Risk-based testing

Risk-based testing (RBT) is a type of software testing that prioritizes the tests of features and functions based on the risk of their failure - a function of their importance and likelihood or impact of failure.^[1]^[2]^[3]^[4] In theory, since there is an infinite number of possible tests, any set of tests must be a subset of all possible tests. Test techniques such as boundary value analysis and state transition testing aim to find the areas most likely to be defective.

1 Assessing risks
2 Types of Risks
3 References

Assessing risks

The changes between two releases or versions is key in order to asses risk. Evaluating critical business modules is a first step in prioritizing tests, but it does not include the notion of evolutionary risk. This is then expanded using two methods: change-based testing and regression testing.

Change-based testing allows test teams to assess changes made in a release and then prioritize tests towards modified modules.
Regression testing brings more added-value to test strategy. Once changes have been discovered the aim is to assess direct and non-direct impacts on software.

These two methods permit test teams to prioritize tests based on risk, change and criticality of business modules. Certain technologies can make this kind of test strategy very easy to setup and to maintain with software changes.

Types of Risks

The methods assess risks along a variety of dimensions:

Business or Operational

High use of a subsystem, function or feature
Criticality of a subsystem, function or feature, including the cost of failure

Technical

Geographic distribution of development team
Complexity of a subsystem or function

External

Sponsor or executive preference
Regulatory requirements

E-Business Failure-Mode Related^[5]

Static content defects
Web page integration defects
Functional behavior-related failure
Service (Availability and Performance) related failure
Usability and Accessibility-related failure
Security vulnerability
Large Scale Integration failure

References

^ Paul Gerrard Risk-Based E-Business Testing Part 1, Risks and Test Strategy (2000)
^ Paul Gerrard Risk-Based E-Business Testing Part 2, Test Techniques and Tools (2000)
^ Bach, J. The Challenge of Good Enough Software (1995)
^ Bach, J. and Kaner, C. Exploratory and Risk Based Testing (2004)
^ Gerrard, Paul and Thompson, Neil Risk-Based Testing E-Business (2002)