EIM platforms

Enterprise Information Management, OpenText recently announced its innovation across its entire portfolio to extend growth and improve the capture. “OpenText builds the world’s most impressive and compelling EIM platform, designed to help companies gain the agility, scale and capability they need to empower their workforces and delight customers,” said Mark J. Barrenechea, OpenText CEO & CTO.

Cloud 2.0

Influx data has announced cloud 2.0. As well as other inclusions, the new version has serverless time series platform-as-a-service, built to improve the developer experience. “Businesses have only started to realise the full potential that real-time data insights can bring to their operations, and ultimately, their bottom lines,” said Evan Kaplan, CEO of InfluxData.

Solving identity challenges

Ubisecure is now enabling customers to solve complex identity challenges. John Jellema, VP, product management at Ubisecure, says, “After listening closely to our customers and partners across the year, we’ve worked to enhance our existing procedures to enable and inspire new use cases. With the release of Identity Server 2019.1, I can confidently say that this is our best software package yet.”

New tools

Application network platform builder, Mulesoft, is releasing new tools, connectors and learning modules without the need to write any code. Simon Parmett, CEO, MuleSoft: “By understanding the power of APIs and integration, anyone can accelerate digital transformation from wherever they sit within their company and dramatically increase the clockspeed of innovation.”

Find out what is happening with the weather, politics and, of course, tech, next week.

The post What is new in tech this week? 22nd November 2019 appeared first on DevOps Online North America.

As we all know, the “death of manual testing” has been a key topic discussed at meet up’s, conferences, and in blogs and magazines for years’, and with Microsoft’s Director James Whittakes proclaiming “testing is dead”, you would think this type of testing really has popped its clogs.

Gone are the days when a software tester would ‘test’ his/her own code and send it to production; monitoring systems, delivery systems, artificial intelligence, test automation, continuous integration, microservices and rollback capabilities have taken the spotlight. But does this mean we don’t need, nor want, the helping hand of a manual tester anymore?

“Manual testing covers the most complex scenarios that involve a lot of human judgment and decision making. Machines add value where completing repetitive tasks such as regression, and humans excel in tasks involving experiment, judgment, creativity and wit,” said Dileep Singh Marway, QA Manager at The Economist.

According to a blog post by Mario Matthee, COO at DVT, it can be prohibitively expensive to design test automation scripts for new products that are still in development, therefore it’s constantly changing. Keeping automation scripts current could end up costing more than the software is worth, so the only way to get the application stable enough for automation is through manual testing.

Technological revolution

“Testing is completely changing, making us more efficient. We have the opportunity to bring new levels of automation to functional and non-functional testing. World-class performance testers who used to spend countless hours manually assessing code with a few tests can now focus more time on automating hundreds of tests that will result in higher quality applications being released,” shared Derek Weeks, Vice President at Sonatype.

With Google’s CEO Eric Schmidt saying the key for humans who want to succeed in the future will observe this “separation of powers by specialising in what we do best while collaborating with computers”, it appears that we need to take into consideration how to deal with this technological revolution.

To stay “ahead of the game”, testers must abide by the following:

• Stay up-to-date with tech trends by locating and studying any publications written for workers in your field
• Attend workshops and training sessions, including outside of work
• Streamline your technological experience by making a list of all the programmes you use
• Eliminate technological programmes that you do not need to help to stay informed about remaining applications
• Schedule regular meetings with technology support.

The creativity of a human

“Modern software developments mean that testers need to be adaptable and willing to learn new skills. It is important testing is done from a different point of view as it’s going to get more and more technology driven as time goes on,” added Marway.

In the early stages of this tech-driven revolution, artificial intelligence requires the creativity of a human to drive the test strategy, according to Marway. “Humans are still far superior to computers when it comes to tasks that involve the utilisation of intelligence. A person can write a poem, sing, dance and play music; although a machine can be programmed to do such tasks, they do not possess the ability to create or have intuition like us humans – we are far more fallible.”

Another modern software development practice evolving the role of software testers is DevOps. This is because of its goal to automate as much as possible and to remove wasted effort from development processes.

“DevOps has absolutely changed the way software testing works. Traditional practices see code thrown back and forth over the wall between development and test that force code changes and repeated testing. In DevOps, test experts and automated testing can be embedded earlier into the development lifecycle resulting in improved efficiencies,” said Weeks.

DevOps Principles

For a tester to be successful in a DevOps environment, Marway recommends the following:

• Provide training to DevOps engineers on testing methodologies
• Become more involved in ensuring quality in the test environment deployment, packaging and other components of the application lifecycle
• Discuss code quality for deployment tools, not just core applications.

