DOCSLIB.ORG

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 FDA White Oak Campus Silver Spring, MD

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 FDA White Oak Campus Silver Spring, MD FDA CENTER FOR DEVICES & RADIOLOGICAL HEALTH (CDRH) PRESENTS A PUBLIC WORKSHOP: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 FDA White Oak Campus Silver Spring, MD VerDate Sep<11>2014 17:28 Oct 17, 2018 Jkt 247001 PO 00000 Fmt 4703 Sfmt 4703 E:\FR\FM\18OCN1.SGM 18OCN1 2 WELCOME January 29, 2019 Dear Colleagues, On behalf of the FDA, it is with great enthusiasm that I welcome you to our 2-day public workshop, ‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices’. Advancing and safeguarding the nation’s public health warrants attentiveness to the total product life cycle (TPLC) of medical devices, from design to obsolescence. FDA has leveraged this holistic view in its approach to medical device cybersecurity. In 2014, we issued final premarket guidance describing factors that manufacturers should consider in the design and development of medical devices to assure cybersecurity, maintain functionality, and reduce potential risk to patients. To keep apace with the rapidly evolving nature of cyber threats, we’ve recently updated our guidance so that manufacturers can be in the best position to proactively address cybersecurity when they are designing and developing their devices – helping to protect against different types of cybersecurity risks, from ransomware to potential catastrophic attacks on health systems and/or on multiple patients. The updated guidance released as DRAFT in October 2018 includes new considerations for device design, labeling and documentation that the FDA recommends be included in premarket submissions for medical devices with cybersecurity risk. As we reflected on the current landscape during guidance drafting sessions, three cornerstone principles emerged that, in turn, have become the themes of this workshop – trustworthiness, transparency and resilience. When established appropriately in the premarket (design/build) phase, they are, in our view, critical anchors to medical device cybersecurity that set the course for stronger security and improved resilience throughout the product’s use life. While this public meeting builds on the foundational work of prior FDA medical device cybersecurity workshops showcasing collaborative efforts, discussing standards and risk assessment tools and engaging the multi-stakeholder community in focused dialogue on unresolved gaps and challenges, we are especially interested in seeking your input on novel concepts introduced in the guidance. These include: tiering of cybersecurity risk; cybersecurity bill of materials (CBOM); threat modeling and designing for increased resilience, since even with the most robust ‘built in’ protections, incidents and exploits cannot be entirely eliminated. We express overwhelming appreciation to all that made this public meeting possible. Much gratitude goes to FDA’s Center for Devices and Radiological Health Cybersecurity Working Group, the Emergency Preparedness/Operations & Medical Countermeasures Program, Office of Communications and Education staff, and Center Science Council staff. Planning, organizing and executing a meeting of this size and magnitude is a massive undertaking and today’s workshop would not have occurred without their herculean efforts. We would also like to recognize our speakers, moderators, panelists, and facilitators for taking time out of their hectic schedules to partner with us in strengthening cybersecurity within the healthcare and public health sector. Today we are seeing early fruits of our collective labor, achieved through a “whole of community” approach, and we look forward to your ongoing participation. We may approach cybersecurity from different vantage points, but we all have one common goal and that is to protect patients. Sincerely, Suzanne B. Schwartz, MD, MBA 3 Workshop Themes: Trustworthiness, Transparency, and Resilience Workshop Objectives 1. Catalyze critical discussion to help inform finalization of the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices guidance. 2. Foster dialogue on cross-stakeholder efforts to address current and emerging medical device cybersecurity gaps and challenges. 3. Spur collaborations to enable trustworthiness, transparency, and resilience in medical device cybersecurity. 4. Examine considerations for integrating principles of threat modeling and cyber safety into the design of resilient medical devices. 5. Facilitate discussion on Cybersecurity Bill of Materials. 4 FDA Disclaimer The views expressed in this Public Workshop are those of the authors and do not necessarily reflect the official policy or position of the U.S. Food and Drug Administration, the Department of Health and Human Services, or the United States Government, and should not be used for advertising or product endorsement purposes. Reference to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its approval, endorsement, recommendation, or favoring by the United States Government or any department, agency, office, or branch thereof. 5 Contents Contents Content of Premarket Submissions for Management of Cybersecurity in Medical Devices ........................ 1 WELCOME ..................................................................................................................................................... 3 Workshop Themes: ....................................................................................................................................... 4 Trustworthiness, Transparency, and Resilience ........................................................................................... 4 Workshop Objectives .................................................................................................................................... 4 FDA Disclaimer .............................................................................................................................................. 5 Contents ........................................................................................................................................................ 6 Agenda at a Glance ..................................................................................................................................... 10 Cybersecurity Public Workshop Session Descriptions, Objectives and Questions for Consideration ........ 12 Speaker Biographies .................................................................................................................................... 25 Laura M. Alfredo ..................................................................................................................................... 