "Certification Programs for Software
Quality and Test Professionals (8M1) [USA]"

Mr. Marc Zasada (VeriTest) "What Does "Application Certification" Mean
in the Software Industry? (8M2) [USA]"


Mr. Tobias G. Mayer (eValid, Inc.)  "WebSite Testing (6Q) [USA]"

Mr. Brian Marick & Mr. James Bach & Cem Kaner "Evaluating Test Suites
(Workshop) (7Q) [USA]"

Mr. Thomas Drake (CRTI ) "Testing Network Based Software Systems -- The
Future Frontier (8Q) [USA]"

    Friday, 2 June 2000, 8:30 - 10:00 -- Parallel Technical Tracks

                            TECHNOLOGY TRACK

Mr. Sam Guckenheimer (Rational Software Corporation) "Enabling Testable
Architectures with UML (9T1) [USA]"

Mr. Tim Szymanski (Advanced Software Technologies, Inc.)  "Quality
Starts with Requirements: How the UML Can Help (9T2) [USA]"

                           APPLICATIONS TRACK

Mr. Rob Baarda & Tim Koomen (IQUIP Informatica BV) "Risk Based Test
Strategy (9A1) [Netherlands]"

Mr. Jerrold Landau (IBM Canada) "An Overview of Testing Methodology and
Experience at IBM Corepoint Banking Solutions (9A2) [Canada]"

                             INTERNET TRACK

Dr. Wen-Kui Chang & Mr. Shing-Kai Hon (Tunghai University) "A Systematic
Framework for Ensuring Link Validity under Web Browsing Environments
(9W1) [Taiwan]"

Mr. Michael Weider (Watchfire) "The Web Application Process: Development
& Testing (9W2) [Canada]"

                            MANAGEMENT TRACK

Mrs. Hong Guo, Prof. Graham King, Ms. Margaret Ross & Mr. Geoffe Stable
(Southampton Institute) "Using BOOTSTRAP to Improve the Management of
Software Process in a Virtual Software Organization? (9M1) [England]"

Mr. Richard Kasperowski (Altisimo Computing) "Opportunistic Software
Quality (9M2) [USA]"


Mr. Otto Vinter (DELTA Danish Electronics, Light & Acoustics)
"Experience-Based Approaches to Process Improvement (9Q) [Denmark]"

       Friday,  2 June 2000, 10:30 - 12:00 -- KEYNOTE SESSION #3

Mr. Marcelo Dalceggio (Banco Rio de la Plata SA) "Automated Software
Inspection Process (10P1) [Argentina]"

Mr. Sanjay Jejurikar (Microsoft) "The Engineering Process of Windows
2000 (10P2) [USA]"

Prof. Gene Spafford (CERIAS / Purdue University) "Information Security
Requires Assurance (10P3) [USA]"

     Friday, 2 June 2000, 8:30 - 10:00 -- Post-Conference Workshops

Mr. Douglas Hoffmann (Software Quality Methods LLC) "Oracle Strategies
for Automated Testing (W1) [USA]"

Mr. Cem Kaner "Bug Advocacy (Workshop) (W2) [USA]"

Dr. Edward Miller (Software Research, Inc.)  "WebSite Quality Workshop
(W3) [USA]"

Mr. Robert Sabourin (Purkinje Inc.)  "The Effective SQA Manager -
Getting Things Done (W4) [Canada]"

            R E G I S T R A T I O N   I N F O R M A T I O N

Complete registration with full information about the conference is
available on the WWW at


where you can register on-line.

We will be pleased to send you a QW2000 registration package by E-mail,
postal mail or FAX on request.  Send your E-mail requests to:


or FAX or phone your request to SR/Institute at the numbers below.

