TUV SUD - OpenChain Third Party Certification

•

1 like•381 views

This document discusses TÜV SÜD's third party certification for open source software compliance. It provides an overview of why organizations pursue third party certification rather than self-certification. The certification evaluates an organization's processes for managing open source license compliance, including roles, guidelines, training, and documentation. The document includes a case study of TÜV SÜD working with Hitachi to achieve the first open source license governance certification, which was awarded after multiple audit stages over 9 months. The certification is intended to help create trust in supply chains and safe open source use.

Software

FOSS sicher in IoX-Projekten verwenden - IoT Conference Munich
FOSS in complex systems
2
Modul-Level
Component-
Level
System-Level
System
Component 1
Modul A
Modul B
Component 2Modul C

OpenChain
FOSS sicher in IoX-Projekten verwenden - IoT Conference Munich3

Why a 3rd Party Certification?
Self-Certification vs Third-Party Certififcation
Internal
Ø Internal Snapshot
Ø Identification of issues
Ø Documentation of the current
development processes
External
Ø Independent assessment
Ø Competitive advantage
Ø Can serve as evidence for an
appropriate compliance system
in case of dispute
FOSS sicher in IoX-Projekten verwenden - IoT Conference Munich4

FOSS sicher in IoX-Projekten verwenden - IoT Conference Munich
FOSS Governance Certification
5
Monitored
Process
FOSS
Licence
com
pliance
FOSS process
definition
Internal/ Extern
communication
FOSS conceptFOSS roles
FOSS
compliance
case

TÜV SÜD third party certificate (NEW)
TÜV SÜD Japan Slide 6
Product certificate
+ “License checked” scope (option)
• Focus on the product.
• Added the “License checked scope” to existing
quality product certificate. (Option)
Open Source License Governance Process
Certificate
• Focus on the organisation’s processual means
to handle Free and Open Source Software.
• Defined by TÜV SÜD is based on the
specification of the OpenChain project.
Sample mark

Open Source License Governance Process
Certificate
TÜV SÜD Japan Slide 7
• Subject
The tested organisation’s process means to manage the correct usage of Free and
Open Source Software.
• Basis
The TÜV mark is awarded within the framework of voluntary testing and certification.
The test program defined by TÜV SÜD is based on the specification of the
OpenChain project. The testing parameters focus on the tested organisation’s
processual means to handle Free and Open Source Software.

Certification Mark Statements
TÜV SÜD Japan Slide 8
Within this testing scheme the following parameters are evaluated:
l Internal Processes and Guidelines targeting FOSS
• Organisation’s policy regarding FOSS usage and contribution
• License handling within the organisation
• Use cases of FOSS software within the organisation
• Used information resources in the FOSS community
• Internal information sources
• Work instructions
• Guidelines
• Templates
• Software Release Management
• Complaint Management
• Documentation Strategy
• Process Assurance
l Roles
Identification of Roles
Definition of FOSS officer/FOSS Liaison
Definition of FOSS multiplicator roles
FOSS contacts for external requests
l Skill Management
Identification of minimum skillset per role
Training strategy

Case study : Certificate activity step
TÜV SÜD Japan Slide 9
Event Activity
Step1 Kick off meeting (2days) Agreed the scope and check the current status
(Quick audit for gap analysis).
Step2 Evaluation phase Offline review of general process.
Step3 Final audit (2days) Discussion of open points for the final check.
Evidence check for actual application (sample
check).
Step4 Official Report Finalized checklist and certificate report as final
output.
Step5 Certificate -

Case study : Schedule
Month
1
Month
2
Month3 Month4 Month5 Month6 Month7 Month8 Month9
Kick off
meeting
Evaluation
phase
Final audit
Official
report
Certificate

Case study : Successful project
11
• Open Source License Governance
Process Certificate
(Issued on 27th Nov 2018)
• First certificate project of TÜV SÜD
group finished successfully with
Hitachi,Ltd.

TÜV SÜD Japan Slide 12
TÜV SÜD will contribute to create
the trust network between supply
chains through this certificate
service, and be safe for use of free
open source software in the world.

FOSS sicher in IoX-Projekten verwenden - IoT Conference Munich13
Nicole Pappler
Program Manager
nicole.pappler@tuev-sued.de
Kayoko Takanishi
Senior Expert
kayoko.takanishi@tuv-sud.jp
Andreas Bärwald
Head of Software Solutions
andreas.baerwald@tuev-sued.de

This document discusses software audits, including an overview of the software audit process and its significance. A software audit is an independent examination of a software product, process, or set of processes to assess compliance. It describes the typical participants in an audit, such as the initiator, lead auditor, and audited organization. The document also covers the types of audits, purposes of audits, principles of audits, steps involved, and top audit software products.