25 Nina Alli ................................................................................................................................................... 26 Denise Anderson, MBA, BA, EMT, NIMS ................................................................................................. 27 Jennings R. Aske, JD, CISSP, CIPP/US....................................................................................................... 28 Daniel Beard ............................................................................................................................................ 29 Chris Bitza, GSLC, GSIF, GSEC .................................................................................................................. 30 Seth D. Carmody, Ph.D. ........................................................................................................................... 31 Joseph Chapman, MS .............................................................................................................................. 32 Penny Chase, S.M. ................................................................................................................................... 33 Steve Christey Coley ................................................................................................................................ 34 Julie Chua, PMP, CISSP ............................................................................................................................ 35 Julie Connolly, CISSP ............................................................................................................................... 36 Joshua Corman ........................................................................................................................................ 37 6 Christian Dameff, MD.............................................................................................................................. 38 Reid W. D’Amico, Ph.D. ........................................................................................................................... 39 Erik Decker .............................................................................................................................................. 40 Phil Englert .............................................................................................................................................. 41 Anura Fernando, MSE ............................................................................................................................. 42 Christoph Fischer, Dipl.-Ing. .................................................................................................................... 43 Brian J. Fitzgerald ..................................................................................................................................
Load more

Recommended publications
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
    [Show full text]
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
    [Show full text]
  • Software Assurance
    Information Assurance State-of-the-Art Report Technology Analysis Center (IATAC) SOAR (SOAR) July 31, 2007 Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance Distribution Statement A E X C E E C L I L V E R N E Approved for public release; C S E I N N I IO DoD Data & Analysis Center for Software NF OR MAT distribution is unlimited. Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance State-of-the-Art Report (SOAR) July 31, 2007 IATAC Authors: Karen Mercedes Goertzel Theodore Winograd Holly Lynne McKinley Lyndon Oh Michael Colon DACS Authors: Thomas McGibbon Elaine Fedchak Robert Vienneau Coordinating Editor: Karen Mercedes Goertzel Copy Editors: Margo Goldman Linda Billard Carolyn Quinn Creative Directors: Christina P. McNemar K. Ahnie Jenkins Art Director, Cover, and Book Design: Don Rowe Production: Brad Whitford Illustrations: Dustin Hurt Brad Whitford About the Authors Karen Mercedes Goertzel Information Assurance Technology Analysis Center (IATAC) Karen Mercedes Goertzel is a subject matter expert in software security assurance and information assurance, particularly multilevel secure systems and cross-domain information sharing. She supports the Department of Homeland Security Software Assurance Program and the National Security Agency’s Center for Assured Software, and was lead technologist for 3 years on the Defense Information Systems Agency (DISA) Application Security Program. Ms. Goertzel is currently lead author of a report on the state-of-the-art in software security assurance, and has also led in the creation of state-of-the-art reports for the Department of Defense (DoD) on information assurance and computer network defense technologies and research.
    [Show full text]
  • Security Versus Security: Balancing Encryption, Privacy, and National Secuirty
    SECURITY VERSUS SECURITY: BALANCING ENCRYPTION, PRIVACY, AND NATIONAL SECUIRTY Jackson Stein (TC 660H or TC 359T) Plan II Honors Program The University of Texas at Austin 05/04/2017 __________________________________________ Robert Chesney Director of Robert Strauss Center Supervising Professor __________________________________________ Mark Sainsbury Department of Philosophy Second Reader ABSTRACT Author: Jackson Stein Title: Security vs. Security: Balancing Encryption, Data Privacy, and Security Supervising Professors: Robert Chesney, Mark Sainsbury This paper analyzes the current debate over encryption policy. Through careful evaluation of possible solutions to ‘going dark’ as well has weighting the costs and benefits of each solution, we found exceptional access to information more harmful than helpful. Today, there seems to be no singular leading answer to the going dark problem. Exceptional access to data and communications is a simple solution for a simple problem, however going dark is very complex, and requires a multifaceted and refined solutions. Widespread encryption forces those listening—whether it is the NSA, FBI, foreign governments, criminals or terrorist—to be much more targeted. As for the going dark metaphor, it seems as though we are not entirely “going dark”, and yet we are not completely bright either. There are dark and bright spots coming and going across the technological landscape battling in a perpetual technological arms race. The findings of this paper, ultimately determine there to be no policy that doesn’t come without some cost. That said, there are a number of ways in which law enforcement can track criminals and terrorist without weakening encryption, which we determine to be the best direction in any win lose situation.
