[RISKS] Risks Digest 25.04

From: RISKS List Owner (risko@private)
Date: Sat Feb 02 2008 - 17:11:22 PST


RISKS-LIST: Risks-Forum Digest  Saturday 2 February 2008  Volume 25 : Issue 04

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/25.04.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Transplant patient has NEW kidney removed after NHS computer blunder
  (Richard I. Cook)
Tachometer error caused 2005 runway overrun (Mark Brader)
Mideast submarine cable disruptions (David Lesher)
Empire State Building car e-interference mystery (David Chessler)
Technology Review: Stopping cars with microwaves (David Chessler)
Manufacturer Blames Bankruptcy on Failed ERP Implementation (Ken Dunham)
2008 meltdown margin player blames s/w for failure to complete trades
  (George Michaelson)
Fifth Amendment: Passphrase cannot be forced (David Lesher)
British software pirate sells GBP 12K package at 1/1000 (Peter Mellor)
DTV vs USPS (Peter Zilahy Ingerman)
Voting Machine Usability Testing (Ken Dunham)
Impersonating armored car personnel (Craig Partridge)
Another public data loss in the UK (Robert Klemme)
Automated calling system glitch locks down school (Steve Eddins)
Re: Air Canada A319 upset (Peter Ladkin)
Re: Coffee Grounds Qantas (Preston de Guise)
Re: Metal structure beneath runway ... (Neil Youngman)
Hoist by one's own petard: data security: UK Child Benefits (Adrian Cherry)
REVIEW: "Software Testing Practice: Test Management", Spillner et al.
  (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 24 Jan 2008 16:01:32 -0600
From: "Richard I. Cook" <ri-cook@private>
Subject: Transplant patient has NEW kidney removed after NHS computer blunder

http://www.mailonsunday.co.uk/pages/live/articles/news/news.html?in_article_id=509289&in_page_id=1770

------------------------------

Date: Wed, 30 Jan 2008 22:36:27 -0500 (EST)
From: msb@private (Mark Brader)
Subject: Tachometer error caused 2005 runway overrun

On May 18, 2005, a Jordanian Airbus A320 completed a flight (on behalf of a
Spanish charter airline) from Fuerteventura, Spain, to Leeds Bradford
Airport in England.  After landing, it decelerated normally as far as a
speed of 73 knots, but then the brakes on both sides failed almost
completely.  With runway running out and reverse thrust insufficient to
stop, the pilot steered off the runway.  At 22 knots the brakes reengaged,
and the plane stopped safely without injuries.

The accident is covered by Report 6/2007 of the UK AAIB, which is available
in PDF in sections under this page:
http://www.aaib.gov.uk/sites/aaib/publications/formal_reports/6_2007_jy_jar/jy_jar_report_sections.cfm?view=print

They say the failure was the result of "excessive wheel tachometer signal
noise, caused by a bent tachometer driveshaft on each main landing gear
assembly" combined with "inadequate fault tolerance within the brake control
system".  The tachometer is involved because that's how the Brake and
Steering Control Unit (BCSU) tells whether the plane is skidding.  But the
tire and driveshaft could resonate at about the same frequency, causing the
tachometer to produce electrical noise that in turn would cause the BCSU to
malfunction and release the brakes to prevent a skid that was not happening.

The solution was to replace the driveshaft with a stronger one (solid
instead of hollow), which would also have a different resonant frequency.

Mark Brader, Toronto, msb@private

[Another item from me about something that happened in England in 2005!  I
 just happened across this report while checking the AAIB site on the
 off-chance that there was news about the recent Heathrow incident.]

------------------------------

Date: Fri, 1 Feb 2008 02:12:16 -0500 (EST)
From: "David Lesher" <wb8foz@private>
Subject: Mideast submarine cable disruptions

In what appears to separate incidents, two major submarine FO cables (FLAG
Telecom and SEA-ME-WE 4) have been cut in the Middle East.

Dubai, Egypt, Saudi Arabia, Qatar, the United Arab Emirates, Kuwait,
Bahrain, Pakistan, and India are all suffering badly. There's been much
rerouting to trans-Pacific circuits.

The RISKs? Well first, in an amazing short period of time [TAT-1, the
{copper} first transatlantic telephone cable was put into service in 1956;
TAT-8, the first fiber cable was in 1988.] our civilization/economy has
become highly dependent on photons & refined beach sand.

