Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Risk-based testing
open-in-new
<h2 id="types-of-risk-assessment">Types of risk assessment</h2> <h3>Light-weight risk assessment</h3> <p>Lightweight risk-based testing methods mainly concentrate on two important factors: likelihood and impact.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> Likelihood means how likely it is for a risk to happen, while impact measures how serious the consequences could be if the risk actually occurs. Instead of using complicated math, these techniques rely on simple judgments and scales.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> For instance, a team might rate the chance of risk as high, medium, or low and its impact as severe, moderate, or minor. These ratings help prioritize where testing efforts should be focused.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p> <h3>Heavy-weight risk assessment</h3> <p>Heavy-weighted risk-based testing is a method used to test software by focusing on the areas where problems are most likely to happen. The testing team looks for the most important parts of the software that might fail and concentrates on testing those parts more thoroughly. </p><p>There are four main types of heavy-weight risk-based testing methods:<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p> <ol><li><i>Cost of Exposure</i>: This looks at how much money a problem in the software might cause. It figures this out by thinking about how likely a problem is and how much it might cost.</li> <li><i>Failure Mode and Effect Analysis (FMEA)</i>: This technique finds out what parts of the software might fail, why they might fail, and what might happen if they do. It helps find the important areas that need attention.</li> <li><i>Quality Functional Deployment (QFD)</i>: This method helps connect what the users need with what the software does. It looks at risks that might come from not understanding what the users really want.</li> <li><i>Fault Tree Analysis (FTA)</i>: This technique is used to figure out why something went wrong by looking at different reasons in a step-by-step way..</li></ol> <h2 id="types-of-risk">Types of risk</h2> <p>Risk can be identified as the probability that an undetected <a href="/facts/Software_bug/I1uSXySv">software bug</a> may have a negative impact on the user of a system.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> </p><p>The methods assess risks along a variety of dimensions: </p> <h3>Business or operational</h3> <ul><li>High use of a subsystem, function or feature</li> <li>Criticality of a subsystem, function or feature, including the cost of failure</li></ul> <h3>Technical</h3> <ul><li>Geographic distribution of development team</li> <li>Complexity of a subsystem or function</li></ul> <h3>External</h3> <ul><li>Sponsor or executive preference</li> <li>Regulatory requirements</li></ul> <h3>E-business failure-mode related</h3> <ul><li>Static content defects</li> <li>Web page integration defects</li> <li>Functional behavior-related failure</li> <li>Service (Availability and Performance) related failure</li> <li>Usability and Accessibility-related failure</li> <li>Security vulnerability</li> <li>Large scale integration failure</li></ul> <p><a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> </p><p>Some considerations about prioritizing risks is written by Venkat Ramakrishnan in a blog. <a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Bach, J. The Challenge of Good Enough Software (1995) <a href="/wiki/James_Marcus_Bach" target="_blank">/wiki/James_Marcus_Bach</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Bach, J. and Kaner, C. Exploratory and Risk Based Testing (2004) <a href="/wiki/James_Marcus_Bach" target="_blank">/wiki/James_Marcus_Bach</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Mika Lehto (October 25, 2011). "The concept of risk-based testing and its advantages and disadvantages". Ictstandard.org. Retrieved 2012-03-01. <a href="https://www.ictstandard.org/article/2011-10-25/concept-risk-based-testing-and-its-advantages-and-disadvantages" target="_blank">https://www.ictstandard.org/article/2011-10-25/concept-risk-based-testing-and-its-advantages-and-disadvantages</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Felderer, Michael; Schieferdecker, Ina (2014). "A taxonomy of risk-based testing". International Journal on Software Tools for Technology Transfer. 16 (5): 559–568. arXiv:1912.11519. doi:10.1007/s10009-014-0332-3. S2CID 11598143. <a href="https://link.springer.com/article/10.1007%2Fs10009-014-0332-3" target="_blank">https://link.springer.com/article/10.1007%2Fs10009-014-0332-3</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Mahesh, Hari (2023-11-03). "Risk-based Testing: A Strategic Approach to QA". testRigor AI-Based Automated Testing Tool. Retrieved 2023-11-18. <a href="https://testrigor.com/blog/risk-based-testing-a-strategic-approach-to-qa/" target="_blank">https://testrigor.com/blog/risk-based-testing-a-strategic-approach-to-qa/</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Schmitz, Christopher; Pape, Sebastian (2020-03-01). "LiSRA: Lightweight Security Risk Assessment for decision support in information security". Computers & Security. 90: 101656. doi:10.1016/j.cose.2019.101656. ISSN 0167-4048. S2CID 208109813. <a href="https://www.sciencedirect.com/science/article/pii/S0167404819301993" target="_blank">https://www.sciencedirect.com/science/article/pii/S0167404819301993</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"What is Risk Based Testing: With Best Practices". www.lambdatest.com. Retrieved 2023-11-18. <a href="https://www.lambdatest.com/learning-hub/risk-based-testing" target="_blank">https://www.lambdatest.com/learning-hub/risk-based-testing</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"What is Risk Based Testing: With Best Practices". www.lambdatest.com. Retrieved 2023-11-18. <a href="https://www.lambdatest.com/learning-hub/risk-based-testing" target="_blank">https://www.lambdatest.com/learning-hub/risk-based-testing</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>Stephane Besson (2012-01-03). "Article info : A Strategy for Risk-Based Testing". Software Quality Engineering IT. Stickyminds.com. Retrieved 2012-03-01. <a href="http://www.stickyminds.com/s.asp?F=S7566_ART_2" target="_blank">http://www.stickyminds.com/s.asp?F=S7566_ART_2</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Gerrard, Paul and Thompson, Neil Risk-Based Testing E-Business (2002) <a href="http://www.riskbasedtesting.com" target="_blank">http://www.riskbasedtesting.com</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>On Risk-Based Testing [1] <a href="https://venkatramakrishnan.com/2022/07/20/risk-based-testing/" target="_blank">https://venkatramakrishnan.com/2022/07/20/risk-based-testing/</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> </ol>