Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Risk Analysis in RFC 1149
Alison Hawke / Director of QA
RFC 1149
Our target system for risk analysis
“A Standard for the Transmission of
IP Datagrams on Avian Carriers”
RFC 1149 ...
What is risk analysis?
What is a risk? Where do they lurk? How do you find them?
No code is 100% risk-free.
Assumptions ar...
Assumptions and “unknown unknowns”
How do you know what you know and what you don’t know?
“Reports that say that something...
Interlude
Kittens!
Trade-off sliders and risk prioritisation
Who cares, and about what? Why is this more important than that?
• What does the...
Some stuff is just difficult
February 29th, 2015 and other problems
https://twitter.com/kellan/status/11110460227
Some stuff is just difficult
“GU2 5XH” is a valid UK postal code
• Dates, times, and time zones are complex.
• Names and a...
Hygiene factors and other detractors
No one likes a dirty bathroom
If {X} is there, it provides little user satisfaction.
...
Upcoming SlideShare
Loading in …5
×

Risk Analysis and RFC 1149

236 views

Published on

In QA we look for risk and run constant calculations about what we should focus on next. Using the IETF's specification for RFC 1149, (aka "A Standard for the Transmission of IP Datagrams on Avian Carriers​," dated 1 April 1990) I'll go over how to identify the risks in a system and where to focus your attention first as a tester. I'll hit the highlights of stuff that commonly goes wrong and give you the tools to find out where your risks are.

Please read RFC 1149 (takes less than 5 minutes):
https://tools.ietf.org/html/rfc1149

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Risk Analysis and RFC 1149

  1. 1. Risk Analysis in RFC 1149 Alison Hawke / Director of QA
  2. 2. RFC 1149 Our target system for risk analysis “A Standard for the Transmission of IP Datagrams on Avian Carriers” RFC 1149 was released for comment by the Internet Engineering Task Force on 1 April 1990.
  3. 3. What is risk analysis? What is a risk? Where do they lurk? How do you find them? No code is 100% risk-free. Assumptions are bad, especially ones you don’t know about. Trade-off sliders, what does the client really care about? Certain areas are inherently risky because they’re hard to get right. Hygiene factors/detractors.
  4. 4. Assumptions and “unknown unknowns” How do you know what you know and what you don’t know? “Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.” Donald Rumsfeld, US Secretary of Defense, Feb 12, 2012
  5. 5. Interlude Kittens!
  6. 6. Trade-off sliders and risk prioritisation Who cares, and about what? Why is this more important than that? • What does the client care about most? Ask them, often. • Will this feature lose the client money if it’s broken? • Will this feature make the client look bad if it’s broken? • Nonfunctional considerations are a risk.
  7. 7. Some stuff is just difficult February 29th, 2015 and other problems https://twitter.com/kellan/status/11110460227
  8. 8. Some stuff is just difficult “GU2 5XH” is a valid UK postal code • Dates, times, and time zones are complex. • Names and addresses, especially global ones, are tricky. • Math is hard, rounding errors happen, int’l currencies are difficult. • If the user can enter data, the app is open to attack. • Caching is hard, and horrible when it goes wrong. • Nonfunctional considerations are a risk, e.g. system resources. • What about security? Encryption? Privacy? Personally identifiable information?
  9. 9. Hygiene factors and other detractors No one likes a dirty bathroom If {X} is there, it provides little user satisfaction. If {X} is missing or broken, it is a HUGE problem. Examples: • Clean bathrooms. • Caching. • Performance. • Encryption and other security. • Session persistence.

×