Stlc phases.

Leela Karri

Tester is involved throughout the software development lifecycle (SDLC). Their main responsibilities include: 1. Conducting requirement analysis in the requirements phase and use case analysis in the design phase. 2. Developing test cases and scripts in the development phase and finalizing the test plan. 3. Conducting various types of tests like unit, integration, system and user acceptance testing in the testing phase and maintaining test logs and reports. 4. Preparing training documentation and lessons learned reports to help with deployment in the deployment phase and testing production issues in the support phase.

I software quality

Fáber D. Giraldo

Software quality is defined as the degree to which a system meets specified requirements and customer expectations. It should be predictable, measurable during development and after release, apparent to customers, and continue during maintenance. Implementing standards increases quality, reduces costs and improves manageability. Metrics and measures provide quantitative evaluations of reliability and quality to make objective decisions. Quality assurance activities like verification and validation evaluate the development process and ensure requirements are met.

Software testing presentation

Neeraj Pandey

New Testing Standards Are on the Horizon: What Will Be Their Impact?

TechWell

The history of testing standards has not always been auspicious. Testing standards documents have been expensive to obtain, limited in scope, inflexible in expectations, and inconsistent. However, they contain important lessons learned from experienced practitioners—if a tester is willing to overcome the obstacles to get to the useful information. A set of new international standards is coming. These new standards are tailorable, consistent, and comprehensive in scope. In addition, they will be freely available (some are already). Claire Lohr provides a complete roadmap to all of the available—or soon-to-be-available—testing-related standards. Learn where to go for testing process guidelines, complete definitions of all test design techniques, full examples of test documentation (for both agile and traditional projects), and free international standards documents. Take away a “start-up guide” for how different types of projects can use the new standards along with valuable tips and practical lessons you can get from these standards.

Testing as a Career

Prabal Dutta

Testing Standards List

Professional Testing

This document provides summaries of several software testing standards: 1. IEEE 1028 defines a generic process for formal reviews consisting of entry evaluation, management preparation, planning, overview of procedures, individual preparation, group examination, rework/follow-up, and exit evaluation. 2. ISO/IEC 12207 establishes a framework for software lifecycle processes including acquisition, supply, development, operation, and maintenance processes. 3. IEEE 829 specifies the format of test documentation including test plans, design specifications, case specifications, procedures, transmittal reports, logs, incident reports, and summary reports. 4. ISO 9126 defines a quality model for software evaluation consisting of characteristics like functionality, reliability,

Open Bqr an Open Framework for the assessment of Open Source Software

Davide Taibi

The document proposes a framework called Open BQR (Open Business Quality Rating) to assess and compare open source software. It aims to provide a simple and fast way to evaluate key qualities like functionality, bugs, future support availability. The framework includes a quick filter step, data collection, scoring of indicators, and an overall rating. The document demonstrates Open BQR by comparing open source content management systems based on custom requirements. It concludes by discussing applying Open BQR to more projects and refining the parameters to reduce subjectivity.

The document describes the phases of the Software Testing Life Cycle (STLC). It discusses the 6 main phases: 1) Requirement Analysis, 2) Test Planning, 3) Test Case Development, 4) Environment Setup, 5) Test Execution, and 6) Test Cycle Closure. Each phase has entry and exit criteria, activities, and deliverables. The STLC is a testing process executed in a systematic, planned manner, following the software development life cycle to ensure quality.

Software testing lifecycle

Sohag Babu

This presentation introduces the software testing lifecycle, which consists of requirement analysis, test planning, test design, test environment setup, test execution, and test reporting. It discusses what software testing is, its goals and objectives, basic questions about testing, different testing methodologies like white-box and black-box testing, types of testing like unit, integration, system, and performance testing, and the bug lifecycle. The presentation is intended to provide an overview of the key concepts in software testing.

Syllabus ref01

SongTu

This document outlines a software testing curriculum covering various testing methodologies, techniques, and best practices. It includes sections on testing fundamentals, requirement reviews, test planning and execution across different phases, white and black box testing techniques, test planning, defect reporting and tracking, and testing in common software development life cycles. The overall goal is to introduce readers to core concepts in software quality assurance and provide guidance for implementing effective testing strategies.