    QW2K: 30 May 2000 - 2 June 2000, San Francisco, California  USA

| Quality Week 2K Registration      | Phone:       [+1] (415) 861-2800 |
| SR/Institute, Inc.                | TollFree (USA):   1-800-942-SOFT |
| 1663 Mission Street, Suite 400    | FAX:         [+1] (415) 861-9801 |
| San Francisco, CA 94103 USA       | E-Mail:     |
|                                   | WWW: |


           Software Testing - Myth or Reality? (Part 3 of 3)

                         By Romilla Karunakaran
                         InterWorld Corporation

 Filing the right bugs also allows managers to make the right decisions
about what changes and fixes are due within the application. Bugs are
also those features within the application that works well but is not a
desirable feature that the clients or users want. It could be that the
feature is not user friendly or that it may not be what the user intends
to apply within the user environment.  It is obvious therefore that
testers have a unique responsibility towards making expert decisions on
what sort of "deviance" can be considered a bug as these people are
required to develop real test case scenarios that a typical user might
use when employing the use of the software. A good tester is one who
attempts to understand the users and to report bugs that a typical user
might be inclined to do so. The tester's ability to deliver the required
bugs however depends on the quality of the specifications that he/she
receives. Incorrect specifications and poorly written requirements
documentation interferes in the tester's ability to report qualified
bugs. The experienced tester also reports bugs in a manner that
developers can understand explaining the nature of the bug and how users
can be affected by the presence of such a bug.  Bug reports should have
the required information that would in addition, allow developers to
visualize the state of the bug if the developers do not have a proper
idea of what the customers really want.

Capable of an Interdisciplinary Approach

A skillful tester is a jack of all trades, having carefully nurtured the
required skill-sets that would allow him/her to approach testing from a
multi-disciplined approach. A tester is also one who is creative and
capable of finding new ways of making his job exciting and creative.
Testing is not a mere humdrum of sitting at one's computer and waiting
for a new build to commence testing but can be a creative process of
developing a means of assimilation within the overall software
development process. This can happen when the tester makes a genuine
concern towards understanding his/her contributions towards the software
testing process and the means of improving workflow and communication
with the other parties involved in the process.

People Skills

It is the good tester who takes the initiative to seal the glitch
between the developers and the users.  This should be the individual who
understands the point of view of the customer, simulates the typical
business test scenarios and environment, and who communicates to the
developer the reason why a bug needs to be fixed in the right way. Most
testers unfortunately do not take the trouble to understand the need to
maintain good communication with teammates and fellow workers.
Communication skills are an essential criteria in a good tester. Having
the right people skills enables the tester to maintain a healthy
relationship with the developers and management, while enabling the
tester to develop an appreciation for the developers' viewpoints and
being diplomatic about the nature of bugs filed for fixing.

Regular meetings should be organized to allow the testers and developers
to exchange feedback that would facilitate their workflow.  Both parties
should also understand the kind of feedback expected in meetings and
should develop a roadmap on the various stages involved in the problem
solving process. Such a process should be directed towards improving the
communication channels and the responsibility of each individuals or
parties towards ensuring a mutually productive relationship with all
parties concerned.

Being Responsible

The testing function requires the tester to be alert and aware of
feature changes within the software product under test at all times and
to be capable of making the right decisions at the required time.
Testers should always find the means of updating their skillsets and
knowledge as it helps to sharpen their existing technical skills in
understanding the work of their development mates. Training oneself to
understand the finer points of the software testing process will also
allow one to polish one's judgement skills when making a quick decision
about which high-risk areas should be focussed for testing given a
limited time. Most testers unfortunately do not keep their test suite up
to date and often rely on outdated test suites of a few months ago.
Testing is a progressive state and should always be followed through
with prompt and updated test cases and test suites. In a high rapid
development environment, it is a cause for concern when a tester
continues to employ a test suite that was done few months ago for an
application that has experienced added functionalities over a course of
time. Such irresponsibility only increases the risks of delivering a
poorly tested software product.

