The days of plan-driven command-and-control technical management are gone. Flexible software development and the adoption of agile methods are driving factors. Add to this the fact that the I-decide-You-obey paradigm never worked very well anyway. Today, a coaching model is replacing command-and-control within more self-directed teams. This shift drastically changes the skills required of today’s leaders, many of whom are struggling with questions such as: If I don’t make the decisions, what is my job? Is my position really needed? Am I needed? How can I adapt? Robert Galen explores the key changes required to improve the coaching abilities of managers and project leaders. Taking lessons from agile methods, proven coaching models, and a few gratuitous sports analogies, Robert offers valuable advice for any leader looking to become a better coach who can enable the team to perform at the highest possible level.

In large organizations, it is simply not practical to just “flip a switch” and have your development department start doing full-on agile all at once. Newer agile teams and more traditional or waterfall teams find themselves having to work together during a long transition period or even permanently. Whether your agile-traditional project is dealing with waterfall-up-front (a project approval process), waterfall-at-end (separate system testing), or waterfall-in-tandem (products so complex that multiple teams work together to complete a release), Michele Sliger presents techniques she has used to make coexisting less painful and more productive. Find out the specific points in the project where agile and traditional teams must plan their work together. Learn the special techniques you can use to coordinate ongoing efforts of all participants and ways to review and understand each other’s work patterns and artifacts. Because not all companies will move every software development project to the agile paradigm, the agile-traditional cooperative is even more important to master.

With the emphasis on in-depth customer interaction during development, team members are being asked to take an active role in working with customers. This evolving role poses a big challenge for many who, in the past, rarely met “real” customers. Linda Rising presents patterns she has used successfully to help software professionals in their direct, face-to-face interactions with customers. These patterns describe solutions to common problems that occur again and again dealing with customers and users. The patterns Linda discusses have memorable names such as It’s A Relationship—Not A Sale, Be Responsive, Show Personal Integrity, Build Trust, and Take Your Licks. Pattern names build a vocabulary that allows you and your development team to have meaningful conversations about—and to ultimately improve—customer relationships and the software you deliver.

Most test execution tracking systems are backward looking and do not attempt to quantify what remains to be done. Management, on the other hand, is forward looking—asking, “When will testing be done?” And that question itself is fundamentally flawed, implying that testing is either “done” or “not done.” What management should be asking is “When will the risks be acceptable to release the product?” David Gilbert presents a unique approach to tracking and predicting the progress of testing efforts. Using the metaphor of hurricane tracking, he shows how “what if” scenarios can be created to demonstrate the costs and benefits of various test execution scenarios. Take back novel techniques to provide your team and senior management the key information they need to relate the testing effort to the “bottom line” impact of product release.

As organizations spend more time and money to protect their systems from security breaches, the threat landscape is shifting from widespread attacks to specifically targeted, malicious spyware invasions. Gerhard Eschelbeck presents current research on spyware and how it is different from—and potentially more deadly than—traditional computer viruses. Gerhard offers insights into the changing attack trends from automated worms to targeting users directly via email and the browser. Gerhard discusses how spyware writers take advantage of security flaws in software applications to make systems highly vulnerable targets. He reveals surprising infection data from recent spyware audits and highlights infection rates of systems from different types of spyware—monitors, trojans, adware, and cookies. Learn more about these threats, their propagation strategies, and their infection vectors. Take back best software security practices to help protect your applications, networks, and systems from evolving threats.

One of the features that makes Eclipse so popular within the Java community is the abundance of easy to use plug-ins. Many of these are freely available open-source tools. Plug-ins are available for virtually anything from implementing database connectivity to instant messaging. Because code quality is a critical aspect of production software applications, Eclipse has built-in tools that help developers write and deliver high quality code. Levent Gurses has employed a number of external plug-ins, including PMD, CheckStyle, JDepend, FindBugs, Cobertura, CPD, Metrics, and others to transform Eclipse into a powerhouse for writing, testing, and releasing high quality Java code. Levent shows you how to use Eclipse to improve your team’s coding habits, enforce organizational standards, and zap bugs before they reach the client.