Second RISK: While cables are relatively safe in deep water, to be useful
they must come ashore somewhere; and shallow water is where they are
vulnerable. And ships also like those same shallows.

Cables are only REALLY redundant if they have nothing in common, and for
reasons of geography, politics and history, they flock together in those
same shallow port waters.

Alexander Harrowell made a sage comment on the NANOG list.
	
  [Landing spots..] have historically been in the same strategic
  locations. Suez, Singapore, Cape Town; it's the strategic map of the
  British Empire. "Five strategic keys lock up the world", as Lord
  Fisher said. (Dover, Gibraltar, Singapore, Cape Town, and Suez).

I'm further reminded of Dan Charles' report on Relay, Maryland:
<http://www.npr.org/templates/story/story.php?storyId=1030846> where he
discussed how wagon trains, telegraph, railroads, and now fiber... all Go
West via the same route.

[See also a CNN report.  PGN]
http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html?eref=rss_=topstories

------------------------------

Date: Tue, 29 Jan 2008 20:12:25 -0500
From: David Chessler <chessler@private>
Subject: Empire State Building car e-interference mystery (*NY Daily News*)

In addition to some of the reported incidents, there were several incidents
in the Washington area some years ago in which digital PBXs interfered with
air traffic control at National Airport (as it was then called).

http://www.nydailynews.com/news/2008/01/27/2008-01-27_empire_state_building_car_zap_mystery.html
http://www.nydailynews.com/img/2008/01/27/alg_empire-state.jpg
Several cars a day get bizarrely stranded in a five-block 'Bermuda Triangle'
near the Empire State Building.
http://www.nydailynews.com/img/2008/01/27/amd_valeev.jpg

In the shadow of the Empire State Building lies an "automotive Bermuda
Triangle" - a five-block radius where vehicles mysteriously die.  No one is
sure what's causing it, but all roads appear to lead to the looming giant in
our midst - specifically, its Art Deco mast and 203-foot-long, antenna-laden
spire.  "We get about 10 to 15 cars stuck near there every day," said Isaac
Leviev, manager of Citywide Towing, the AAA's exclusive roadside assistance
provider from 42nd St. to the Battery. "You pull the car four or five blocks
to the west or east and the car starts right up."

"The lights work, the horn works, everything. But it won't start," Russell
Valeev, a driver for Golden Touch Transportation said one recent evening as
he sat in his 2005 Ford van with the hood propped open on E. 35th St.,
between Lexington and Park Aves. "It's my job. No money."

The 102-story building, at Fifth Ave. between 33rd and 34th Sts., has been
home to broadcast equipment since its opening in 1931, when RCA installed an
experimental TV antenna.  Since the 9/11 attacks destroyed the twin towers,
the building has regained its status as the leading transmission site for
commercial broadcast outfits, with 13 TV and 19 FM stations mounting
antennas on its spire.

The FCC said it has not received any complaints regarding interference
affecting autos in midtown, and Empire State Building officials don't
believe the claims.  Yet some phantom transmission appears to cause the
remote keyless entry systems of scores of car owners to go haywire and stop
talking to their vehicles.  [Source: Richard Weir, Empire State Building car
zap mystery, *NY Daily News*, 29 Jan 2008; PGN-ed]

[The NY Daily News blog is replete with cases reported by affected drivers.
You can add yours to the blog or report it to rweir@private  But by
now it's familiar territory and no longer News.  PGN]

------------------------------

Date: Fri, 01 Feb 2008 18:11:31 -0500
From: David Chessler <chessler@private>
Subject: Technology Review: Stopping cars with microwaves

Zapping the bad guys: Attached to the roof of this police car is a 200-pound
electromagnetic system that can quickly bring an opposing vehicle to a
stop. The system is six- to eight-feet long (antennae included) and almost
three-feet wide.  It works by sending out pulses of microwave radiation that
disable the microprocessors that control the central engine functions of a
car.  Credit: Eureka Aerospace
http://www.technologyreview.com/files/13634/policecar_x220.jpg