Understanding the Testing Realm

Most testers seldom take the trouble to understand the software
development lifecycle process and the importance that the quality
assurance role plays in this larger process. Often, they are not aware
of the business goals and objectives of the quality assurance process as
part of the larger business function of the organization. These
individuals do not understand the developers, finding them blunt and
unfriendly, and feeling comfortable keeping a distance away from people
they should work with. Tact and diplomacy is a prerequisite for any
tester as it allows the tester to share the views of many and make
valuable decisions about the testing effort. Testers should also be
given a chance to meet end-users so that they can understand the type of
testing which is expected of them. This will also help prioritize the
high-risk testing areas that could be validated by the end-users and

Testers come in all shapes and sizes and naturally with a varying
background in terms of skillsets, discipline, creativity and experience.
The quality of the product shipped depends on the worth of these
individuals in contributing towards the testing effort and the general
success of the testing process. It is therefore important that testers
be given the required training in understanding their part in the
testing effort.

A Final Thought

The quality assurance process serves as the organization's watchdog in
ensuring that the quality of the software product developed meets
clients' or end-users' expectations. The software testing process, which
is in turn a subset of the quality assurance process, can be facilitated
through the employment of good quality assurance people or testers and
the participation of management in prioritizing quality issues and the
importance of the customer. Customer focus is an integral feature in the
development of a high-quality software product and it is important that
all participants in the process understand the meaning of quality in
this respect. The success of the testing effort depends in part on the
careful evaluation of customer needs and feedback into the development
of a successful software product.

Suffice to say software testing is no myth. Its importance and
credibility cannot be reiterated enough. It is the reality and decisive
process for any successful software development project. With the
current move towards the development of high-performing Internet
applications, the reality and importance of software testing has
certainly defied the role of a mythical order in today's modern software
development world. With the high uncertainties involved in web testing
where several constraints govern the effectiveness of the testing effort
in a web environment, it comes as no wonder why there is a need to
ensure that testers develop the required skillsets and develop the right
posture towards the software testing effort.


           Denial Of Service Attack -- Additional Information

                 From The SANS Institue 

Gary Flynn of James Madison University has posted substantial additional
information about the copies of trinoo-like code found on Windows PCs,
described in the NewsBites that you received earlier today.

In a report entitled "Wintrinoo" Gary noted the following:

1. The number of machines infected was not 160.  He reported that he
   found 149 machines that were listening on port 34555, but that the
   number of machines actually infected may have been substantially less
   because of possibility of false positives.

2. He also reported that he discovered 16 of the computers (all running
   Windows, and at least 5 running Windows98) "sending out large numbers
   of UDP packets on random ports."

3. He noted that all 16 machines were infected with the BackOrifice
   remote control Trojan.

4. After removing BackOrifice from one of the machines, he discovered
   the computer again participating in a UDP flood. That led to the discovery
   of a program that was reported to CERT as a possible variant of the
   trinoo distributed denial of service tool.  CERT is analyzing this.

Gary's technical expertise and rapid response is helping the entire
community to be better informed.  We're sorry that our initial report
didn't have the precision that Gary's latest posting has provided.
We'll keep you informed as we hear of new developments.

The bottom line: PCs running Windows at universities have been found
participating in distributed denial of service attacks. The next step is
to ask the virus detection vendors to find and eradicate the flooding
programs -- Gary has forwarded the code to them.


    CAPBAK/Web Release Now Supports Java Applets, Built-In Charting

We think our new Test Enabled Web Browser(tm) technology will change the
way you think about testing a website.  CAPBAK/Web has the look and feel
of the IE browser -- the most commonly used (and familiar) browser And,
CAPBAK/Web is just as easy to use!  Besides being a fast and effective
browser, CAPBAK/Web has ALL the testing capability you need to measure,
test, validate, and confirm your website.

