Saying NO to ISTQB Software Testing Boards

Back in 2005, I participated in an initiation discussion of a new "Bangladesh Software Testing Board" under ISTQB. It was a very disappointing discussion. Instead of giving attention to how they would try to improve the skills of the testers or tester wannabes in Bangladesh, they were more concerned about who will be in the board and how they will register it legally. It was obvious that almost all of the individuals involved in this initiative were not testers. I would have said ALL, but maybe I had failed to notice someone. Just maybe. I brushed off this initiative as just a hype. I did not expect much would ever happen, and I was right.

In 2007, two nice gentlemen from this yet to be initiated board came to talk to me about my opinions about this initiative. I am sure I am not the only one they spoke to. I expressed my skepticism, and interestingly they said they understood many of my concerns. They had very little knowledge about how certification actually undermines our testing craft. They even had very little knowledge about the other so-called famous certifiers in the business. Even this time, non of them were testers. But atleast they had the courage to admit that they did not know much about testing.

Finally, a month back, I was called up by one of the Executive Committee members (a good man with good intentions), from this yet to be initiated board, to invite me to their Executive Committee. But I declined. I mentioned my disappointment in the lack of progress they were making (not that I actually wished they would make progress in certification) and that their mission is not clear to me. He spent the next 30 minutes to convince me about their seriousness to move beyond mere certification. He gave me hints of intending to bring certified trainers from abroad, and tried to encourage me to join them. He even suggested to call up a meeting with the other EC members to discuss this further, and clear my doubts.

I was actually a little flattered by all this (the dark side within me). But I still refused to join them and instead told him that I would rather like to be part of their planning on how they intend to train testers in Bangladesh, and what precautions they would take not to undermine the testing craft. I did not have to be in the Executive Committee for that. He finally agreed. To be honest, I doubt this approach will ever work out. I think they would again disappear for another year or so because of their historical lack of commitment.

You see, there is no way I can pursue my thoughts about the dangers of certification, if I am involved with one myself. I would be known as a hypocrite. Here is the hall of fame where I chose not to include my name.

Meanwhile I am continuing my advocacy against certifications in my local forum, and it has grown to be a very hot topic, requiring the full commitment of myself and others. The discussion grew to about 40+ posts in just one week, with experience reports of certified testers and those who suffered its consequences. One thing for sure, it is not easy to go against the tide. It started off with people being disappointed in my opinions about certification, but now things are looking very productive indeed.

I will probably be summarizing some of these discussion points in a blog post soon. But until then here is one of my latest response to the long thread.

Don't test that

Here is the story. We received a customer complaint that she is able to access some data that she was not supposed to. On reading the customer feedback it seemed to me that this was something we usually test for since the access control system is one of our prime sales pitch. So I asked the tester in charge of that particular feature to investigate the allegation. She came back reporting that she was able to reproduce the issue. She seemed tense, realizing the gravity of the situation. By the way, I usually never blame my testers when a problem is spotted in the wild, no matter how serious it is. She knew this, so her nervousness wasn't about fear of blame, but rather about why she overlooked this very important problem. I remained calm to prove to her that we were not playing the blame game. They know the drill for what comes next. I usually ask a series of questions about how we overlooked the issue, and then we start talking about how we can try to avoid missing similar problems in the future. She knew the questions I will be asking, so she wanted to cut the conversation short, by saying that she wanted to test it but the programmer told her not to.

You as a tester just discovered some serious problems with a new feature and report it to the programmer. The programmer shrugs off your claims and tells you not to test those scenarios since those are not important in his opinion. What do you do?

There is a dilemma here. On one hand, I can't accept the fact that I or any of my testers will intentionally blind ourselves from certain problem scenarios. On the other hand, if we do test the forbidden zone, we risk pissing off the programmers, and being accused of not utilizing our time crunch adequately. Being rapid testers, deadline stress is the norm.

There are a couple of ways I play this game. If I feel that these tests are actually very important to test right away, I try to convince my testers or the programmers with scenarios of the kind of problems I expect. Sometimes I would take examples of similar reported scenarios from Customer Support.

If that does not work I go for Plan B. When a programmer says "Don't test that", I take that to mean "Don't test that NOW". So instead of testing those right away, I would wait until things calmed down. What that means is that if we do not anticipate serious problems in the areas we are testing and we still have time before the release (which is pretty rare) we would go ahead and test the forbidden zone. Otherwise we would wait until after the release.

There have been cases where we did not return to these problems due to time constraints or plain forgetfulness and the worse happens, i.e. the problem is reported by the customer. In such cases my testers and I TRY (emphasis on try) not to scream "I told you so". When we decided not to test these scenarios it was a combined understanding between the programmers and us. However it is important to bring this new information to the attention of the programmers and their superiors so that we can avoid making similar strategic mistakes. So instead of gloating over our hunch I would say something like, "Although we agreed that this was not important enough to test, it seems we did not anticipate the current scenario". You have to admit that it was a hunch, since we couldn't come up with any credible scenarios to prove otherwise.

Blame games do not appeal to me. I believe being a Test Manager, it is important to trust the skills of my testers. They must be good since I hired them and have been working with them to improve their craft. I intentionally avoid a signoff process of their test strategies. I play more of an advisory role recommending test ideas I feel were overlooked or complementing them on a plausible intuition. I would even help them in coming up with scenarios to communicate with the programmers or reproducing unreproducible problems or be their peer tester or speed up their testing efforts. They realize I am a facilitator rather than a lawmaker. There will be times I would disagree with them, but my disagreement is not authoritarian. They always have autonomy over their testing. This in no way suggests that if an issue gets overlooked in a product I will use them as a scapegoat. I think that was clearly expressed in this writing.

I understand this is an unconventional way of managing a Test Team. Many managers I know prefer that their testers spell out all their test cases and get those approved by them. They would rejoice when they were right and the programmers were wrong or take punitive measures when issues popup that should have been tested (in their opinion). Many would argue that this is the only way to have control over what is being tested, and to ensure that issues don't go overlooked. However I feel it is only an illusion of control. I fail to see how a Test Manager can know more about the test subject than the tester who spends more time studying it, exploring it and experiencing it. It is inevitable that problems may be overlooked, but when it does I will be there trying to understand it with my testers. I also make it a point to take into account when the stakeholders are satisfied with our testing, and I have found that there are more cases of appreciation rather than dissatisfaction over unnoticed issues.