ITIL (IT Infrastructure Library) is a flexible framework for implementing IT Service Management within an organization. Since its introduction in the 1990s, ITIL has mostly been applied within IT operations and excluded from software development; however, more and more IT departments are now asking development to join in. ITIL offers an extensive set of management procedures that are intended to support businesses in achieving higher value for their money and improving quality across the breadth of the IT infrastructure. Join Michael Giacometti to learn what ITIL is and why it is gaining in popularity. Find out how implementing ITIL processes can significantly improve both your time to market and the quality of your software. Michael explains what to do to gain better information about your development and new ways to control investments and quality. Learn about the ITIL framework and see if it is the perfect match for you and your organization.

As agile software development methodologies take hold in the mainstream, organizations are finding that working with outside consultants poses a new set of challenges. In some instances, consulting organizations are able to work within an agile framework quite well. But in other situations, working with a consulting company can be more challenging than the project itself. Connecting outside consultants to your inside processes must be done. Consultants who are interested in, but not experienced with, agile will need an introduction and coaching. Consultants who aren't interested in changing their methodologies will need adaptive processes to match their approach with yours. Alicia Yanik describes how to work with vendors already under contract as well as how to contract with future vendors.

The primary reason that projects deliver significantly less value than customers expect—or fail outright—is incomplete, ambiguous, or poorly understood requirements. Because text-based requirements have been the norm, perhaps they are a part of the problem. Text-based requirements documents have difficulty expressing the needs, desires, and constraints of stakeholders because they use words that, by nature, can have multiple meanings and interpretations. Tom Bullinger suggests that there is a better option for documenting and communicating requirements: a graphical model employing Unified Modeling Language (UML) constructs—activity diagrams, sequence diagrams, and static relationship diagrams—that provide a richer and more expressive language. Join Tom to learn the basics of graphical UML models and see for yourself how visual models can express requirements in a more precise and understandable format.

When it comes to system and acceptance testing, project teams often end up scrambling for resources, late in the project schedule. The test team must be assembled or expanded, learn the application, and improve their skills before testing begins. When the project ends, the team is downsized or disbanded and its knowledge, skills, and experience are all diminished or lost. David Wong thinks there is a better way—organize skilled individuals into a Testing Center of Excellence (TCOE) to leverage their built-up expertise and application knowledge. A TCOE increases operational efficiencies and provides your organization with one-stop shopping for all testing services. The TCOE is responsible for scheduling test cycles, recruiting and training new staff, and retaining a pool of talented test professionals. Staff and infrastructure pooling saves money and allows easier movement between functional and structural testing while allowing the TCOE to deliver high value services such as root cause analysis, performance testing, and security testing. Come and see if a Testing Center of Excellence is in your future.

Web 2.0 promises to make Web applications far more usable and enjoyable than we have ever imagined. We have just begun to digest the host of exciting Web 2.0 technologies such as AJAX, SOAP, RSS, and “mashups.” However, are we making a big mistake by increasing the complexity of Web applications without taking new security risks into account? Will Web 2.0 usher in the next great Internet expansion or turn it into a landscape where consumers are too frightened to pull out their credit cards? Michael Sutton explains how poor coding practices in the Web 2.0 technologies can expose new Web site vulnerabilities that put your company at risk. He demonstrates case studies illustrating real world examples of Web 2.0 exploitations. Most importantly, Michael describes secure coding practices in the Web 2.0 world that will help you avoid turning these next generation Web technologies into a hacker’s dream.

As manager of a software team, you often rely on your staff for assistance when conducting technical interviews to fill positions in your organization. However, even the most technically competent people may not necessarily be good interviewers. Some reasons include lack of interest, thinking that they “can just tell” if a candidate is a good fit, or simply not knowing the fundamentals of interviewing. All these issues must be addressed to improve the interviewing skills of your staff. Michael Kahn discusses the direct and indirect costs of a bad hire and why your staff should take interviewing seriously. He focuses on pre-interview planning—what should be done beforehand to achieve a successful interview. Learn to design effective questions for assessing not only the technical skills of software professionals but also their ability to fit socially within your team. Take back a systematic approach for evaluating candidates after the interviews to choose the best possible person for your team.