The objective of DevOps is to make software delivery quick while ensuring that it’s delivered to high-quality outputs. All processes touch upon aspects of building and developing software as part of the latter stage:

• Code – manage, develop and review
• Build – continuous integration
• Test – continuous testing
• Package – artefact repository
• Release – release automation
• Monitor – end-user experience
• Configure – infrastructure configuration

Marway believes that, despite DevOps principles and practices helping drive quality assurance and testing by improving communication and collaboration between all essential stakeholders, it is eating up part of the manual testing quota, due to the fact it encourages automation.

Enterprise IT

According to Michael Quan, Founder and CEO at Canlead, DevOps opens up a new way of working with new tools, technologies and social media making its way into enterprise IT. “We are at a unique point in time to improve productivity through collaboration and knowledge sharing”, he added.

It’s important for DevOps engineers and their teams to always be on the lookout for tools in order to improve productivity and efficiency. Some key DevOps tools include Jenkins, SolarWindsLog & Event Manager, Vagrant, PagerDuty, Prometheus, Ganglia, Snort, Splunk, Nagios, Chef and SummoLogic, according to Stackify.

Nelson Ajoku, Scrum Master at HM Land Registry, stated: “As long as tests are still running, the scope of software testing is by far not dying because of manual testing being automated. If you’re deploying, as you should be, manual testing should still be needed. As for DevOps, you still need to confirm congregations; it’s just a way of testing your code after testing it manually.”

Furthermore, machines/artificial intelligence (AI) is becoming more agile due to its ability to adapt to real time, without the need to be programmed in advance to tasks. With the likes of Amazon, IBM and Google embracing artificial intelligence, some may say robots are more than capable to deliver faster, more accurate analyses than humans when analysing data sets.

“IBM and Google aren’t the only companies applying AI techniques. Within the past year, AI in software testing has become feasible. Software testing must evolve in response to the shift to agile and DevOps. No matter how many testers you employ, it’s simply not possible for manual testing to provide agile developers immediate feedback on whether any of their constant changes impacted the existing user experience,” wrote Tricentis in a blog post.

Remaining relevant

“It’s not possible for machines to become agile enough to not require any creative input from a human being. The stunted social skills of AI highlight to me that people’s jobs are safe for now, though this is dependent on the type of role and notably the creativity of a role,” revealed Marway.

“From a testing point of view, machines and AI will compliment creativity and not eradicate the need for skilled creative test professionals. The testing world is an exclusive arena where people are willing to learn new skills to stay relevant; therefore, my advice would be to keep your skills up-to-date,” he added.

AI algorithms can be immensely helpful in the testing industry in making smarter and more productive software for the end-user. It is, however, important to decipher how to use AI intelligently.

“So far, virtually all machine learning and AI algorithms are only as good as the humans who design, train and improve them”, commented Ilia Kolochenko, CEO at High-Tech Bridge.

“The developments of AI technologies usually require expensive long-term investments that people typically cannot afford. Therefore, I don’t see substantial risks or revolutions that may happen in the digital space because of AI – not within the next five years at least.”

It appears that as long as testers are willing to make an investment in remaining relevant and “ahead of the game”, long live software testing!

Written by Leah Alger

The post Manual testing: Wanted dead or alive appeared first on DevOps Online North America.

The survey respondents revealed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014.

Despite this, resourcing and training still present challenges, with 48% of respondents admitting that they don’t have enough time to spend on application security, while 35% of developers from companies with no DevOps practices received no training on application security in the past year.

The survey also found:

• 77% of mature DevOps organisations have open source policies in place, with a 76% adherence rate. Conversely, only 58% of respondents without mature DevOps practices had a policy with a 54% adherence rate – revealing that DevSecOps automation is difficult to ignore.
• 59% of mature DevOps companies are building more security automation into their development process as attention toward GDPR compliance grows.
• 88% of those with mature DevOps practices are investing in application security training, while 35% with immature practices said they had no access to security training. This finding points to stronger cybersecurity readiness postures of those investing in DevOps.
• 63% of respondents with mature DevOps practices say they leverage security products to identify vulnerabilities in containers, as these components become more ubiquitous in modern IT landscapes.

The findings demonstrate that more organisations are waking up to the DevOps approach, with mature DevOps practices showing a 15% year-over-year growth in applying security practices throughout the development lifecycle.

The survey also found that those companies with mature DevOps practices are 24% more likely to have deployed automated security practices throughout their development lifecycle.

Written from press release by Leah Alger

The post Survey finds data breaches are catalysts for DevSecOps investments appeared first on DevOps Online North America.