You can use CAPBAK/Web to perform WebSite static and dynamic testing,
QA/Validation, and load imposition.  CAPBAK/Web includes native
capabilities that permit it to handle WebSite features that are
difficult, awkward or even impossible with other approaches that are
based on viewing a website from the Windows OS level or from a Web
server.  CAPBAK/Web's view of your website is almost exclusively from
within the browser.

The current build of CAPBAK/Web has a very rich feature list:

  > Intuitive GUI on the browser to control all functions.
  > Recording and playback of user sessions in integrated true-time and
    object mode.
  > Fully editable recordings/scripts, using an intuitive syntax.
  > SingleStep/Pause/Resume control to help check out scripts.
  > Content validation options, including internal HTML document
    features, selected text fragments, selected images, and all images
    and Java applets.
  > Dynamically created, full-color, event charts, timing charts,
    performance charts.
  > Wizards create scripts to exercise all links on a page, push all
    buttons on a FORM, and manipulate a FORM's contents.
  > Secure zone recording support.
  > JavaScript and VBScript fully supported.
  > Special advanced features support recording interactions with Java
    applets -- other products cannot do this.
  > Spreadsheet ready event log, messages log, errors log and
    performance logs are compatible with all popular databases.
  > Performance timings to 1 msec resolution.
  > Cache management (you can play back tests without a cache or with an
    initially empty cache).

Take a Tour of CAPBAK/Web at:

Take a quick look at the Features and Benefits of CAPBAK/Web at:

Prices and On-Line Ordering Details for CAPBAK/Web are at:

Download the latest CAPBAK/Web release at:

| TestWorks/Web                     | Phone:        [+1] (415) 861-2800 |
| Software Research, Inc.           | TollFree (USA):    1-800-942-SOFT |
| 1663 Mission Street, Suite 400    | FAX:          [+1] (415) 861-9801 |
| San Francisco, CA 94103  USA      | Email:    |
|                                   | WWW: |


                     Advisory for the Happy99 Virus

This is a California Computer Technologies advisory concerning a newly
detected virus known as "Happy99.exe" or the "I-Worm" virus.

VIRUS NAME: Happy99.exe
ALSO KNOWN AS: Win32.ska.a, ska, Wsock32.ska and Ska.exe
CLASSIFICATION: Email Trojan or Worm virus
STATUS: Verified as valid
SYMPTOMS: None apparent
WHO IS AFFECTED: Usenet (Newsgroups) users and anyone receiving email
from the Internet and AOL service.

VIRUS INFORMATION: The virus is apparently intended to spread itself
undetected via email messages, and to bring down email servers on the
internet and corporate intranets.

(From Proland Software):  Happy99 is a Win32 based Trojan program. When
this program is executed it will display some fireworks. Apart from the
fireworks display this program will do some other activity in the
background without the user's permission. In the background this program
will create two files SKA.EXE and SKA.DLL. It will alter WSOCK32.DLL to
put its code into that file and keep the original file as WSOCK32.SKA.
It can not modify the WSOCK32.DLL file if it is in use. In such a case
this program will add an entry to the Windows Registry to run SKA.EXE
the next time the computer is booted so that it can do these
modifications. The size of this trojan file is 10000 bytes.  You will
not get infected by Happy99 merely by downloading the trojan file.  You
will have to execute it to get infected.  The modified WSOCK32.DLL has
routines to detect the email and newsgroup postings made by the user. It
will send a copy of the SKA.EXE file renamed as happy99.exe to every
user or newsgroup to whom the user has sends an email. Each recipient
will get the email only once and the trojan will not send repeat email
to the same user. It will send a separate email retaining the subject of
the first email with the file as an attachment. The trojan also
maintains the file LISTE.SKA which contains the list of all email
addresses and newsgroups to which this file has been sent. The unique
function of this trojan is that it can spread on its own.  Happy99 first
appeared in January 1999 and it is reported to have affected a lot of

(From Data Fellows:)  SAN JOSE, February 1, 1999 -- Happy99.exe was
first identified approximately around mid-January and is now traveling
across the Internet via e-mail attachments and newsgroup postings. The
worm modifies e-mails and newsgroup postings by adding unauthorized
attachments without the computer user's knowledge. As a side-effect, it
can also create network slowdowns and, in a worst-case scenario, even
crash corporate e-mail servers. While the computer worm does not destroy
or alter files or otherwise cripple computers and networks, it creates a
time- and energy-consuming nuisance to network administrators. The
computer worm works on Windows 95 and 98 platforms.


