Many companies have implemented quality programs such as CMM®, TQM, Six Sigma, etc., to improve requirements and software development. However, these initiatives often focus on building the software right-meeting quality expectations and specifications-but do not necessarily focus on building the right software-the right functionality at the right time and at the right cost from the customer's perspective. Unmesh Gundewar explains how EMC employed the Goal, Question, Metric (GQM) methodology to identify key measurements that ensure the "right software" is being developed. Learn how EMC applies the Six Sigma approach to drive these measurements into the organization and the resulting software. Move beyond the processes designed to get functional requirements and specifications right as Unmesh shares experiences, the challenges faced, and lessons learned from building the right software.

If your organization aspires to higher maturity, such as CMMI® Level 4 or 5, your Quality Assurances process capability must measure up. As process action team leader, group process assessor, and trainer, Steven Thompson has developed, deployed, and maintained systems for quantitatively managing and continuously improving QA activities in his organization. These systems were formally assessed as satisfying CMMI® Capability Level 5 for the Process and Product Quality Assurance process area, and his organization has been formally assessed at CMM®/CMMI® Level 5 Maturity. Join Steven as he describes his journey growing a QA process capability to Level 5 in a Level 5 company. Learn about their quality management system, encompassing planning and reporting, and find out more about their QA Quantitative Management Model and QA Continuous Improvement Model.

• Mechanisms to quantitatively manage and improve QA

Security QA testing is still in its infancy, yet the number of vulnerabilities found in applications is increasing-up by 75 percent in 2001 according to Gartner Group. Although software teams are learning about the types of coding and configuration errors that expose vulnerabilities in an application, a comprehensive QA methodology must be applied to reduce security risk. This means testers need a security policy that can serve as the basis for automated tests. Security experts can define these policies, but testers need to know how to effectively run the security tests in an automated environment to locate vulnerabilities, evaluate their results, and enter bugs for failed tests in a defect tracking system. By automating security tests, organizations can significantly reduce risk and maximize existing resource productivity.

• Reduce the cost of development by finding security holes early in the cycle, before release

Projects that use eXtreme programming (XP) often do not use commercial GUI test tools, finding it more useful to build their own support for test automation. This session explains the strategies they've used, which can actually cross over to any project where developers take responsibility for building support for automated testing. The XP community has already made an impact on the tools and practices for unit testing in the wider development community. The instructor reviews the potential impact on customer-perspective testing.

• Share experiences in building in-house GUI test tools
• How and when to build and use test APIs
• Open-source tools to support these approaches