Professional Documents
Culture Documents
Risk Based Testing Vs 1.1
Risk Based Testing Vs 1.1
an Introduction
Richard Donovan
25th Jan 2010
v 1.1
Key principles
* “The Challenge of Good Enough Software”, James Bach, American Programmer, 1995
Definition of Risk
– How is it done?
• Test risk scores are obtained through Risk Assessment Sessions
* “Risk Based Testing – Strategies for Prioritising Tests Against Deadlines”, Hans Schaefer, Keynote, STAR West 1998
Risk Assessment Sessions
– Objective
• Stakeholders provide their risk interpretation based on a
scoring technique.
– Variables
• Work packages split in Components.
• Quality Characteristics (small subset chosen from 27
mentioned in ISO 9126)
– These are: Performance, Usability and Reliability.
In the Session
– Step 1:
• Score risk per component. Use 1 to 5 and multiply. Example:
In the Session - continued
– Step 2:
• score importance of the quality criteria per component. Use H, M
and L; Example:
In the Session - continued
– Scoring risk
• The idea is to reach consensus
– All attendees score probability and damage for each item by placing a
score card upside down in front of them
» 1 – 5 probability (low to high)
» 1 – 5 damage (low to high)
– On revealing scores, the reasons for lowest and highest scores are
discussed until consensus is reached.
– Step 3:
• determine mitigation strategy
– Questions?