[TIP] Web Application Testing Code of Ethics?
noah.gift at gmail.com
Wed Nov 19 23:47:10 PST 2008
On Thu, Nov 20, 2008 at 2:19 AM, Ben Finney
<ben+python at benfinney.id.au<ben%2Bpython at benfinney.id.au>
> "Noah Gift" <noah.gift at gmail.com> writes:
> > If I was in his position, I would tell the developer(s) that
> > routinely give him broken web apps that they were poor developers
> > for not including at least some basic tests. These could even be
> > minimal, like a script that connects to the database and tests a
> > couple of URL parameters for example.
> I recommend that anyone being asked to pay for software should receive
> the functional application, its source code, and the full automated
> test suite for the entire application as a routine part of the
> In other words, sufficient to, if and when the customer chooses, and
> without needing any further consultation with the vendor, allow the
> customer to take the whole lot to a trusted third party expert, ask
> *them* to examine the source code to see if it's of good quality, and
> examine the automated test suite to ensure it's comprehensive and
> matches the requirements, and that all of those match with the
> application as supplied.
> All of these are perfectly reasonable requirements, and no competent
> vendor can claim that they aren't necessary or that they're extra
> burdens on the process. They are the equivalent of land assessments,
> architectural blueprints, circuit diagnostic logs, and other
> supporting expert documentation of the design and engineering process
> that are routine in the process of building anything else to someone's
> Even if the customer can't *themselves* make use of these documents
> (although it's never wise to assume that the customer can't understand
> at least some of the technical stuff you're doing), they are thereby
> assured that their vendor accepts peer scrutiny of their work if it
> becomes necessary.
> It is astounding that so many vendors, and so many customers, expect
> that these can be omitted from the deliverables of the project. Yet
> there is no good reason for it, and we should be challenging that
> status quo and expecting the same quality of relationship that any
> other customer of a design or engineering profession would expect.
That is exactly what I was thinking by a code of ethics as an engineer. I
think there is a natural pull against more formal testing of small web
applications for 3rd party web dev shops when often those applications are
the analogy of a blueprint, or perhaps line drawing for an electrical
engineer. One potential problem though, is that IT doesn't require
certification, and software developer is a broad term. Getting a CTO at a
small company to mandate full test coverage for web applications might be
tough as there isn't necessarily an agreed upon level of testing before an
engineer or company is considered irresponsible. There is pressure to
produce quickly, and "fix it on the back end". Often small shop web
developers are self taught developers with minimal software engineering
I wonder if we could come up with a simplified standard of ethical testing,
akin, to the golden rule, which is a pretty simple way of saying be good.
Maybe it could be that if you use persistence, at a minimum, it should be
> > Is there anything I could point him to that could help convince the
> > CTO and developers at this company that testing is just ethical?
> Hopefully the above analogy can be helpful.
> \ "I bought some batteries, but they weren't included; so I had |
> `\ to buy them again." —Steven Wright |
> _o__) |
> Ben Finney
> testing-in-python mailing list
> testing-in-python at lists.idyll.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the testing-in-python