1. If you received the Happy99.exe file, and executed it, you've got it.
See the attached .gif file for an example.

2. Check the following:

Both you C:\Windows and C:\Windows\System directories for the presence
of any of the following files:


If any of these files are present, you've been attacked.

3. (Advanced Users Only): Use Windows Regedit program and check for the
following in your system registry files:


You can tell Regedit to do a search for SKA.EXE.  If this is in your
registry files, remove it.


1. If found, delete SKA.EXE and SKA.DLL from your C:\Windows or
C:\Windows\System directories.  2. If you find the WSOCK32.SKA file in
either your C:\Windows or C:\Windows\System directories, then you can be
assured that your WSOCK32.DLL file is infected and corrupt. Delete
WSOCK32.DLL from the system ONLY if the WSOCK32.SKA file is present.
Rename WSOCK32.SKA to WSOCK32.DLL. If you cannot delete or rename any of
these files, because Windows is actually running them in the background,
then I suggest that you print these instructions, then shut Windows down
to the DOS mode, then change the file attribute on the files, rename the
files, then restart Windows. This time Windows will start up with the
real, unaffected Wsock32.dll file.  3. You can also use Windows
Explorer's FIND feature, and see if HAPPY99.EXE happens to be residing
on your system undetected. If you find that file, delete it without
executing it.


There is one neat little trick that you can do to stop the virus dead in
it's tracks: You can use Windows Explorer, go to your C:\Windows\System
folder, and locate your WSOCK32.DLL file. Once found, highlight the
file, right mouse click on it, then hit properties. At the bottom of the
properties box, you will see selections for the file's attributes ....
click ARCHIVE off, and READ ONLY on.  This will prevent renaming of the
file which starts the infection process.

Martinig & Associates         Tel: +41-21-922-1300
Rue des Marronniers 25        Fax: +41-21-921-2353
CH-1800 Vevey / Switzerland


     First Asia-Pacific Conference on Quality Software (APAQS 2000)


                     HONG KONG OCTOBER 30-31, 2000


The Software Engineering Group, The University of Hong Kong Software
Technology Centre, Vocational Training Council, Hong Kong


The quality of software has an important bearing on the financial and
safety aspects in our daily lives.  Unfortunately, software systems
often fail to deliver according to promises.  It is well known that
there are still unresolved errors in many of the software systems that
we are using every day.  The Asia-Pacific region is far from being
immune to these problems.  The prime objective of the conference is to
provide a forum to bring together researchers and practitioners from
this region to address this issue seriously.


We are soliciting full-length research papers and experience reports on
various aspects of software testing or quality assurance.  Specific
topics include, but are not limited to, the following areas:

      -  Automated software testing
      -  Configuration management and version control
      -  Conformance testing
      -  Debugging
      -  Economics of software testing
      -  Formal methods
      -  Metrics and measurement
      -  Performance testing
      -  Process assessment and certification
      -  Quality management
      -  Quality measurement and benchmarking
      -  Reliability
      -  Review, inspection, and walkthroughs
      -  Robustness testing
      -  Safety and security
      -  Testability
      -  Testing tools
      -  Testing standards
      -  Testing of object-oriented software
      -  Testing of real-time systems
      -  Testing processes
      -  Testing strategies
      -  Application areas such as e-commerce, component-based systems,
         digital libraries, distributed systems, embedded systems, enterprise
         applications, information systems, Internet, mobile applications,
         multimedia, and Web-based systems

All the papers submitted to the conference will be refereed by three
members of the program committee according to technical quality,
originality, significance, clarity of presentation, and appropriateness
for the conference.

