sss ssss      rrrrrrrrrrr
                      ssss    ss       rrrr   rrrr
                     sssss     s       rrrr    rrrr
                     ssssss            rrrr    rrrr
                      ssssssss         rrrr   rrrr
                          ssssss       rrrrrrrrr
                    s      ssssss      rrrr  rrrr
                    ss      sssss      rrrr   rrrr
                    sss    sssss       rrrr    rrrr
                    s  sssssss        rrrrr     rrrrr
         +=======    Quality Techniques Newsletter    =======+
         +=======            December 2004            =======+

subscribers worldwide to support the Software Research, Inc. (SR),
eValid, and TestWorks user communities and to other interested
parties to provide information of general use to the worldwide
internet and software quality and testing community.

Permission to copy and/or re-distribute is granted, and secondary
circulation is encouraged, provided that the entire QTN
document/file is kept intact and this complete copyright notice
appears in all copies.  Information on how to subscribe or
unsubscribe is at the end of this issue.  (c) Copyright 2004 by
Software Research, Inc.


                       Contents of This Issue

   o  Advances in Model-Based Software Testing

   o  Stevens Institute Research/Thesis Abstracts Available

   o  Second International Workshop on Quality Assurance and Testing
      of WEb Based Applications

   o  eValid Version 5 (V5) Availability

   o  Third Workshop on Software Quality

   o  Fourth International Workshop on Automated Verification of
      Infinite-State Systems

   o  John Musa's "Professor's Corner"

   o  Software Engineering for Secure Systems: Building Trustworthy

   o  The eValid Suite: A Quick Feature Summary

   o  Fifth International Workshop on Web Based Collaboration

   o  QTN Article Submittal, Subscription Information


              Advances in Model-Based Software Testing
                           15-16 May 2005

There is a need for renewed stress on rigorous and disciplined
approaches to software testing as a result of the growing focus of
product liability on software.
 As an industrial reality, an order of magnitude reduction in the
cost of effective testing is needed. Model-based testing
methodologies can provide this discipline and rigor. A premise of
model-based software testing is the creation of models of the
software being tested as opposed to adhoc and manual creation of
test suites. Despite progress in model-based software testing the
practice is limited to relatively few organizations. The goal of
this workshop is to bring together researchers and practitioners to
describe, discuss, and advance the current state of the art AND the
current state of the practice in model-based software testing.

Submissions are solicited that describe new research, tools and
technologies, noticeable industry experience reports, and position
papers which will collectively advance the state-of-art and the
state-of-practice in the area of Model-Based Software Testing.
Topics of interest include, but are not limited to:

          Black Box (Requirements Based)
          White Box (Code Based)
          OMG's MDA
          Markov Chain
          Combinatorial Designs
          Systems of Systems
          Embedded Systems

          Test Generation Algorithms
          Test Oracles
          Tracing Requirements to Test Cases
          Automated Change Management
          Testing Tools
          Test Management Systems


          Estimating Reliability
          Coverage Analysis
          Risk Assessment
          Return on Investment
          Case Studies
          Test Stopping Criteria

Contact: Prof. Larry Bernstein, Stevens Institute of Technology,


       Stevens Institute Research/Thesis Abstracts Available

eValid use at Stevens Institute of Technology under the direction of
Prof. Larry Bernstein, Computer Science Department, has led to the
publication of two MS thesis papers, abstracted and linked below.

                    Jabu Woodard (December 2004)

This Thesis "Overhead -- Bane of Layered Network Design," examines
the effect of adding an OSI layer of overhead to website protocols,
and uses eValid to measure the relative overhead.

                   Aketa Parikh (December 2004)

This Thesis, "Trustworthy Software," examines the demand for Secure,
Reliable and Safe (SRS) software systems.  These concepts are
illustrated in three "student projects" which are analyzed in part
with eValid to assess their reliability and safety.