Short definitions of all testing types

Garuda Trainings

Software testing is the process of executing software in a controlled manner. It is often used in association with the terms verification and validation. Verification is the checking or testing of items, including software, for conformance and consistency with an associated specification. Software testing is just one kind of verification, which also uses techniques such as reviews, analysis, inspections and walk throughs. Validation is the process of checking that what has been specified is what the user actually wanted.

Software testing

Andhra University

This document discusses software testing, including an overview of the test process and types of testing. It describes the test process as having stages from unit testing to acceptance testing. A test plan is created before testing and includes what will be tested, the test environment, and approvals. The main types of testing covered are black box testing which tests functionality without knowledge of internal structure, white box testing which tests internal structure, alpha and beta testing which test before and after release, and defect testing which aims to find defects before delivery.

Сертификация ISTQB

SQALab

The ISTQB certification provides standardized testing qualifications across multiple levels - Foundation, Advanced, and Expert. The Foundation level ensures understanding of fundamental testing practices, Advanced focuses on more sophisticated techniques, and Expert covers leading-edge methods. Over 100,000 testers across 46 countries have been certified, demonstrating mastery of best practices. Certification benefits testers, organizations, and advances the software testing profession as a whole.

Synthesizing Knowledge from Software Development Artifacts

Jeongwhan Choi

Introduction to Testing Industry

Sergejus Bartos

The document provides an introduction and overview of the software testing industry. It discusses that software testing involves finding bugs in a program or application. The software testing industry is large and growing, with forecasts of over $100 billion euros spent on testing by 2014. The history of software testing is explored from the 1950s to present day, covering the development of key methods, publications, and events. Different schools of testing and influential figures are also mentioned.

The Existing Standards of Software Testing

QATestLab

Uni of Auckland Lecture 20110823

Farid Vaswani

Farid Vaswani has over 12 years of experience in IT, including 7 years in software testing and 4 years in lead/management positions. He currently works as a Testing Manager at the University of Auckland, overseeing a team of 8-20 testers responsible for testing over 35 applications and 95 integration items. In this role, he is responsible for all aspects of testing, including functional, integration, performance, security and disaster recovery testing. He also serves as an Associate Board Member for the ANZ Testing Board, where he works to enhance career opportunities for testing professionals.

Sibos 2017: Disruptive functional testing - the next frontier in post-trade s...

Iosif Itkin

16 October 2017 Sibos Toronto Presentation by Iosif Itkin, Exactpro CEO and co-founder London Stock Exchange Group Disruptive functional testing - the next frontier in post-trade systems verification The operators of complex back office and post-trade systems interconnected by SWIFT and other communication protocols are trying to keep pace with the front office technology advances, rising data volumes and changing regulatory landscape. The industry actively adopts flexible development methodologies to speed up the software delivery process. What aspects of software quality are not covered by regular performance / failover testing and the agile development life cycle? Disruptive functional testing is a way to prepare your mission-critical infrastructure for any challenges the future may bring. Ideas for this presentation are drawn from our work with LCH, T2S, clearing and settlement systems worldwide.

QualityGate for buyers of custom software

Dr. Tibor Bakota

You can use QualityGate to evaluate the source code maintainability of the software you are adopting. QualityGate qualifies the system in terms of maintainability based on hundreds of source code metrics, coding issues, vulnerabilities, code copies, etc. By comparing these attributes to thousands of other systems' in our benchmarks, you get an objective picture where your system stands in terms of maintainability compared to others. Of course, it is not only the quality of the system that is revealed but also the reasons that led to a particular qualification.

Using Cluster Analysis for Characteristics Detection in Software Defect Reports

Iosif Itkin

Anna Gromova and Olga Moskaleva, Exactpro Researchers, participated in the Sixth International Conference on Analysis of Images, Social Networks and Texts, AIST 2017 AIST is a conference on the Analysis of Images, Social Networks, and Texts. This year, it was held at Moscow Polytechnic University on June 27-29. The conference is intended for computer scientists and industry professionals whose research interests involve applications of data mining and machine learning techniques to various problem domains: image processing, analysis of social networks, and natural language processing. AIST boasts its interdisciplinary nature, bridging the gap between researchers and practitioners. All research papers submitted to the conference went through a double-blind reviewing process and were reviewed by at least three program committee members. The accepted papers were presented by their authors on July 27 and 28. Anna Gromova’s research on Using Cluster Analysis for Characteristics Detection in Software Defect Reports was among this year’s accepted papers. Anna, who is an Exactpro researcher, presented her work in the General Topics of Data Analysis section of the conference. Anna’s research focuses on the metrics and predictions of defect reports. In her research paper, Anna explores the workings of how extended bug attribute analysis can effectively reveal software weaknesses and improve the testing strategy, and how machine learning techniques can facilitate the process of building an automated recommendation system for project managers and QA team leads. Such a system would help them get a better picture of the risks associated with software defects, as well as obtain more accurate information about a bug's lifecycle. “In future, we are planning to build an automated recommendation system based on the cluster analysis of our defect reports. A system like that could be used by all QA team members to improve the existing processes of developing the testing strategies and plans”, says Anna Gromova, Exactpro Researcher.

