MSF for Agile Software Development

Glossary

[A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

activities

A pattern of work performed together for a single purpose. An activity may use or produce work products and may be tracked by a work item.

application diagram

The definition and configuration of applications that will be composed into systems for deployment. The application diagram shows the communication dependencies exposed through endpoints in a graphical layout prior to committing to code.

asset

The abstract or concrete resources that a system must protect from misuse by an adversary.

automated test

A set of steps that a computer may run to test the functionality of the system.

backlog

The set of work items not yet closed, representing work under consideration or still to be completed.

bug allotment

A chunk of development time allocated to fix bugs. An allotment is created by leaving slack in the iteration plan.

bug

A type of work item, recording a potential source of dissatisfaction with the product.

build verification tests

Also known as smoke tests. A group of tests used to determine the health of a build at a high level. Typically these tests exercise the core functionality to help team members determine whether further testing is worthwhile.

build

The process involved in taking one or more input configuration items and processing them (building them) to create one or more output configuration items; for example, software compile and load.

changeset

A logical grouping of changes. There are pending changesets, shelvesets, and committed changesets. A pending changeset is a group of changes that have been made in one enlistment but have not yet been submitted to the database for publishing and permanent record. A shelveset is a set of changes that have yet to be committed, but the entire contents of which are now located in the source control server. A committed changeset is a set of changes that have been permanently recorded in the history of the database and are available for others to see.

class diagram

A visual and static representation of classes and the relationships between them.

code analysis

Checking code for conformance to design guidelines. Code analysis goes beyond compilation to look for common coding and design errors determined by a set of guidelines.

code coverage

A metric used to describes the degree to which the source code of a program has been tested. Code coverage is expressed as a percentage of the lines of code tested over the total lines of code.

development task

An assigned unit of development work usually created to build part of a scenario or quality of service requirement. The development task describes the objective of the developer in the context of an iteration.

differentiating factor

The part of a scenario that determines its uniqueness from other scenarios. The goal of a differentiating factor is to prevent multiple scenarios from being created that describe the same flow through the system.

DREAD

A ranking of the risk associated with a vulnerability or security requirement. DREAD stands for Damage potential, Reproducibility, Exploitability, Affected users, Discoverability.

dynamic systems initiative

An initiative uniting hardware, software and service vendors around a new software architecture that enables customers to harness the power of industry-standard hardware, and brings simplicity, automation and flexibility to IT operations.

entry point

An interface that the system provides that might be used as way of gaining access to the assets or resources of a system.

exploratory testing

The testing of a product without a set of tests defined in advanced. Testers performing exploratory testing take on a persona and perform the tasks that persona would perform.

feature dissatisfaction

A condition where users believe that the product does not meet the expectations set by the market, competitors, previous experiences, or promises.

fuzzing

Fuzzing supplies structured but invalid inputs to software application programming interfaces (APIs) and network interfaces so as to maximize the likelihood of detecting errors that may lead to software vulnerabilities.

goal

An objective that the persona is attempting to achieve. A system helps the persona reach these goals.

infrastructure architecture

The topology of the deployment environment including protocols, security levels, and services. This architecture provides a logical mapping to the deployment environment, such as the data center.

instrument

The process of examining the amount of time spent in each area of the code.

iteration budget

The budget used for planning the development activity for an iteration based on rough order of magnitude estimates. The iteration budget is obtained from the velocity report and is measured in ideal person days.

iteration length

The length of the fixed period of time that comprises an iteration. The iteration length usually stays constant over the entire project.

iteration plan

The list of scenarios, quality of service requirements, and tasks for the upcoming iteration.

iteration tests

The set of tests that are run after the build verification tests. These tests verify the functionality called for in the iteration plan.

iteration

A fixed period of time for scheduling tasks. An iteration is generally fixed between 2 and 6 weeks. Iterations are generally consecutively numbered and sequentially follow one another.

lifestyle snapshot

A documented day in the life of a persona. A lifestyle snapshot is created by a business analyst through interactions with the users.

load profile

The simulated workload for a load or stress test. The load profile can be constant or increased gradually through stepping.

load test scenario

The combination of a test mix, load profile, and simulated environment for a load or stress test.

load test

A test type that contains other test types and exercises them with user settings to perform a predefined load scenario.

logical server

An application server within a logical datacenter that describes a specific configuration of application hosting software, such as Internet Information Server, configured for a specific purpose such as secure front-end Web server.

manual test

A text document or a Microsoft Word document listing the steps that a person follows to complete a test pass.

performance test

A test that ensures that the performance quality of service requirement is met. A performance test not only checks that the functionality works but also the amount of time it takes for that functionality to complete.