    [Show full text]
  • Supreme Court of the United States
    No. 19-783 IN THE Supreme Court of the United States NATHAN VAN BUREN, Petitioner, v. UNITED STATES, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES CouRT OF APPEALS FOR THE ELEVENTH CIRcuIT BRIEF OF AMICI CURIAE COMPUTER SECURITY RESEARCHERS, ELECTRONIC FRONTIER FOUNDATION, CENTER FOR DEMOCRACY & TECHNOLOGY, BUGCROWD, RAPID7, SCYTHE, AND TENABLE IN SUPPORT OF PETITIONER ANDREW CROCKER Counsel of Record NAOMI GILENS ELECTRONic FRONTIER FOUNDATION 815 Eddy Street San Francisco, California 94109 (415) 436-9333 [email protected] Counsel for Amici Curiae 296514 A (800) 274-3321 • (800) 359-6859 i TABLE OF CONTENTS Page TABLE OF CONTENTS..........................i TABLE OF CITED AUTHORITIES ..............iii INTEREST OF AMICI CURIAE ..................1 SUMMARY OF ARGUMENT .....................4 ARGUMENT....................................5 I. The Work of the Computer Security Research Community Is Vital to the Public Interest...................................5 A. Computer Security Benefits from the Involvement of Independent Researchers ...........................5 B. Security Researchers Have Made Important Contributions to the Public Interest by Identifying Security Threats in Essential Infrastructure, Voting Systems, Medical Devices, Vehicle Software, and More ...................10 II. The Broad Interpretation of the CFAA Adopted by the Eleventh Circuit Chills Valuable Security Research. ................16 ii Table of Contents Page A. The Eleventh Circuit’s Interpretation of the CFAA Would Extend to Violations of Website Terms of Service and Other Written Restrictions on Computer Use. .................................16 B. Standard Computer Security Research Methods Can Violate Written Access Restrictions...........................18 C. The Broad Interpretation of the CFAA Discourages Researchers from Pursuing and Disclosing Security Flaws ...............................22 D. Voluntary Disclosure Guidelines and Industry-Sponsored Bug Bounty Programs A re Not Sufficient to Mitigate the Chill .
    [Show full text]
  • Forecasting the Future
    VIRTUAL EVEN T FORECASTING #predict2019 THE FUTURE Tuesday, December 18, 2018 10:00 AM ET - 4 PM E T AGENDA All sessions are scheduled in Eastern Standard Time (EST) 10:00 - 10:30am - Keynote by Micro Hering: Looking towards 2019 – will we have AIOps take over DevOps 10:30 - 11:00am - Keynote by Chenxi Wang: Cloud Transformation Drives Security Roadmap 11:00 - 11:30pm - Panel: Making DevOps More Ops-friendly 11:30 - 12:00pm - How to Manage Open Source 11:30 - 12:00pm - Panel: The Business Risk within the DevOps Delivery Model Value of Value Stream Mapping 12:00 - 12:30pm - Panel: Ubiquitous Open 12:00 - 12:30pm - The Future of DevOps; Source Makes for Security Challenges Predictions from NS1 12:30 - 1:00pm - Charting the Course to AIOps 12:30 - 1:00pm - Seeing DevOps 2020 1:00 - 1:30pm - Visit the Exhibitors 1:30 - 2:00pm - Panel: Cloud Security in 2019 2:00 - 2:30pm - Panel: Continuous 2:00 - 2:30pm - Accelerate software delivery: Testing Equals Quality How to make 2019 your cloud-native year 2:30 - 3:00pm - Keynote by Rich Mogull: DevSecOps Predicts 2019 3:00 - 3:30pm - Keynote by John Willis 10am - 10:30am Keynote: Looking towards 2019 – will we have AIOps take over DevOps - Mirco Hering, Principal Director – APAC DevOps and Agile, Accenture 2018 has seen a huge uptake in DevOps across Enterprises. There were lots of good news but we also learned new failure patterns. In this keynote Mirco will look back at 2018 and what he learned over the year and then look to 2019 and what the new year will bring for DevOps.