Researchers at Eureka Aerospace are turning a fictional concept from the
movie *2 Fast 2 Furious* into reality: they're creating an electromagnetic
system that can quickly bring a vehicle to a stop.  The system, which can be
attached to an automobile or aircraft carrier, sends out pulses of microwave
radiation to disable the microprocessors that control the central engine
functions in a car.  Such a device could be used by law enforcement to stop
fleeing and noncooperative vehicles at security checkpoints, or as perimeter
protection for military bases, communication centers, and oil platforms in
the open seas. [Source: Brittany Sauser, Stopping Cars with Radiation: A
beam of microwave energy could stop vehicles in their tracks, MIT
*Technology Review*, 13 Nov 2007]
http://www.technologyreview.com/printer_friendly_article.aspx?id=19699

------------------------------

Date: Wed, 30 Jan 2008 08:39:13 -0500
From: "Ken Dunham" <kdunham@private>
Subject: Manufacturer Blames Bankruptcy on Failed ERP Implementation

American LaFrance (ALF), a US manufacturer of fire trucks, has blamed a
failed ERP implementation for its filing for bankruptcy this week.  Coupled
with ``inventory not properly declared as obsolete'', ALF incurred $100
million in unanticipated costs, lengthy production delays, and problems
servicing customers' existing trucks.

http://www.americanlafrance.com/interior.asp?n=22

A significant consequence to ALF's operational problems is fire departments
across North America are apparently experiencing significant delays in
obtaining spare parts and service for their front-line fire trucks, and new
orders (most of which will be replacements for aging apparatus) are being
delayed by months. This will undoubtedly result in apparatus (and possibly
the associated companies of firefighters) being placed out of service more
than usual, and/or use of older, less reliable reserve apparatus (which
typically don't meet current safety standards).

Although problems with ERP implementations have caused a number of high
profile business disruptions in recent years (eg Hersheys, HP) this is the
first I've heard of a company blaming their bankruptcy on ERP. The RISKS
involved in such large-scale IT projects are well known (especially to
readers here), but unfortunately still occur all too often.

[For the benefit of readers who aren't accountants or lawyers, Chapter 11 is
a US bankruptcy provision that allows a company to voluntarily declare
bankruptcy, prepare a financial reorganization plan under the supervision of
the bankruptcy court, and (hopefully) ultimately be discharged from
bankruptcy as a viable concern.]

------------------------------

Date: Fri, 1 Feb 2008 09:42:20 +1000
From: George Michaelson <ggm@private>
Subject: 2008 meltdown margin player blames s/w for failure to complete trades

Tricom, a margin lending specialist in Australia was unable to complete its
trades, and finalize settlements. the ASX had to declare a hold on its
activities and close off the market without it.  Everything was resolved by
the next business day.

Tricom stated (according to the Australian Newspaper) that it was net
positive, but s/w let it down and it couldn't complete the volume of
processing required due to a new s/w system.
  http://www.australianit.news.com.au/story/0,24897,23142583-15306,00.html
suggests that the story is not that simple, the system was accepted under
the 3 day burn-in test the ASX require, and that it will not form the main
focus of any investigation.

I think we'll see quite a lot of software/computer-systems blame over
triggers to sell, but this appears to be about scaling functions to close
off, rather than automatic bet-the-market outcomes.

Interesting to think about what are the possible scaling functions in these
kinds of systems. The average-to-peak difference could be immense, if you
spread a range of people making smallish buys (by volume of event) spread
over a long time, but then have a synchronization event which forces
everyone to trigger SELL at the same time. It could be several decimal
orders of magnitude variation in the transaction volumes, which makes
capacity planning and even some data structure design quite important
methinks...

------------------------------

Date: Tue, 18 Dec 2007 23:21:45 -0500 (EST)
From: "David Lesher" <wb8foz@private>
Subject: Fifth Amendment: Passphrase cannot be forced

U.S. Magistrate Judge Jerome Niedermeier ruled that a man accused of
transporting child pornography has a Fifth Amendment right to keep his
password in his head, not give it to prosecutors.

In other words, the Fifth Amendment protects the right to keep passwords.

<http://www.volokh.com/files/Boucher.pdf>

------------------------------

Date: Wed, 16 Jan 2008 07:56:53 EST
From: MellorPeter@private
Subject: British software pirate sells GBP 12K package at 1/1000

Michael Walton broke an encryption code in the AceCad software (a 3D
modeling program for use in the construction of steel structures) which
allowed him to make copies of it. He sold the copies for GBP 12 on eBay.
The company has said that an AceCad licence costs between GBP 12,000 and
20,000.  Walton, who reportedly had 80 identities on eBay, pleaded guilty to
copyright infringement and will be sentenced in February.  The maximum term
to which he might be sentenced is 10 years.