Functional Testing Tutorial | Edureka

Edureka!

This document provides an overview of functional testing. It defines functional testing as verifying that each function of a software application operates as specified. It discusses the differences between functional and non-functional testing, the objective and focus of each. Steps in functional testing are identified as determining functionality, creating test data, determining expected outputs, executing test cases, and comparing actual and expected outputs. Types of functional testing and techniques are described along with advantages of the Selenium tool for automation.

Software testing basic concepts

Raju Jadhav

This document provides an overview of software testing concepts, including: - Definitions of software testing and related terms - The software testing process, including test planning, preparation, execution, reporting, and analysis - Types of testing such as unit, integration, system, and acceptance testing - Tester competencies including both soft skills and technical testing skills - Common testing documents and resources used

Non-Functional Testing at London Stock Exchange

Iosif Itkin

29 November 2016 Harvard Club, New York, QA-Financial Forum Exactpro is the specialist testing subsidiary of the London Stock Exchange Group. In this presentation, Iosif Itkin will cover the wide range of testing requirements faced by broker-dealers, banks and exchanges beyond the requirements of functional testing. Plus: In Conversation with Yann L’Huillier, CIO, Tradition and Iosif Itkin, CEO, Exactpro - Iosif Itkin: Exactpro CEO – The London Stock Exchance Group - Yann L’Huillier: Group Chief Information Officer – Tradition

Introduction to Software Testing

Rajathi-QA

In this quality assurance training session, you will learn introduction to software testing. Topics covered in this course are: • Course Overview • Introduction to Software Testing • Is Testing a Technical role • Project And Product • Quality Assurance Vs Quality Control • QC VS QA • Verification and Validation TO know more, visit this link: https://www.mindsmapped.com/courses/quality-assurance/get-practical-training-on-software-testing-quality-assurance-qa/

ISTQB CTFL Series - Overview

Disha Srivastava

The document discusses the International Software Testing Qualification Board (ISTQB), which defines certification schemes for software testing professionals. It established the Certified Tester Foundation Level (CTFL) certification, aimed at basic software testing knowledge. The CTFL exam contains 40 multiple choice questions testing knowledge (K1-K4 levels) across 6 chapters. It is scored out of 40, with a passing mark of 26. The Foundation Level certification is valid for life and provides international recognition for software testing skills.

Types of testing and their classification

Return on Intelligence

The document outlines various types and classifications of software testing. It discusses different testing schemes including unit, integration, system and acceptance testing. It also covers test approaches such as white-box, black-box and grey-box testing. Functional and non-functional types of testing are described along with positive and negative testing scenarios. The goals, methods, and bases of testing are also addressed at a high level.

Manual Testing Interview Questions & Answers.docx

ssuser305f65

Exploratory testing is a hands-on approach where testers are involved in minimal planning and maximum test execution. The planning involves creating a test charter and objectives, while test design and execution are done in parallel without formally documenting test conditions, cases, or scripts. Some notes are taken during testing to produce a report afterwards. Use case testing identifies and executes the functional requirements of an application from start to finish using use cases. SDLC deals with software development/coding while STLC deals with validation and verification of software. A traceability matrix shows the relationship between test cases and requirements.

Software Testing and Quality Assurance Assignment 3

Gurpreet singh

Short questions : Que 1 : Define Software Testing. Que 2 : What is risk identification ? Que 3 : What is SCM ? Que 4 : Define Debugging. Que 5 : Explain Configuration audit. Que 6 : Differentiate between white box testing & black box testing. Que 7 : What do you mean by metrics ? Que 8 : What do you mean by version control ? Que 9 : Explain Object Oriented Software Engineering. Que 10 : What are the advantages and disadvantages of manual testing tools ? Long Questions: Que 1 : What do you mean by baselines ? Explain their importance. Que 2 : What do you mean by change control ? Explain the various steps in detail. Que 3 : Explain various types of testing in detail. Que 4 : Differentiate between automated testing and manual testing. Que 5 : What is web engineering ? Explain in detail its model and features.