Copies of both of these theses can be downloaded from:


                  Second International Workshop on
      Quality Assurance and Testing of Web-Based Applications
                  in Conjunction with COMPSAC 2005

                  July 25-28, 2005, Edinburgh, UK


The Internet is rapidly expanding into all sectors of our society
and becoming an indispensable platform of information systems and
other computer applications as well.  Web-based applications are
complex, ever evolving and rapidly updated software systems. Testing
and maintaining web-based applications are a nightmare because the
Internet is a heterogeneous, distributed, multiplatform,
multilingual, multimedia, autonomous, cooperative wide area network
computing environment. Traditional quality models, testing methods
and tools are not adequate for web-based applications because they
do not address problems associated with the new features of web-
based applications. At present, web-based applications testing and
maintenance are still an unexplored area and rely on ad hoc testing
processes. Little has been reported on systematic testing methods
and techniques, quality metrics, and dependability of web-based
applications, to mention just a few.

The first workshop on quality assurance and testing of web-based
applications was successfully held at IEEE 28th Annual International
Computer Software and Applications Conference (COMPSAC'04) in Hong
Kong, Sept. 30, 2004.  This is the second workshop of the series. It
is aimed to provide a forum for researchers, practitioners and tools
vendors to exchange ideas, research results, practical experiences
and lessons learned on quality assurance and testing of web-based
applications. It will also be held at COMPSAC'05 in Edinburgh, UK,
July 25-28, 2005.

        Testing and Quality Assurance Methods and Techniques

Effective quality assurance and testing of web-based applications
require a systematic approach, which include models, methods and
techniques that deal with the representation of software artefacts
under test and processes for the analysis of these artefacts, and
the generation of test cases/test data from them. This theme seeks
proposals of test models, methods and techniques for web-based
applications including but are not limited to the following:

    * Test models and meta-models
    * Verification and validation techniques, such
            as modelling checking, consistency and
            completeness checking, etc.
    * Analysis and testing
    * Test criteria
    * Architecture and framework
    * Reverse engineering
    * Exception handling
    * Testing for security, privacy and trustworthiness
    * Content management
    * Tools and environments

                   Process and Management Issues

A process is a sequence of macro-level activities performed to
accomplish a significant task. This theme deals with processes and
management activities for quality assurance and testing of web-based
applications. Example topics are:

    * Quality management
    * Human factors
    * Web configuration management
    * Metrics and indicators
    * Maintenance and evolution
    * Content management
    * Process improvement
    * Quality of service
    * Security and privacy (as quality metrics)
    * Dependability
    * Fault tolerance and automatic recovery models

               Practical Applications and Experience

Reports on quality assurance and testing of practical web-based
applications or industrial experiences are strongly encouraged.
Topics include but are not limited to:

    * Quality assurance and testing of E-Commerce applications
    * Quality assurance and testing of E-Government applications
    * Quality assurance and testing of E-Science applications
    * Quality assurance and testing of Wireless applications
    * Security and privacy in practice
    * Lessons learned

                         Technology Impact

This theme is concerned with impact of related technologies to
quality assurance and testing of web-based applications as well as
impact of quality assurance and testing of web-based applications to
other technologies. Example technologies are: * Bio-metric
technology * Data warehouse and data mining * Agent technology *
Autonomic computing * Component software engineering * Wireless
communication * Mobile computing * Service-oriented computing *
Ubiquitous/pervasive computing * Network centric computing * Web
services technologies * Grid computing * Open grid service
architectures * Grid middleware

                         Workshop Co-chairs

              Hong Zhu, Oxford Brookes University, UK
         David Kung, University of Texas at Arlington, USA


                 eValid Version 5 (V5) Availability

We're writing to let all eValid users for whom there is an assigned
Customer ID (CID Number) know about the upcoming release of eValid
Version 5.

Availability of eValid Version 5 -- we call it "V5" for short -- is
planned for January 2005.  We'll let everyone know as soon as V5 is

                        New Feature Summary

V5 is a major upgrade to the product technology.  The new release
includes many new features and capabilities such as:

  o New PageMap facility to allow in-depth analysis of pages and
    their properties. You can use the PageMap to see how pages are
    composed and you can use the PageMap information for additional
    scripting power and reliability.

  o New formats and structure for site analysis to make your runs
    quicker, easier to analyze, and easier to archive.

  o Major changes to the powerful 3D-SiteMap applet that include
    manipulating the focus, depth, and content of the 3D page-
    dependency diagrams.

  o Improved detailed timing for individual page components.

  o Reorganized and updated online  documentation to reflect
    eValid's support for XP applications.

  o Enhanced support for monitoring operations, including new CSV-
    style output files and improved batch mode control.

  o A new and improved JavaScript interface to allow scripting
    activity to interact with browsing activity.  These are combined
    with new features for extracting the current contents of a page
    direct from the internal DOM (Document Object Model).

  o Revised dashboard (eValid's floating control panel) to simplify
    record/play and site analysis operations.