Precisely why he sold the package for less than 0.1% of its commercial value
is not clear.  The strength of the vendor's encryption has been questioned
by some commentators.  [Maybe he missed the K?  PGN]

http://www.channelregister.co.uk/2008/01/15/uk_software_pirate_ebay/

Peter Mellor  Tel/Fax: +44 (0)20 8459 7669

------------------------------

Date: Fri, 25 Jan 2008 17:30:21 -0500
From: Peter Zilahy Ingerman <pzi@private>
Subject: DTV vs USPS

The organization that has been set up to distribute set-top converter boxes
(http://ww.dtv2009.gov) uses a database that was purchased from the US
Postal Service in order to determine whether the applicant address is a
business or a residence.  My address was erroneously classified as a
business. The USPS has corrected the error in their data base, but the
set-top people don't seem to understand that there can be errors in their
database because it isn't current.

------------------------------

Date: Fri, 1 Feb 2008 12:34:09 -0500
From: "Ken Dunham" <kdunham@private>
Subject: Voting Machine Usability Testing

*Technology Review* published results from usability (as opposed to
security) reviews of voting machines, which find significant error rates due
to user confusion.
  http://www.technologyreview.com/Infotech/20122/?nlid=850

Ben Bederson <http://www.cs.umd.edu/~bederson/>, an associate professor
at the Human-Computer Interaction Lab at the University of Maryland, was
part of a team that conducted a five-year study
<http://www.brookings.edu/press/Books/2007/votingtechnology.aspx> on
voting-machine technology. Bederson says that machines should be evaluated
for qualities beyond security, including usability, reliability,
accessibility, and ease of maintenance.  Bederson has designed a prototype
of a user-friendly voting machine.

Whether electronic voting machines are under scrutiny for usability or
security, many experts say that their design flaws call for reevaluation of
the devices. Tadayoshi Kohno <http://www.cs.washington.edu/homes/yoshi/>, an
assistant professor of computer science at the University of Washington, who
has studied the security of several electronic systems, says, "My feeling of
the electronic-voting community is that we started walking down a dark
alley, and we know that it's very dangerous. We know that at the end of the
valley is a safe place. As a philosophical question, I have to ask, should
we continue going down this dark alley, or should we step back and figure
out some other way we want to go to safety?"

------------------------------

Date: Thu, 17 Jan 2008 17:22:25 -0500
From: Craig Partridge <craig@private>
Subject: Impersonating armored car personnel

This seems to have suddenly become a popular (and sometimes successful) way
to try to steal money.  Someone impersonating a Brinks carrier got away with
over $100K in the DC area and it took some time for the bank to even
realized it had been robbed.
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/10/AR2008011004339.html

Another person wearing a uniform got into an apparently restricted area at a
Brinks facility in Philadelphia and got his hands on $640K but was caught
trying to get out.
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/01/17/national/a121606S03.DTL&tsp=1

The stories don't have enough detail to understand fully how security was
breached but it sounds, from both articles, as if a uniform alone suffices
to identify someone.  No ID checks?

------------------------------

Date: Sat, 19 Jan 2008 17:49:22 +0100
From: Robert Klemme <r.klemme@private>
Subject: Another public data loss in the UK

It happened again: a UK government institution lost quite a few data records
of citizens.  I won't bother to list the risks of leaving a laptop with
unprotected data in a car; but again the major risk here is having people
work with sensitive material who are either careless, uneducated or unaware
of the sensitiveness of the data.

http://www.timesonline.co.uk/tol/news/politics/article3213274.ece

------------------------------

Date: Thu, 31 Jan 2008 09:23:28 -0500
From: "Steve Eddins" <Steve.Eddins@private>
Subject: Automated calling system glitch locks down school

More than 2,000 people in Medford (Mass.) were called with an automated
message: Their children were not in class.  So many parents started arriving
at Brooks Elementary School to check on their children that officials put
the place in lockdown.  Superintendent Roy E. Belson said a telephone glitch
occurred shortly after the district's automated calling system went through
its update.  Someone forgot to log out of the database before trying to send
a message sometime before noon to the few parents whose children had been
marked absent.  [...]  [One of the planned steps for preventing a recurrence
is] posting a sign next to the phone system warning users to 'make sure you
shut down the database before you go to message' mode." [Source: *The Boston
Globe*, 31 Jan 2008]
http://www.boston.com/news/local/articles/2008/01/31/phone_glitch_hangs_up_schools/