    [Show full text]
  • The Hacker's Aegis
    Emory Law Journal Volume 60 Issue 5 2010 The Hacker's Aegis Derek E. Bambauer Oliver Day Follow this and additional works at: https://scholarlycommons.law.emory.edu/elj Recommended Citation Derek E. Bambauer & Oliver Day, The Hacker's Aegis, 60 Emory L. J. 1051 (2010). Available at: https://scholarlycommons.law.emory.edu/elj/vol60/iss5/1 This Article is brought to you for free and open access by the Journals at Emory Law Scholarly Commons. It has been accepted for inclusion in Emory Law Journal by an authorized editor of Emory Law Scholarly Commons. For more information, please contact [email protected]. BAMBAUER&DAY GALLEYSFINAL 6/6/2011 10:27 AM THE HACKER’S AEGIS Derek E. Bambauer* ∗∗ Oliver Day ABSTRACT Intellectual property (IP) law stifles critical research on software security vulnerabilities, placing computer users at risk. Researchers who discover flaws often face IP-based legal threats if they reveal findings to anyone other than the software vendor. This Article argues that the interplay between law and vulnerability data challenges existing scholarship on how intellectual property law should regulate information about improvements on protected works, and suggests weakening, not enhancing, IP protections where infringement is difficult to detect, lucrative, and creates significant negative externalities. It proposes a set of three reforms—“patches,” in software terms—to protect security research. Legal reform would create immunity from civil IP liability for researchers who follow “responsible disclosure” rules. Linguistic reform would seek to make the term hacker less threatening either by recapturing the term’s original meaning, or abandoning it.
    [Show full text]
  • Software Vulnerabilities
    Software Vulnerabilities: Full-, Responsible-, and Non-Disclosure Andrew Cencini, Kevin Yu, Tony Chan {cencini, tigeru, tonychan} @ u.washington.edu December 7, 2005 Table of Contents ABSTRACT ....................................................................................................................................................1 1. INTRODUCTION ........................................................................................................................................1 1.1 Structure..............................................................................................................................................2 1.2 Motivations .........................................................................................................................................3 1.3 Terminology........................................................................................................................................4 1.4 Timelines.............................................................................................................................................5 2. LOSSES DUE TO EXPLOITATION .............................................................................................................7 3. TYPES OF VULNERABILITY DISCLOSURE...............................................................................................9 3.1 Non-Disclosure ...................................................................................................................................9 3.2 Full Disclosure
    [Show full text]
  • Hacker, Hoaxer, Whistleblower, Spy: the Story of Anonymous
    hacker, hoaxer, whistleblower, spy hacker, hoaxer, whistleblower, spy the many faces of anonymous Gabriella Coleman London • New York First published by Verso 2014 © Gabriella Coleman 2014 The partial or total reproduction of this publication, in electronic form or otherwise, is consented to for noncommercial purposes, provided that the original copyright notice and this notice are included and the publisher and the source are clearly acknowledged. Any reproduction or use of all or a portion of this publication in exchange for financial consideration of any kind is prohibited without permission in writing from the publisher. The moral rights of the author have been asserted 1 3 5 7 9 10 8 6 4 2 Verso UK: 6 Meard Street, London W1F 0EG US: 20 Jay Street, Suite 1010, Brooklyn, NY 11201 www.versobooks.com Verso is the imprint of New Left Books ISBN-13: 978-1-78168-583-9 eISBN-13: 978-1-78168-584-6 (US) eISBN-13: 978-1-78168-689-8 (UK) British Library Cataloguing in Publication Data A catalogue record for this book is available from the British library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the library of congress Typeset in Sabon by MJ & N Gavan, Truro, Cornwall Printed in the US by Maple Press Printed and bound in the UK by CPI Group Ltd, Croydon, CR0 4YY I dedicate this book to the legions behind Anonymous— those who have donned the mask in the past, those who still dare to take a stand today, and those who will surely rise again in the future.