Complete details are found in the eValid V5 Release Notes:

                       Version Compatibility

V5 will fully replace V4 when you install it, and V4 will replace V5
if you choose to go back to the prior version.

V5 is upward compatible with V4.  All V4 scripts will play without
modification on V5, but some V5 scripts may not work reliably in V4.
Also, some of the feature licensing and internal support structures
have changed in V5.


                  3rd Workshop on Software Quality

       International Conference on Software Engineering 2005

                            17 May, 2005
                      St Louis, Missouri, USA

Motivation To develop software quickly, on time and within budget is
not good enough if the product developed is full of defects and
today, software stakeholders are demanding higher quality software
than ever before.  As the software market matures, users want to be
assured of quality.  They no longer accept the claims of the IT
department at face value, but expect demonstrations of quality.  In
recent years, much of the software engineering research has focussed
on standards, methodologies and techniques for improving software
quality, measuring software quality and software quality assurance.
Most of this research is focused on an internal view of quality
whereas few measures of the customer view of quality exist.

Co-located with the International Conference on Software Engineering
(ICSE), the premier software engineering conference, this workshop
intends to bring together academic, industrial and commercial
communities interested in software quality in order to discuss the
different technologies that have been defined and used in the
software quality area.  The topics of interest in this discussion
span the full range of software quality issues, including the

* Software Product Evaluation and Certification
* Tradeoffs in Quality during software development
* Software Process Definition, Evaluation and Improvement
* Software Quality Education
* Introduction of Software Quality Programs
* Methods and Tools for Quality Assurance
* Quality Metrics
        (In-process quality and customer views of quality)
* Software Quality for different domains
        (eg agile, web, open source etc)
* Software Quality at different stages of the development lifecycle
* Total Quality Management
* Building quality into software products
* Project management and software quality
* Testing, Inspections, Walkthroughs and Reviews


                         Dr. Barry Boehm,
University of Southern California Center for Software Engineering,
                           United States

                        Dr. Sunita Chulani,
            IBM T.J. Watson Research Laboratory Center,
                      San Jose, United States

                         Dr. June Verner,
 National Information Computing and Technology Australia (NICTA),

Dr. Bernard Wong, University of Technology Sydney, Australia


                  Fourth International Workshop on
     Automated Verification of Infinite-State Systems (AVIS'05)
                     Co-located with ETAPS 2005

                        2nd-3rd April,  2005
                        Edinburgh, Scotland


This workshop is a forum for researchers, students, and
practitioners interested in the application of formal methods and
tools for the automatic verification of large practical systems.
Formal methods, in particular model checking, is increasingly being
used in industry to automatically establish the correctness of (and
to find flaws in) finite-state systems, such as descriptions of
hardware and protocols.  However, model checking is limited in scope
due to the state explosion problem.  Most practical system
descriptions, notably that of software, are therefore not directly
amenable to finite-state verification methods since they have very
large or infinite state spaces.  For such systems, theorem proving
-- a process that requires manual effort and mathematical
sophistication to use -- has so far been the only viable

More recently, we have seen the emergence of hybrid techniques that
combine the ease-of-use of model checkers with the power of theorem
provers.  Tools based on these techniques afford users with full
automation, and are less sensitive to the size of the state space
(which may be infinite or arbitrarily large).  There is a growing
body of knowledge in this field which has a very exciting future.
The intention of this workshop is to build a forum for exchanging
ideas and experiences by bringing together theoreticians, tool
builders, as well as practitioners who are interested in this
emerging area of research in formal verification.