• 75% increase in new sales
• 125% net renewal rate
• 72% increase in developers using Nexus, now 2.2 million
• 150 new enterprise clients

Sonatype enterprise customers now include:

• 8 out of 10 top banks in Europe and North America
• 8 of the top 10 US credit card companies
• 6 of the top 10 US tech companies
• 4 out of 5 US Armed Forces

Fueled by significant additions to its engineering and sales organisations, Sonatype increased its headcount by 40% over the past year to keep pace with demand.

Vulnerable applications are the number one attack vector leading to breaches. Traditional application security tools that function as ‘toll gates’ and impede progress aren’t working.

As companies understand the need for ‘guardrails’, not gates, they’re turning to Sonatype to continuously automate security early and often throughout the development lifecycle.

‘Helping software development teams’

Wayne Jackson, CEO of Sonatype, said: “Sonatype invented automated OSS governance in 2012.  Since then, our Nexus platform has been helping software development teams govern their use of open source and third-party components so they can build higher quality and more secure applications.

“2017, however, was a special year; companies began to recognise the changing role of security in a DevOps world and a strong market for OSS governance emerged. The stage has been set for 2018 to be the year of DevSecOps.”

Gartner analysts Neil MacDonald and Ian Head wrote in their report 10 Things to Get Right for Successful DevSecOps: “By 2021, DevSecOps practices will be embedded in 80% of rapid development teams, up from 15% in 2017.

“In the past 12 months at Gartner, how to securely integrate security into DevOps — delivering DevSecOps — has been one of the fastest-growing areas of interest of clients, with more than 600 inquiries across multiple Gartner analysts in that time frame.”

Written from press release by Leah Alger

The post Sonatype reports last year’s record growth appeared first on DevOps Online North America.

The new feature, Success Metrics, enables DevOps teams to measure and quickly assess the ability of its automated open source govonernance programmes.

According to Sonatype’s report, 2017 State of the Software Supply Chain, DevOps organisations reduce the use of defective open source components by 63% by actively managing the quality of open source components that flow into production applications.

‘Innovation is king’

Sonatype’s CEO, Wayne Jackson, said: “We live in an age where innovation is king, speed is critical, and open source is centre stage. Today, components of varying quality are flowing through development lifecycles and landing in production applications.

“The best software will be built by those organisations that harness software supply chain automation practices to not only improve the quality of their applications but accelerate their ability to identify and remediate defects.”

The report also states the importance of supporting expanded investments in automation and measuring the speed of remediation in DevOps practices, to significantly reduce defects.

‘Measure success and improve future performance’

To assess license, security and architectural quality associated with open source, and third party and proprietary components used in development, Sonatype customers analyse over 650,000 applications to track its mean time in remediation through Success Metrics.

Diego Lo Giudice, vice president and principal analyst at Forrester, an American market research company that provides advice on existing and potential impact of technology, added: “Ultimately, companies are most concerned with whether their application delivery efforts are winning, serving, and retaining customers and furthering their business technology agenda.

“Analytical data about customer usage and experience coupled with operational measures of performance, reliability, scalability, and security gives these organisations the means to measure success and improve future performance.” 

DevOps teams can also use feedback from Success Metrics to improve the hygiene of their applications and the processes that deliver them.

Written from press release by Leah Alger

The post Sonatype to measure automated programmes through Success Metrics appeared first on DevOps Online North America.

The DevOps-native tools provider investigated over 17,000 applications, revealing that teams that utilise automated governance tools reduced defective components by 63%; organisations actively managing the quality of open source components flowing into production applications noticed a 28% improvement in developer activity; application quality increased by 48% and overall development costs reduced by 30%.

‘Java component downloads grew by 68%’

The report also showed that throughout the years, Java component downloads grew by 68%, with the demand for Docker components expected to grow by 100%; high-functioning DevOps organisations are utilising machine automation to govern the quality of open source components flowing through software chains and only 15.8% of OSS projects actively fix.

Wayne Jackson, CEO at Sonatype, said: “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts.

‘Regulatory landscape is rapidly changing’

“However, many still rely on manual and time consuming governance and security practices instead of embracing DevOps-native automation. Our research continues to show that development teams managing trusted software supply chains are dramatically improving quality and productivity.”

The report concludes that thousands of hours have been wasted on reworking and bug fixes; regulatory landscape is rapidly changing, with empirical evidence that hygiene is beginning to improve; although ratios have declined throughout the years.

It also appears that organisations failing to manage software supply chains are introducing vulnerable applications into production, facing increased liability because of gross negligence.

Written by Leah Alger

Read more from DevOps Online | Follow us on Twitter

The post Sonatype report reveals open source software risks appeared first on DevOps Online North America.