    [Show full text]
  • April 2007 Volume 32 Number 2
    APRIL 2007 VOLUME 32 NUMBER 2 THE USENIX MAGAZINE OPINION Musings RIK FARROW SYSADMIN Autonomic Computing: Freedom or Threat? GLENN FINK AND DEB FRINCKE The Secret Lives of Computers Exposed CHAD VERBOWSKI Lessions Learned from Living with LDAP BRENDAN QUINN Introducing System Engineering to the System Admin JOHN LLOYD Promises, Promises: An Interview with Mark Burgess RIK FARROW Spam and Blogs. Part 1: Spam: A Balancing Act DANIEL L. APPELMAN All Quiet on the Western Front: A Discussion on the Necessity of Good Reporting THOMAS SLUYTER COLUMNS Practical Perl Tools: These Inodes Were Made for Walkin’ DAVID BLANK-EDELMAN VoIP in an Internet Service Provider Network ROBERT HASKINS Asterisk Appliance HEISON CHAK /dev/random ROBERT G. FERRELL BOOK REVIEWS Book Reviews ELIZABETH ZWICKY ET AL. STANDARDS Why Standardize? NICHOLAS M. STOUGHTON USENIX NOTES SAGE Update JANE-ELLEN LONG AND ALVA COUCH CONFERENCES LISA '06: 20th Large Installation System Administration Conference The Advanced Computing Systems Association Upcoming Events 11 TH WORKSHOP ON HOT TOPICS IN OPERATING 3RD WORKSHOP ON STEPS TO REDUCING SYSTEMS (H OT OS XI) UNWANTED TRAFFIC ON THE INTERNET Sponsored by USENIX in cooperation with the IEEE Technical Co-located with the 2007 USENIX Annual Technical Conference Committee on Operating Systems (TCOS) JUNE 18, 2007, SANTA CLARA , CA , USA MAY 7–9, 2007, SAN DIEGO , CA, USA http://www.usenix.org/sruti07 http://www.usenix.org/hotos07 Paper submissions due: April 17, 2007 5TH ACM/USENIX I NTERNATIONAL CONFERENCE INAUGURAL INTERNATIONAL
    [Show full text]
  • Gary E. Mcgraw, Jr
    Gary E. McGraw, Jr. Synopsys 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 (703) 404-9293 e-mail: [email protected] http://garymcgraw.com EMPLOYMENT HISTORY Winter 2016–present Synopsys, Software Integrity Group, Mountain View, CA Winter 2016–present Vice President Security Technology Fall 1995–Winter 2016 Cigital, Inc., Dulles, VA Summer 2001–Winter 2016 Chief Technology Officer Summer 1998–Summer 2001 Vice President, Corporate Technology Fall 1995–1998 Research Scientist / Senior Research Scientist Summer 1996–Winter 1999 Krasnow Institute Associate Krasnow Institute for Advanced Study, George Mason University, Fairfax, VA Summer 1990–Fall 1995 Researcher Center for ResearcH on Concepts and Cognition, Indiana University, Bloomington, IN Fall 1993–Fall 1994 Researcher Istituto per la Ricerca Scientifica e TecHnologica, Trento, Italia Fall term 1994 and Spring term 1993 Visiting Assistant Professor of Computing Science EarlHam College, RicHmond, IN Course: Programming Languages Fall 1988–Spring 1990 Associate Instructor Computer Science Department, Indiana University, Bloomington, IN TaugHt courses in ScHeme, Pascal, and Assembly Language 1985–1989 President M2 Computing, Inc., Kingsport, TN EDUCATION 1995 Ph.D., Computer Science and Cognitive Science Indiana University, Bloomington, IN Dissertation: Letter Spirit: Emergent HigH-Level Perception of Letters Using Fluid Concepts Advisor: Douglas R. Hofstadter 1990 M.S., Computer Science Indiana University, Bloomington, IN 1988 B.A., PHilosopHy (Minor: MatHematics and Scientific Computing) University of Virginia, Charlottesville, VA 1 BOARD MEMBERSHIPS CURRENT Ntrepid, Herndon, VA. Technical Advisory Board, CHairman, 2016—. Max Financial Corporation, New York, NY. TecHnical Advisory Board, 2013—. Raven White, Palo Alto, CA. Advisory Board, 2006—. School of Informatics Dean’s Advisory Council, Indiana University, Bloomington, IN, 2005—.
    [Show full text]
  • Finding the Best Tester for the Job Testing the Tester - a Short Story About Practical Recruiting Methods for Testers - See Page 22 the Mobile Environment
    October 2011 | www.thetestingplanet.com | No: 6 £5 Finding the best tester for the job Testing the tester - a short story about practical recruiting methods for testers - see page 22 The mobile environment By Karen N. Johnson When we’re testing a mobile application, most of our focus is centered directly on testing the application. But there are other considerations surround- ing our applications to consider such as the installation of the application, on-going phone and application upgrades, as well as how our application interacts with other variables in the mobile environment. There are still more variables includ- ing firmware upgrades, memory Changes that are out of this world - what does the future hold for the profession of testing? card space issues and device permissions and settings. If you’ve been in software testing for a long time, these ideas (install, upgrade and interaction The future of software testing testing) seem familiar, even a bit like déjà vu. How would something new such as mobile Part one - Testing in production seem old and familiar? Back in the days of By Seth Eliot ness and productivity. almost certainly be wrong. What we client server application testing, • Software development organisa- can do is look at trends in current we had to think about installa- Hey, want to know the future? OK, tions will dramatically change changes - whether nascent or well on tion testing. In the past decade, here it is: the way they test software and their way to being established practice we’ve been primarily focused how they organise to assure soft- - and make some educated guesses.
    [Show full text]