The workshop will be co-located with European Joint Conferences on
Theory and Practice of Software 2005 2-10 April 2005, in Edinburgh,
Scotland.  The two day workshop will be held on 2nd and 3rd April

                         Program Committee

Ramesh Bharadwaj   (Program Chair) Naval Research Laboratory USA
Tevfik Bultan  University of California, Santa Barbara USA
Supratik Chakraborty IIT, Mumbai IN
Michael Colon  Naval Research Laboratory USA
John Goodenough Software Engineering Institute, CMU  USA
Ralph Jeffords  Naval Research Laboratory USA
Supratik Mukhopadhyay   West Virginia University  USA
Abhik Roychoudhury  National University of Singapore SG
Stefan Schwoon   University of Stuttgart  D
Sandeep Kumar Shukla  Virginia Tech  USA


                  John Musa's "Professor's Corner"

             Software Reliability Engineering website:
            The essential guide to software reliability

The following might perhaps be of interest to you.  I often receive
email questions and requests for information on many different
aspects of software

reliability engineering, and I have provided some of this
information on my website. I recently decided to organize this more
carefully. In addition to  the information I provide about my
training and consulting services and new book, I have set up five
noncommercial areas of interest to support the general software
reliability engineering community. These are: Orientation, the
Professors' Corner, the Researchers' Corner, the Practitioners'
Corner, and Resources for Everyone. The material includes some
material I prepared myself and carefully selected hyperlinks to high
quality material appearing elsewhere on the Internet. This website
has been in existence for almost 9 years, and I would expect to
maintain it for the foreseeable future.

The Professors' Corner includes a link to software reliability
engineering slides and course materials. The Researchers' Corner
include links to software failure data and an enormous archive of
debugging histories of programs suitable for reliability research.
The Practitioners' Corner includes links to standards and a
continually updated bibliography of published articles on actual
applications of software reliability engineering. Resources for
Everyone includes links to the software reliability estimation
program CASRE, the CASRE Forum, CASRE Support, and ISSRE. There is
also information on the SRE Network and the Technical Committee on

Please feel free to use this material as indicated and to encourage
others to use it. Although some of it is copyrighted, in most cases
permission to use is granted as long as it is not sold or
commercially exploited and proper credit is given. Also, please let
me know of the existence of other high quality material of general
interest on software reliability engineering if you think it might
be beneficial to include it or provide hyperlinks to it.


          Software Engineering for Secure Systems (SESS05)
                 Building Trustworthy Applications

                          May 15-16, 2005
                      St. Louis, Missouri  USA

                       An ICSE 2005 workshop

Theme and goals

Every software application is built and deployed to accomplish some
goal pursued by its interested parties. Thus, software engineers aim
at designing, implementing, and maintaining valid applications that
meet the needs of stakeholders. However, every application can be
also potentially misused, that is, used to pursue goals that
contrast the ones intended by stakeholders. Therefore, software
engineers should try to design applications  that, while still
valid, are also trustworthy and cannot be misused. Validity and
trustworthiness are goals that often cannot be achieved either
because they are too costly or because they stem from conflicting
needs. Historically, the software engineering community has strived
more to obtain validity than trustiness. Nowadays, however, software
ubiquity in the creation of critical infrastructures has risen the
value of trustworthiness and new efforts should be dedicated to
achieve it.

The major source of vulnerability of systems has been recognized to
be poor-quality software. However, while secure applications are
also valid and  robust ones, security is  a specific non-functional
requirement that has to be explicitly and carefully taken into
account during analysis, implementation, testing, and deployment.
Moreover, some of the most successful techniques used by software
engineers may conflict with security objectives. Abstraction, for
example, is the invaluable device the designers use in order to cope
with complexity, but, since it is rarely applied as a pure
mathematical generalization, it could force one to neglect details
that can be exploited to misuse an application; late binding, while
a fundamental tool in pursuing design for change, could be hijacked
to adapt systems to malicious goals; COTS, commercial off-the-shelf
components, if they might foster the profitableness of software
industry, they also introduce black-box subsystems that are
difficult to manage when reasoning about the chain of trust of the
whole system.