The conference proceedings will be published by IEEE Computer Society
Press, Los Alamitos, California.  Selected papers of the conference will
be published in a special issue of the International Journal of Software
Engineering and Knowledge Engineering.


Dr. T.H. Tse
Associate Professor
Department of Computer Science and Information Systems
The University of Hong Kong
Pokfulam Road

Tel  +852 / 2859 2183    Email
Fax  +852 / 2559 8447    Web


        New Thinking OObjectively Column for CACM by M. E. Fayad

I am writing a column for the Communications of ACM.  The column title
is "Thinking OObjectively."

I started a new sequence of 6-9 columns on Software Engineering in the
Small this month.

The first column:  Mohamed E. Fayad, Mauri Laitinen, and Robert P. Ward,
Software Engineering in the Small, Communications of the ACM, Vol. 43,
No. 3, March 2000.

The second column:  Mauri Laitinen, Mohamed E. Fayad, Robert P. Ward,
The Problem with Scalability, May 2000.

The third column: Robert P. Ward, Mauri Laitinen, Mohamed E. Fayad,
Management in the Small, July 2000.

You can also obtain some of my columns from my web site:


Please let me know what do you think.  Any feedback will be appreciated.

Mohamed E. Fayad, Ph.D.                 Ph:  (402) 472-2615
J.D. Edwards Professor                  Fax: (402) 472-7767
Computer Science & Engineering  E-mail:
College of Engineering        
University of Nebraska, Lincoln
108 Ferguson Hall, P.O. Box 880115      URL:
Lincoln, NE 68588-0115

------------>>>          QTN SUBMITTAL POLICY            <<<------------

QTN is E-mailed around the 15th of each month to subscribers worldwide.
To have your event listed in an upcoming issue E-mail a complete
description and full details of your Call for Papers or Call for
Participation to "".

QTN's submittal policy is:

o Submission deadlines indicated in "Calls for Papers" should provide at
  least a 1-month lead time from the QTN issue date.  For example,
  submission deadlines for "Calls for Papers" in the January issue of
  QTN On-Line should be for February and beyond.
o Length of submitted non-calendar items should not exceed 350 lines
  (about four pages).  Longer articles are OK but may be serialized.
o Length of submitted calendar items should not exceed 60 lines.
o Publication of submitted items is determined by Software Research,
  Inc., and may be edited for style and content as necessary.

DISCLAIMER:  Articles and items are the opinions of their authors or
submitters; QTN disclaims any responsibility for their content.

STW/Coverage, STW/Advisor, TCAT, and the SR logo are trademarks or
registered trademarks of Software Research, Inc. All other systems are
either trademarks or registered trademarks of their respective

----------------->>>  QTN SUBSCRIPTION INFORMATION  <<<-----------------

To SUBSCRIBE to QTN, to CANCEL a current subscription, to CHANGE an
address (a CANCEL and a SUBSCRIBE combined) or to submit or propose an
article, use the convenient Subscribe/Unsubscribe facility at:


Or, send E-mail to "" as follows:

TO SUBSCRIBE: Include this phrase in the body of your message:

   subscribe your-E-mail-address

TO UNSUBSCRIBE: Include this phrase in the body of your message:

   unsubscribe your-E-mail-address

   NOTE: Please, when subscribing or unsubscribing via email, type YOUR
   email address, NOT the phrase "your-E-mail-address".

		Software Research, Inc.
		1663 Mission Street, Suite 400
		San Francisco, CA  94103  USA

		Phone:     +1 (415) 861-2800
		Toll Free: +1 (800) 942-SOFT (USA Only)
		Fax:       +1 (415) 861-9801
		Web:       <>

                               ## End ##