I had an interesting discussion on my story posted on SoftwareTestingClub and TestRepublic. Below I stored the part of the thread.

Permalinks:

http://www.softwaretestingclub.com/forum/topics/youre-not-supposed-to-get

http://www.testrepublic.com/forum/topics/youre-not-supposed-to-get

The original post.

This is the story of bug reporting.

The story began one day when QA Engineer (automation consultant) first time connected to a service module that was signed for functional test automation. Typically, some exploratory manual testing is a good thing to start with. As a part of investigation it’s also recommended to look under the cover to see HTML structure and scripts. It’s proven quite useful if you want quickly identify areas with a potential defect like field value validation (implemented with a front-end script).

This time expectations were fulfilled.

First, in the hard-coded (defined right in the code) sequence of restricted characters some discrepancies were found and immediately tried. Voila, first fails: “9.0” + “1,5” isn’t supposed to be “10”, and “1.1,5” isn’t a number at all.

Second, one critical field (it supposed to be a unique digital code, like account number) was not validated at all, and submitting combinations like “angle bracket” plus wrong code effectively broke the security allowing to bypass the web page, and see on the next one half-parsed HTML with some secured information that regular user is definitely not supposed to see.

Since the build was on UAT already, and the previous build was in Production, the Character notified QA Lead and Developer of the module of a high impact issues discovered.
So here is the scene we begin from.

QA Lead.
“Why did you do those negative tests? We need to automate only positive tests.
We have an outsourcing company that performs security testing for us”.

Developer.
“You, testers, are supposed to do black box testing! You should have not looked into my code!”

QA Engineer.
“…”

I left the Character’s reply undiscovered because I’d like to substitute my thoughts here, and I invite everyone to express theirs. I’m only asking not to drive in a judging direction.

“Quality is everyone’s responsibility”, so what would you do in that immediate situation (as well as going forward in given environment) to make your personal contribution and bring a change, no matter how small it would be?

If someone wants to take other sides’ opinions (i.e. Developer’s, QA Lead’s, etc.) you’re welcome too.
 

The featured replies.

Reply by Jim Hazen

My reply would be this: “I found this while working on the automation. I looked at the code to see what I needed to get at and noticed a potential issue. I figured I would try it to see if it really was a problem and it turned out to be true. Manual exploratory testing is part of the process of figuring out what can be automated. Also, aren’t you glad that I found the problem before a user in the field did?”

Reply by Rob Lambert

It seems to me your example is of someone working in an environment where people do the minimum (and less) that is required of them.

It also sounds like the managers and developers have little understanding, consideration or care for quality. I’d hazzard a guess that there are few unit tests and little respect to a tester who actually raises a defect. My guess is that the project also doesn’t appreciate defect being raised, missed deadlines or the people they actually employ.

It sounds suspiciously like somewhere I used to work :)

It’s sad that questions are still being raised about these sorts of topics (not sad of you, but that the situation still exists).

The QA engineer is facing a tough choice. Do as told and nothing more. Or have integrity in the career they have chosen and stand up for quality.

I would stand up and fight and take people down with me, but that’s me. I’ve known people take all types of abuse, hatred and disrespect and still continue to work places – so I guess people are different.

I tried to change the culture at the place I worked that was like this. I tried for about 1 hour until I was 100% positive nothing could be done. It was a culture that had been there too long and there was no chance of changing it. Not at the position I was at. People were being sacked for finding too many bugs.

So I did the decent thing and left. I managed a whole 6 days there before throwing in the towel. And when I did it was amazing how many people congratulated me for having the sense to leave. Yet, most of them are still there.

So in answer to your question after my little ramble. My immediate suggestion would be stand up for quality…champion it…fight the corner, but if the QA Engineer has a clear moment of realisation that nothing will change the culture other than a new board of management – then to leave and keep their career on the right path. (assuming there are some jobs to move to)

It’s the QA engineers career on the line and if they are working in a culture that supports only positive automation and actively enforces a white/black box testing culture then they need to sit and think hard about what’s important to them. It’s not about quality, it’s about roles and responsibilities. It wont be long until that QA Engineer has all of the passion, creativity and positivity sucked out of them.

Careers and enjoying your job are crucial as is professional integrity…