This workshop will provide a venue to discuss techniques that enable
the building and validation of secure applications. We are
especially interested in (1) design and implementation approaches
that make it easier to deal with security requirements, and (2)
program analysis techniques that enhance the trustworthiness of

Areas of interest include, but are not limited to:

  o Security requirements management
  o Architecture and design of trustworthy systems
  o Architecture and design of protection systems
  o Separation of the security concern in complex systems
  o Secure programming
  o Black box components trustworthiness
  o Security testing
  o Trustworthiness verification and clearance
  o Defining and supporting the process of building secure software
  o Deployment of secure applications


      Danilo Bruschi, Universita' degli Studi di Milano, Italy
        Bart De Win, Katholieke Universiteit Leuven, Belgium
       Mattia Monga, Universita' degli Studi di Milano, Italy


             The eValid Suite: A Quick Feature Summary

eValid technology incorporates virtually every quality and testing
functionality in a full-featured browser.  Here is a summary of the
main eValid benefits and advantages.

  o InBrowser(tm) Technology.  All the test functions are built into
    the eValid browser.  eValid offers total accuracy and natural
    access to "all things web."  If you can browse it, you can test
    it.  And, eValid's unique capabilities are used by a growing
    number of firms as the basis for their active services
    monitoring offerings.

  o Mapping and Site Analysis.  The built-in WebSite spider travels
    through your website and applies a variety of checks and filters
    to every accessible page.  All done entirely from the users'
    perspective -- from a browser -- just as your users will see
    your website.

  o Functional Testing, Regression Testing.  Easy to use GUI based
    record and playback with full spectrum of validation functions.
    The eV.Manager component provides complete, natural test suite

  o LoadTest Server Loading.  Multiple eValid's play back multiple
    independent user sessions -- unparalleled accuracy and
    efficiency.  Plus: No Virtual Users!  Single and multiple
    machine usages with consolidated reporting.

  o Performance Tuning Services.  Outsourcing your server loading
    activity can surely save your budget and might even save your
    neck!  Realistic scenarios, applied from multiple driver
    machines, impose totally realistic -- no virtual users! -- loads
    on your server.

  o Web Services Testing/Validation.  eValid tests of web services
    start begin by analyzing the WSDL file and creating a custom
    HTML testbed page for the candidate service.  Special data
    generation and analysis commands thoroughly test the web service
    and automatically identify a range of failures.

  o Desktop, Enterprise Products.  eValid test and analysis engines
    are delivered at moderate costs for desktop use, and at very
    competitive prices for use throughout your enterprise.

  o HealthCheck Subscription.  For websites up to 1000 pages, eValid
    HealthCheck services provide basic detailed analyses of smaller
    websites in a very economical, very efficient way.

  o eValidation Managed Service.  Being introduced soon.  the
    eValidation Managed WebSite Quality Service offers comprehensive
    user-oriented detailed quality analysis for any size website,
    including those with 10,000 or more pages.

       Resellers, Consultants, Contractors, OEMers Take Note

We have an active program for product and service resellers.  We'd
like to hear from you if you are interested in joining the growing
eValid "quality website" delivery team.  We also provide OEM
solutions for internal and/or external monitoring, custom-faced
testing browsers, and a range of other possibilities.

Let us hear from you!  Use this request form:


                    Fifth International Workshop
                  Web Based Collaboration (WBC'05)

                        August 22 - 26, 2005
                        Copenhagen (Denmark)


In the last few years, the applicability and functionality of
systems for collaboration support has expanded, leading to their
growing application in organizational, communication, and
cooperation processes. This provides opportunities to study their
technical, business and social impacts. Usually an integration of
incoming technology with existing organizational practices is very
challenging. The knowledge gained from such experiences is a
valuable resource for all those who plan to develop software tools
to support team interaction.

At the same time we observe a growing influence of World-Wide Web.
WWW - by now the most popular service over the Internet - evolves
rapidly, from a simple, read-only data storage system, as it was a
few years ago, to nowadays universal, distributed platform for
information exchange. New Web-based applications with freely
distributed data, end-users, servers, and clients, operating
worldwide, are central topics of many research activities. Recently
the WWW has also been perceived as an attractive base for a
distributed computer system supporting cooperative work, since the
Internet is the most flexible network with the architecture that
could support group activities to maximum extent.

In parallel to the WWW evolution we observe a growing impact of new
technologies: agent systems, mobile computing, workflow, and
ubiquitous computing. We can expect that these technologies will
also exert a large influence on group/organizational structures and

All the aforementioned emerging new technologies are exciting in
their own right, but their technological and organizational
integration to support collaboration raises many interesting
questions and is a challenging, new research agenda.