persona

A persona describes the typical skills, abilities, needs, desires, working habits, tasks, and backgrounds of a particular set of users. A persona is fictional reality, collecting together real data describing the important characteristics of a particular user group in a fictional character.

product

The system or set of components that is the goal of the software development process.

project portal

The Windows SharePoint Services site used to store and present non-code work products and reports for a team project.

project vision

The purpose, driving factors, and background for building the system. This goal of the vision is to align the team around a central purpose.

project

See team project.

quality dissatisfaction

The dissatisfaction that occurs when quality of a release is poor.

quality of service requirement

A type of work item, recording a constraint on the system such as performance, load, stress, security mechanism, or platform. These requirements do not describe functionality but rather constraints on that functionality.

query

A named set of criteria which Visual Studio Team Foundation uses to find and display work items.

release

A build promoted for use or deployment. A release can be internal and used for further testing or external and released or deployed.

report

A report produced from the metrics warehouse of Visual Studio Team Foundation.

risk

A type of work item, recording a possible event with an undesirable outcome. Risks must be identified, assigned, and if the impact is probable and undesirable, mitigated.

role

A group of activities normally (but not always) performed by one person and often implemented with a security group. Often, one person may play multiple roles.

rollout plan

The plan for delivering an external release. This plan includes all of the elements that must be put in place for acceptance in the marketplace, operations, or to a customer.

rough order of magnitude

A coarse-grained estimate based on initial or incomplete data. A rough order of magnitude estimate establishes a ballpark cost for a scenario or quality of service requirement.

scenario

A type of work item, recording a single path of user interaction through the system. As the persona attempts to reach a goal, the scenario records the specific steps that they take in attempting to reach that goal.

security test

Also called a penetration test. These tests look for attack paths that might be used to gain access to assets.

shadow application

A term used for an application whose purpose is to describe the behavior of a system. Typically, a shadow application is used during top-down design of a system and would not normally be implemented. The endpoints on a shadow application would be migrated to other applications or systems.

shelving

Shelving enables you to set aside a batch of pending changes temporarily in order to work on another high priority release or to share your untested source file revisions with another user.

solution architecture

The architecture of the software including its structure, entry points, trust areas, and class and component relationships

stack rank

An ordering of work items for prioritization.

stress test

A test that determines an application's breaking points and pushes the application past its upper limits as resources are saturated.

STRIDE

An acronym used to categorize different threat types. A method of categorizing threat types. These threat types include: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

system diagram

The depiction of a single composite system definition showing uses of either application definitions or a system definitions. Connections show the communication links configured between the applications/systems.

task

A type of work item, recording a development task or test task.

team project

The named collection of work items, code, tests, work products, metrics, etc., used by a defined team with Visual Studio Team Foundation to track a common set of related work.

test approach

The test goals, coverage, techniques, and data for the project and each of the iterations.

test harness

An application that loads test adapters and owns the process that executes tests.

test metric threshold

A goal for the project measured using a test metric. For example 70% unit test coverage is a test metric threshold for the development team.

test metric

A unit of measure for the testing. For example, unit test coverage is a test metric for the development team.

test result

The verdict from running a test. Possible verdicts are Pass, Fail, or Inconclusive.

test task

An assignment to create test cases and test a specific area of the product usually in the context of a scenario or quality of service requirement.

think time

The elapsed time between the receipt of a reply to one request and the submission of the next request. For example, if it takes about 60 seconds for a user to enter all the information required for a Web-based time-entry form, 60 seconds is the think time for this scenario.

threat

How an adversary might try to affect an asset by using an entry point. A threat describes a goal of an adversary.

triage

The process that is used to review newly reported or reopened bugs and assign a priority and iteration for working on them.

trust level

A characterization of an external entity that interacts with the product. The trust level is often based on how the external entity is authenticated and what privileges it has. Trust levels can be associated with entry points, personas, assets, or other protected resources.

unblocked

Run to completion and pass.

validation test

A test that ensures that the functionality called for in a scenario or quality of service requirement works as expected.

velocity report

A report that provides a measure of the rate of work accomplished per iteration unit of time, or example, iteration.

velocity

The number of person days of work that have be accomplished in an iteration. The velocity is a measure of the work accomplished per iteration.

vision statement

A short statement outlining the project vision, describing the value proposition, the stakeholders, and the driving factors.

vulnerability

Any weakness, administrative process or act, or physical exposure that makes a computer susceptible to exploit by a threat.

work item

A database record which Visual Studio Team Foundation uses to track an assignment and state of work.

work product

A discrete deliverable or artifact, such as a document, spreadsheet, changeset, etc.

workstream

An activity that is composed of other activities. These are the simple building blocks of the process. They may be assigned to single or multiple roles.

zero defect state

Having no warnings or errors.