Friday, January 27, 2006

Risk Based Testing

Definition of Risk-based testing

The technique used to prioritise the development and execution of tests upon the impact and likelihood of failure of the functionality or aspect being tested.


Testing using risk prioritisation. Should there be any other approach? In time, risk-based testing will be a synonym for testing. There will no longer be a need to emphasise that risk is the basis for testing.

In the meantime there is clearly confusion about risk-based testing. I entered "risk based testing" in Google and found an amazing array of contradictory information on the topic. Some entries are clearly written and well thought through. An example is this paper on heuristics and risk by James Bach. Others are not. An example of this is here.

Now the sad thing about the second paper is that it was the second entry I found when I searched. So it must be frequently found by those searching for information on risk based testing. It is also nice to look at and has well drawn diagrams in it. So it seems highly plausible as a sound software testing method. But if you start to look at the content it has some of the strangest advice I've ever seen on this topic. For example:

"Since the risk increases with the frequency of use, you should look at the most used feature by a user to identify the riskiest ones"

Do you believe this statement? I frequently play cards on my system. But if the card programme wasn't working properly it would not increase the risk that I couldn't write a performance testing report or process test management information. It's obvious to anyone who thinks about it, that the impact of failure is a far more important indicator of risk than frequency of use.

This is not an isolated instance though. If you read the paper you'll find lots more gems of this quality. Perhaps it is deliberately like this. An ironic sting: if anyone is cavalier enough to follow the testing approach described then they evidently don't assess the risk of finding insane instructions on the Internet as well as sound advice. I wonder if Caveat emptor applies to free advice too...