Joining the fray on ISO 29119

For those of you who weren’t aware yet: something happened at CAST 2014 regarding the ISO/IEC/IEEE 29119 Software Testing. For instance, first this happened, which resulted in this and this and a whole bunch of other initiatives.

And then someone on twitter (forgot who, apologies) suggested watching Stuard Reid’s Eurostar webinar “ISO 29119 – the new set of international standards on software testing” which can be found here. Since I liked to learn more about the standard, but not enough to pay almost 500€ to NEN (Dutch standards organisation) for parts 1 to 3, I began watching the webinar. And truth be told, I didn’t watch all of it. Some parts were boring, some parts sounded quite reasonable and some parts I..euh..skipped. And that’s ok because all I want to discuss is this one particular quote that begins at 33:25:

Imagine you’re responsible for the testing of an important application. It could even be business-critical or safety-critical and something goes noticeably wrong with the application in use. Even if really good testing could have missed the bug, how easy will you find it to explain to the business that your testing missed the bug and no, your test processes do not comply with the international testing standards, but they are the ones we have used for years and no, you don’t have them fully documented and justified?
So, can you afford no to use them?”

- ‘ISO 29119 - the new set of international standards on software testing’ with Stuart Reid

First of all, that’s a false dilemma. What if we have a non-compliant yet fully documented and justified, regularly reviewed and updated test process? Or what if you are perfectly capable to explain to the business the test approach you used, based on its own merits? Or what if representatives from the business were actually closely involved during the testing and you don’t have much to explain, because they were there with you all the way?

But ok, let’s ignore that piece of false reasoning and look at what Stuart Reid is saying here: I value compliancy and documentation over craftsmanship1 and communication. Why take personal responsibility for what you do, if you can take cover behind a standard? Why engage in an actual conversation with the business about what you tested and how, when you can just send them a document describing your standards compliant test process document? No, the reason you will want to adopt this standard is to do some professional CYA manoeuvring.

I can imagine some of you think I’m overreacting in that last paragraph. Taking the quote out of context, reading too much into it, et cetera. Fine, I can accept that, but in that case there’s one thing I’d like to ask. Please read the quote again and tell me this: does it or doesn’t it say that fear is a perfectly fine motivation to adopt the ISO29119 standard? And now just let that sink in for a while…

So for me it’s simple: any standard that uses this kind of reasoning to get me to adopt it, I’m more than happy to oppose. It’s pushing exactly the kind of testing I do not want to do.


This post was originally published here.


  1. I know I shouldn’t use that word as apparently it’s one of the obstacles for adoption of ISO 29119. See page 26 of this update of Stuart Reid’s slide deck: “Anti-standardization – craftsmen”.