Login
Login

Risk-based testing

{{notability|date=February 2012}}

Risk-based testing (RBT) is a type of software testing that functions as an organizational principle used to prioritize the tests of features and functions in software, based on the risk of failure, the function of their importance and likelihood or impact of failure.Bach, J. [http://www.satisfice.com/articles/gooden2.pdf The Challenge of Good Enough Software] (1995)Bach, J. and Kaner, C. [https://kaner.com/pdfs/NatureOfExploratoryTest.pdf Exploratory and Risk Based Testing] (2004){{cite web|url=https://www.ictstandard.org/article/2011-10-25/concept-risk-based-testing-and-its-advantages-and-disadvantages |title=The concept of risk-based testing and its advantages and disadvantages |publisher=Ictstandard.org |author=Mika Lehto |date=October 25, 2011 |access-date=2012-03-01}} In theory, there are an infinite number of possible tests. Risk-based testing uses risk (re-)assessments to steer all phases of the test process, i.e., test planning, test design, test implementation, test execution and test evaluation.{{cite journal | url=https://link.springer.com/article/10.1007%2Fs10009-014-0332-3 | doi=10.1007/s10009-014-0332-3 | title=A taxonomy of risk-based testing | date=2014 | last1=Felderer | first1=Michael | last2=Schieferdecker | first2=Ina | journal=International Journal on Software Tools for Technology Transfer | volume=16 | issue=5 | pages=559–568 | arxiv=1912.11519 | s2cid=11598143 }} This includes for instance, ranking of tests, and subtests, for functionality; test techniques such as boundary-value analysis, all-pairs testing and state transition tables aim to find the areas most likely to be defective.

Types of risk assessment

= Light-weight risk assessment =

Lightweight risk-based testing methods mainly concentrate on two important factors: likelihood and impact.{{Cite web |last=Mahesh |first=Hari |date=2023-11-03 |title=Risk-based Testing: A Strategic Approach to QA |url=https://testrigor.com/blog/risk-based-testing-a-strategic-approach-to-qa/ |access-date=2023-11-18 |website=testRigor AI-Based Automated Testing Tool |language=en-US}} Likelihood means how likely it is for a risk to happen, while impact measures how serious the consequences could be if the risk actually occurs. Instead of using complicated math, these techniques rely on simple judgments and scales.{{Cite journal |last1=Schmitz |first1=Christopher |last2=Pape |first2=Sebastian |date=2020-03-01 |title=LiSRA: Lightweight Security Risk Assessment for decision support in information security |url=https://www.sciencedirect.com/science/article/pii/S0167404819301993 |journal=Computers & Security |volume=90 |pages=101656 |doi=10.1016/j.cose.2019.101656 |s2cid=208109813 |issn=0167-4048|url-access=subscription }} For instance, a team might rate the chance of risk as high, medium, or low and its impact as severe, moderate, or minor. These ratings help prioritize where testing efforts should be focused.{{Cite web |title=What is Risk Based Testing: With Best Practices |url=https://www.lambdatest.com/learning-hub/risk-based-testing |access-date=2023-11-18 |website=www.lambdatest.com |language=en-US}}

= Heavy-weight risk assessment =

Heavy-weighted risk-based testing is a method used to test software by focusing on the areas where problems are most likely to happen. The testing team looks for the most important parts of the software that might fail and concentrates on testing those parts more thoroughly.{{cn|date=November 2023}}

There are four main types of heavy-weight risk-based testing methods:

  1. Cost of Exposure: This looks at how much money a problem in the software might cause. It figures this out by thinking about how likely a problem is and how much it might cost.
  2. Failure Mode and Effect Analysis (FMEA): This technique finds out what parts of the software might fail, why they might fail, and what might happen if they do. It helps find the important areas that need attention.
  3. Quality Functional Deployment (QFD): This method helps connect what the users need with what the software does. It looks at risks that might come from not understanding what the users really want.
  4. Fault Tree Analysis (FTA): This technique is used to figure out why something went wrong by looking at different reasons in a step-by-step way..

Types of risk

Risk can be identified as the probability that an undetected software bug may have a negative impact on the user of a system.{{cite web|work=Software Quality Engineering IT |url=http://www.stickyminds.com/s.asp?F=S7566_ART_2 |title=Article info : A Strategy for Risk-Based Testing |author=Stephane Besson |publisher=Stickyminds.com |date=2012-01-03 |access-date=2012-03-01}}

The methods assess risks along a variety of dimensions:

= Business or operational =

  • High use of a subsystem, function or feature
  • Criticality of a subsystem, function or feature, including the cost of failure

= Technical =

  • Geographic distribution of development team
  • Complexity of a subsystem or function

= External =

  • Sponsor or executive preference
  • Regulatory requirements

= E-business failure-mode related =

  • Static content defects
  • Web page integration defects
  • Functional behavior-related failure
  • Service (Availability and Performance) related failure
  • Usability and Accessibility-related failure
  • Security vulnerability
  • Large scale integration failure

Gerrard, Paul and Thompson, Neil [http://www.riskbasedtesting.com Risk-Based Testing E-Business] (2002)

Some considerations about prioritizing risks is written by Venkat Ramakrishnan in a blog.

On Risk-Based Testing [https://venkatramakrishnan.com/2022/07/20/risk-based-testing/]

References

{{reflist}}

Category:Software testing

{{Soft-eng-stub}}