------------------------------

Date: Tue, 15 Jan 2008 07:54:26 +0100
From: Peter Ladkin <ladkin@private>
Subject: Re: Air Canada A319 upset (Ant, RISKS-25.02)

"Computer malfunction" and "flying manually" on an A319.  What rot.  Yes, I
understand it is what the pilot said (or so it says on a note on an aviation
forum cross-posted from another forum and supposedly written by a B757 first
officer that was on the flight), but he has to say something to all the
people in the back.

Here is a link to the incident report in the Transport Canada Civil Aviation
Daily Occurrence Reporting System:
  http://www.pprune.org/forums/showpost.php?p=3828916&postcount=42

They do not know if it was turbulence-related, system-related or both.

When there is an upset, the A320-series aircraft have a set of so-called
"Abnormal attitude laws". You can check out the FCOM description of these
and other flight control laws in section 1.27.30 at
  http://www.smartcockpit.com/pdf/plane/airbus/A320/systems/0010/
or if you don't have time, a very brief comment at
  http://www.pprune.org/forums/showpost.php?p=3832144&postcount=60
or a little more time for a "Noddy's Guide to Airbus Flight Control Laws" at
  http://www.pprune.org/forums/showpost.php?p=3832616&postcount=64

I should warn that the "postcount" number on the links above may change as
the forum is edited, which will send them to notes other than the ones I
intend to reference, in which case one can simply search through the notes
on the thread at http://www.pprune.org/forums/showthread.php?t=307936 to
recover the referenced posts.

Peter B. Ladkin  Causalis Limited and University of Bielefeld, Germany
www.causalis.com  www.rvs.uni-bielefeld.de

------------------------------

Date: Wed, 16 Jan 2008 11:19:21 +1100
From: Preston de Guise <pdeguise@private>
Subject: Re: Coffee Grounds Qantas (RISKS-25.02)

Continuing from the story regarding a leaking coffee area causing a power
outage on a Qantas jet last week, Australia's Sydney Morning Herald reported
today that a former Qantas engineer has been charged with forging a
maintenance engineer's license and maintaining jets without a license.

SMH reports that one of the aircraft he was alleged to have performed
unlicensed maintenance on was VH-OJM, the Boeing 747-438 that suffered a
power loss and made an emergency landing in Bangkok.

The risks of insufficient background checking for such high profile jobs
(i.e., of the variety of "if this is done wrong, people can die") is
obvious. One hopes Qantas revisits confirmation of correct credentials for
all its engineering staff in light of this mishap.

The SMH story can be found at:
http://www.smh.com.au/news/news/qantas-engineer-charged-with-forgery/2008/01/15/1200419845101.html

Preston de Guise <pdeguise@private> +61 414 978 190 http://www.anywebdb.com

------------------------------

Date: Wed, 30 Jan 2008 13:13:23 +0000
From: Neil Youngman <Neil.Youngman@private>
Subject: Re: Metal structure beneath runway ... (Rees, RISKS-25.03)

While this may be true, the original story (Dixon, RISKS-25.02) was about
magnetic interference at London City Airport, not London Heathrow.

For those not familiar with London, there are a number of "London" airports.
London City is very central and caters for short haul, mainly business
traffic.  London Heathrow is the main international hub and is situated on
the Western fringes of Greater London, well away from the centre.

The other London airports (Gatwick, Luton, Stansted) are tens of miles outside
the greater London area.

  [Mistaken airport identification in Rees's item also noted by Mark Brader.
  PGN]

------------------------------

Date: Tue, 15 Jan 2008 09:42:45 -0000
From: "Adrian Cherry, UK" <Adrian.Cherry@private>
Subject: Hoist by one's own petard: data security: UK Child Benefits (R-24.92)

Following up from "Whole of UK Child Benefit records on CD lost in the post"
http://catless.ncl.ac.uk/Risks/24.92.html#subj3

>Regarding the possibilities of fraud:
>
>The data includes: National insurance (NI) number Name, address and birth
>date Partner's details Names, sex and age of children Bank/savings account
>details ... quite useful for an identity fraudster, particularly the NI
>number.  There is plenty of scope here for a fraudster to redirect payments.