Marketers often emphasize the enormous advantage of being first-to-market, but is being first really an advantage? Looking at some of the spectacular successes of products, brands, and technologies, you will see that, contrary to popular belief, so-called first-to-market products like Netscape Navigator, PalmPilot, and iPod were actually later arrivals that became more successful than the originals. Why did they succeed when their predecessors didn’t, and why were they so widely perceived as revolutionary? Michael Bolton shows how general systems thinking can help us identify factors that govern the success or failure of an innovative product, service, or strategy. By taking a general systems view, you will understand that the notion of “first” depends on the features or attributes that we choose to observe or ignore. Winners aren't merely “first”—they're the first with attributes interesting enough to the “right” people to make them successful.

Agile practitioners are aware of the business benefits that can be derived from faster and more effective software delivery. At the same time, companies in many industries are facing increasing regulatory compliance issues. What do you do when you want to apply agile software development methodologies in an audited, validated industry? How do you get regulators, who want your software to work right and who have the force of the law behind them, to believe that it's all going to be OK using agile development? Eugene Levin describes the motivation for introducing an agile methodology framework to complement Citigroup's waterfall SDLC process, the challenges related to using a light-weight agile methodology in a regulated industry, the experience of defining Citigroup's Disciplined Agility process, and the lessons learned in piloting the company-wide adoption of agile development.

Today, the competitive marketplace demands the best of everything—the highest quality, lowest costs, and shortest possible schedule. The Team Software Process (TSP) and the Personal Software Process (PSP) shift the focus away from testing and verifying at the back-end to encouraging each engineer and the team as a whole to prevent defects throughout the project lifecycle. Incorporating Six Sigma quality practices with TSP/PSP can improve the quality-cost-schedule relationship even more. Mukesh Jain shares his experiences in implementing TSP/PSP and Six Sigma at Microsoft. He offers examples of how their teams have obtained a better work-life balance while still delivering very high quality products (67% totally defect free), on schedule (94% on time), and within budget. Mukesh highlights some common pitfalls to avoid when using TSP/PSP and Six Sigma.

How do we know if we have made the right choices regarding the way we tested a product? Did we focus our efforts in the right areas? Only a careful and orchestrated analysis of customer-found bugs will give us the answers. You can obtain a wealth of information from post-release bugs: the need for more code coverage in our tests, the value of our regression testing, the validity of our load generating scripts, our choices of target environments, tests we do not need to run, and more. Evelyn Moritz describes how to gather, analyze, categorize, and measure customer-found bugs in ways that will help testers and test departments become more efficient and effective at finding the types of bugs that impact their customers the most.

Security threats are becoming increasingly more dangerous to consumers and to your organization. Paco Hope provides the latest on static analysis techniques for finding vulnerabilities and the tools you need for performing white-box secure code reviews. He provides guidance on selecting and using source code static analysis and navigation tools. Learn why secure code reviews are imperative and how to implement a secure code review process in terms of tasks, tools, and artifacts. In addition to describing the steps in the static analysis process, Paco explains methods for examining threat boundaries, error handling, and other “hot spots” in software. Find out about the analysis techniques of Attack Resistance Analysis, Ambiguity Analysis, and Underlying Framework Analysis as ways to expose risk and prioritize remediation of insecure code.

The Web has enabled pervasive global information sharing, commerce, and communications on a scale thought to be impossible only ten years ago. At the same time, the Web dealt a setback in the user interface experience of networked applications. Only now are Web standards and technologies emerging that can bring us back to the rich and robust user experiences that were developed in the desktop client/server era before the Web came along. Wayne Hom presents examples of great, rich client Web user interfaces and discusses the enabling tools, technologies, and methodologies for today’s popular Web 2.0 approaches. Wayne discusses the not-so-obvious pitfalls of the new technologies and concludes with a look at user interface opportunities beyond the current Web 2.0 state-of-the-art to see what may be possible in the future.