Black Cards (a.k.a. Evil Stories)
Are defined as tasks or features that represents something that needs to be fixed, because it represents a risk to the system in production (or going to).
Generally they represent acceptance criteria that was not defined during development. They should have higher priority over the other stories to be implemented.
IIRC the original idea behind the black story cards was to write them from the point of view of an actor for whom the ‘value’ realised from the story, would result in some undesirable overall system effect. For example,
“As a disgruntled employee, I want to use SQL injection so that I can embezzle my cruel overlord employer by increasing my bonus in the database tenfold”
So they represented a way of thinking about making the system do something it was not intended to do, and using its powers for evil!!!! I think the ‘black’ bit came from de Bono six hat thinking.
Dave C
2 Dec 08 at 5:24 am
Thanks Mr. Coombes!
Just updated the story to the one you provided. Actually we used a story similar to the one you wrote.
alexandre
2 Dec 08 at 8:19 am
One interesting estimate to keep track of in those cards is the likelihood. We used a betting system on an app earlier this year (developers would place simple bets on which problem was more likely to occur first - in pints of beer).
My favourite so far has been “in order to increase the visits to my ‘herbal viagra’ site, I want to use XSS to embed links to it in the system”, because it’s incredibly simple to prevent in most sites and yet we rarely do it well.
Carlos Villela
2 Dec 08 at 8:58 am