WBC'2005 is a continuation of the previous successful workshops on
Web Based Collaboration, organized in September 2001 in Munich,
Germany, in September 2002 in Aix-en-Provence, France, in September
2003 in Prague, Czech Republic and recently in September 2004 in
Zaragoza, Spain.

WBC'2005 attempts to integrate two themes of practice and research:
the functional, organizational, and behavioral issues and the
modeling or implementation issues associated with collaborative Web
based work. WBC'2005 brings together practitioners and researchers
from different domains working on design, development, management,
and deployment of Web-based systems supporting teamwork within

emphasis on their relation to collaboration. The Relevant topics may
include the following (but not limited to):

- Collaborative Systems: strategies of human cooperation over the Web,
  computer platforms and architectures in support of remote
  cooperation, mediators, wrappers, design and implementation issues
  of collaborative applications;

- Agent Technologies: agents supporting cooperation, agents for
  finding, collecting and collating data on the Web, brokering agents,
  agent-communication languages;

- Software Engineering: modelling languages and tools of collaborative
  systems, programming languages concepts and paradigms supporting
  cooperation,facilities and environments for implementing
  collaborative systems, languages for the descriptions of
  collaboration, cooperation and coordination between agents;

- Interoperability Infrastructures: compositional software
  architectures in support of collaboration, combining distributed
  object management platforms with Web and Java for cooperative
  applications, middleware infrastructures, describing metadata on the
  Web, providing semantic interoperability through metadata, emerging
  interoperability standards;

- Dataweb Technology and Database Infrastructure for collaboration:
  Web access to databases including Java Database Connectivity,
  database Web servers, Web interfaces to databases, database Web

- Workflow Systems: workflow architectures in support of collaboration
  processes, modeling of cooperation processes, truly distributed
  enactment services and interoperability of workflow engines, dynamic
  modification of running workflows;

- Electronic Business: establishment of contacts, suppliers search and
  negotiation, contract negotiations, Business-to-Business and
  Business-to-Employee cooperation support, establishment and
  coordination of virtual enterprises, shared business processes.

                    Program Committee Co-Chairs

                    Prof. Waldemar Wieczerzycki

                       Dr Jarogniew Rykowski

                 The Poznan University of Economics
                       Al. Niepodleglosci 10
                           60-967 Poznan
    ------------>>> QTN ARTICLE SUBMITTAL POLICY <<<------------

QTN is E-mailed around the middle of each month to over 10,000
subscribers worldwide.  To have your event listed in an upcoming
issue E-mail a complete description and full details of your Call
for Papers or Call for Participation at

QTN's submittal policy is:

o Submission deadlines indicated in "Calls for Papers" should
  provide at least a 1-month lead time from the QTN issue date.  For
  example, submission deadlines for "Calls for Papers" in the March
  issue of QTN On-Line should be for April and beyond.
o Length of submitted non-calendar items should not exceed 350 lines
  (about four pages).  Longer articles are OK but may be serialized.
o Length of submitted calendar items should not exceed 60 lines.
o Publication of submitted items is determined by Software Research,
  Inc., and may be edited for style and content as necessary.

DISCLAIMER:  Articles and items appearing in QTN represent the
opinions of their authors or submitters; QTN disclaims any
responsibility for their content.

TRADEMARKS:  eValid, HealthCheck, eValidation, InBrowser TestWorks,
STW, STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR,
eValid, and TestWorks logo are trademarks or registered trademarks
of Software Research, Inc. All other systems are either trademarks
or registered trademarks of their respective companies.

        -------->>> QTN SUBSCRIPTION INFORMATION <<<--------

To SUBSCRIBE to QTN, to UNSUBSCRIBE a current subscription, to
CHANGE an address (an UNSUBSCRIBE and a SUBSCRIBE combined) please
use the convenient Subscribe/Unsubscribe facility at:


               Software Research, Inc.
               1663 Mission Street, Suite 400
               San Francisco, CA  94103  USA

               Phone:     +1 (415) 861-2800
               Toll Free: +1 (800) 942-SOFT (USA Only)
               FAX:       +1 (415) 861-9801
               Web:       <>