Exploring Risk-based Testing and Its Implications
Article by Felix Redmill
If software cannot be tested exhaustively, it must be tested selectively. But, on what should selection be based in order to maximise test effectiveness? It seems sensible to concentrate on the parts of the software where the risks are greatest, but what risks should be sought and how can they be identified and analysed?
‘Risk-based testing’ is a term in current use, for example in an accredited test-practitioners’ course syllabus, but there is no broadly accepted definition of the phrase and no literature or body of knowledge to underpin the subject implied by it. Moreover, there has so far been no suggestion that it requires an understanding of the subject of risk. This paper examines what is implied by risk-based testing, shows that its practice requires an understanding of risk, and points to the need for research into the topic and the development of a body of knowledge to underpin it.
This paper examines the implications of risk-based testing, starting with a brief consideration of the subject of risk (but does not address software constructed by mathematically formal languages). It attempts to show that, whereas risk-based testing has been used intuitively, it is now time for it to be taken seriously as a subject for study, research, and definition. Risk-based testing requires risk-based thinking and this, once in operation, points to the need for improvements not only in testing but also in other parts of the development life cycle.
Focusing testing according to risk implies making judgements about test coverage, the number of tests conducted, the choice of test techniques and types of review, the use of and balance between dynamic testing and static analysis, and other issues. The paper does not address these testing decisions but, rather, explores the use of risk as a basis for them. The paper is concerned with test planning and not test specification.