I'm surprised that no mention has been made of one Jeremy Clarkson, an
infamous celebrity motoring journalist. When the story broke about the loss
of the Child Benefit Records on CD he rather rashly claimed that it was a
storm in a tea cup, just a bit of scaremongering. To prove his point he
published personal details and claimed there was nothing to fear. He is now
500 pounds poorer and a little wiser.

http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/01/07/nclarkson107.xml
http://www.guardian.co.uk/money/2008/jan/07/personalfinancenews.scamsandfraud

At the time he wrote: "I have never known such a palaver about nothing. The
fact is we happily hand over cheques to all sorts of unsavoury people all
day long without a moment's thought. We have nothing to fear."

However, yesterday he told readers he had opened his bank statement to find
a direct debit had been set up in his name and £500 taken out of his
account.

"The bank cannot find out who did this because of the Data Protection Act
and they cannot stop it from happening again," he said. "I was wrong and I
have been punished for my mistake."

He added: "Contrary to what I said at the time, we must go after the idiots
who lost the discs and stick cocktail sticks in their eyes until they beg
for mercy."

------------------------------

Date: Thu, 24 Jan 2008 09:47:00 -0800
From: Rob Slade <rmslade@private>
Subject: REVIEW: "Software Testing Practice: Test Management", Spillner et al.

BKSTPTMN.RVW   20071110

"Software Testing Practice: Test Management", Andreas Spillner et al,
2007, 978-1-933952-13-0, U$44.95
%A   Andreas Spillner spillner@private-bremen.de
%A   Thomas Rossner thomas.rossner@private
%A   Mario Winter winter@private-koeln.de
%A   Tilo Linz tilo.linz@private
%C   26 West Mission St, Suite 3, Santa Barbara, CA   93101-2432
%D   2007
%G   978-1-933952-13-0 1-933952-13-X
%I   Rocky Nook Inc.
%O   U$44.95 805-687-8727 fax 805-687-2204 joan@private
%O  http://www.amazon.com/exec/obidos/ASIN/193395213X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/193395213X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/193395213X/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   321 p.
%T   "Software Testing Practice: Test Management"

This book is intended to assist candidates who are writing the exam for the
International Software Testing Qualifications Board (ISTQB) Certified
Tester.

Chapter one stresses the importance of software and software quality, and
explains that the text is based on the ISTQB Certified Tester second
("Advanced") level, specifically the Test Manager module (excluding the
topic of reviews).  This chapter also presents an overview of the first
("Foundation") level as background.  The tools and processes used to
structure testing are outlined in chapter two.  Testing is examined, in
chapter three, in relation to the software life cycle.  Problems with
different development models are analyzed, but it is interesting that the
complexity of the models is not covered as a risk factor.  Criteria for a
testing policy are discussed in chapter four.  Chapter five mandates a
formal test plan.  The blueprint will be helpful for those who do not have a
structure in place, but appears overly committed to items that are not
inherently necessary for all trials.  Controls to ensure and follow the
progress of testing are detailed in chapter six.  Chapter seven explains
some of the common quality and process improvement models, and their
implications for testing.  Testing is used to detect faults or deviations in
software, and chapter eight looks at the classification and handling of such
issues.  Chapter nine examines risk analysis with respect to software
testing.  The material follows most standard principles for risk management,
and so is not wrong in any specifics, but the text fails to present helpful
means for using this technique to best advantage.  Various important skills
that should be contained within the test team are listed in chapter ten.
Test metrics are discussed, in chapter eleven, in an academic manner that is
very similar to the style of chapter nine.  In the same way, by attempting
to apply a single process of evaluation to all test management software
tools, the authors restrict the utility of chapter twelve.  Chapter thirteen
lists standards bodies, as well as some of the guidelines that relate to
software development and evaluation.

The book reflects the certification, and one cannot fault it for that.
However, if the authors had been willing to move beyond the overall coverage
of principles, they might have produced a more useful work.

copyright Robert M. Slade, 2007   BKSTPTMN.RVW   20071110
rslade@private     slade@private     rslade@private
http://victoria.tc.ca/techrev/rms.htm

------------------------------

Date: 17 Oct 2007 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request@private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe@private or risks-unsubscribe@private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 25.04
************************



This archive was generated by hypermail 2.1.3 : Sat Feb 02 2008 - 17:40:39 PST