SlideShare a Scribd company logo

Good Ppt On Risk

nazeer pasha
nazeer pasha

This document is a presentation on risk-based testing by Hans Schaefer. It discusses factors that determine risk such as damage and probability of failure. It provides a simple method to calculate risk as damage multiplied by probability. The presentation provides examples of identifying risks before, during, and after testing and prioritizing testing based on risk. It also discusses strategies for reducing testing costs such as good prioritization and removing unnecessary testing tasks.

TechnologyEconomy & Finance
1 of 15
GI-TAV 22 Bremen 17-Feb-2005 Page 1 Risk based testing How to choose what to test more and less by Hans Schaefer hans.schaefer@ieee.org - What is risk - Factors determining damage - Factors determining probability - A simple method to calculate risk - Risk management in test projects: Risks before, during and after the test Risk based testing © 2005 Hans Schaefer Slide no. 1 The duty of testing “It shall be the duty of managers to make decisions and the duty of engineers to make them informed ones.” Jukka Talvio, Development Manager, F-Secure Risk based testing © 2005 Hans Schaefer Slide no. 2 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 2 Why this presentation Because testing is always under pressure Testing is the last thing done in a project (“caboose effect”) You must be able to cut down the least important things Risk based testing © 2005 Hans Schaefer Slide no. 3 Strategy Objective: Find the most important defects as early as possible at the lowest price No risk -> No test Business / user / client based decision Risk based testing © 2005 Hans Schaefer Slide no. 4 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 3 What is risk? The product of the probability, that something negative, a failure, will happen, and the cost, (damage) of the consequences which will then happen. RISK Damage Probability of failure (cost of failure) Quality Usage frequency Damage / Use (failure rate / defect density) Risk:= You don’t know what will happen but you do know the probabilities Uncertainty = You don’t even know the probabilities. Risk based testing © 2005 Hans Schaefer Slide no. 5 Determining probability of failure Probability of failure Quality Functional volume (failure rate / defect density) (how much is “in there”) Probability = defect density / volume Risk based testing © 2005 Hans Schaefer Slide no. 6 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 4 Risk definition • Damage – Catastrophic: Loss of lives, loss of license – Financial, loss of (faith of) clients, damage to corporate identity – Impact on other functions or systems – Detection and repair time • Probability of failure – Globally = complexity / (estimated) size – In detail = knowledge of development project (just before testing) • Risk = Damage * Probability R( f ) = P( f ) * C ( f ) Risk based testing © 2005 Hans Schaefer Slide no. 7 Risk analysis • Applicable on the level of – system – subsystem – individual function or module (e.g. insert new entry into phone database) • Fundamental problems: – Difficult to measure – Failure to account for risk compensation (people compensate for greater safety by taking more risks) Risk based testing © 2005 Hans Schaefer Slide no. 8 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 5 Risk analysis • Risk analysis should lead to a limited number of classes of approximately equal risks (3-5) • Quality characteristics: What is the probability that failures will happen and the damage for – functional defects – bad performance ISO/IEC Std 9126 as checklist – bad usability – low maintainability – ... Risk based testing © 2005 Hans Schaefer Slide no. 9 Risk based Test - Practice Before the Test: Identify what is critical Test identifies areas with lots of detects “Top-20” 1 2 Extra Testing: - Extra Test by product specialist - automated regression test - ... 3 Risk based testing © 2005 Hans Schaefer Slide no. 10 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 6 Prioritization for the first test Risk based testing © 2005 Hans Schaefer Slide no. 11 Product Risks: What to think about Damage factors: • Which functions and attributes are critical? – (essential for the business success to reduce the business risk). • How visible is a problem in a function or attribute? (for customers, users, people outside) • How often is a function used? • Can we do without? • Legal consequences Risk based testing © 2005 Hans Schaefer Slide no. 12 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 7 Failure probability: What is (presumably) worst? – Complex areas – Time pressure – Changed areas – Areas which needed optimizing – Number of people involved – Areas with many defects before – Turnover – Geographical spread – New technology, solutions, – History of prior use methods – Local factors - New tools Risk based testing © 2005 Hans Schaefer Slide no. 13 Do not forget Can we test ONLY PART of the product? Other versions later? Risk based testing © 2005 Hans Schaefer Slide no. 14 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 8 How to calculate priority of risk areas? Assign weights to the chosen factors. (1 - 3 - 10) Assign points to every area and factor (1 - 2 - 3 - 4 - 5) Calculate the weighted sum (damage * probability). The spreadsheet does not contain the “surprise” factor, but that can be added. Spreadsheet Download: http://home.c2i.net/schaefer/testing/riskcalc.hqx Risk based testing © 2005 Hans Schaefer Slide no. 15 Example Damage Probability Area to test Usage Visibility Complexity Geography Turnover SUM frequency Weight 3 10 3 1 3 1125 Function A 5 3 2 4 5 1530 Function A 5 3 5 4 5 performanc e Function B 2 1 2 2 5 368 FB 1 1 4 2 5 377 usability 572 Function C 4 4 3 2 0 Function D 5 0 4 1 1 240 Risk based testing © 2005 Hans Schaefer Slide no. 16 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 9 What is the formula? Risk = Damage * Probability Damage = (Weight for impact factor 1 * value for this factor + Weight for impact factor 2 * value for this factor + + + Weight for impact factor n * value for this factor ) Probability = (Weight for probability factor 1 * value for this factor + Weight for probability factor 2 * value for this factor + + + Weight for probability factor n * value for this factor ) Risk based testing © 2005 Hans Schaefer Slide no. 17 The mathematics behind it It works well enough. We may actually be on a logarithmic scale (humans assigning points do so), which means we should ADD instead of MULTIPLY. The highest weighted sums -> thorough testing Middle weighted sums -> ordinary testing Low weighted sums -> light testing Make sure you use your head! Analyze unexpected results! Risk based testing © 2005 Hans Schaefer Slide no. 18 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 10 Selecting test techniques Example Reliability 30 State trans test Boundary value, branch coverage Usability 40 Paper review, Usability lab Efficiency 10 No test Flexibility 20 Design review (maintain) Monitoring of repairs Risk based testing © 2005 Hans Schaefer Slide no. 19 What to do if you do not know anything about the product? Run a test. Prioritize roughly by risk. First a breadth test (”smoke test”), everything a little, risky items more. (Explore the product). Then prioritize a more thorough test for the second test cycle. Risk based testing © 2005 Hans Schaefer Slide no. 20 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 11 Another risk based approach: Project risks for the Tester Risks BEFORE Test Risks DURING Test Risks AFTER Test Risk based testing © 2005 Hans Schaefer Slide no. 21 Risks BEFORE Testing Bad Quality Many faults overlooked Blocking faults Too many new versions -> Requirements to, and follow up of quality assurance before test Delays -> Alternative plans Lack of knowledge -> Test of earlier versions Risk based testing © 2005 Hans Schaefer Slide no. 22 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 12 Risks AFTER Testing THESE SHOULD NOT HAPPEN… Customer finds faults. Customer uses the product in new ways. Analysis of necessary reliability! Risk based testing © 2005 Hans Schaefer Slide no. 23 Risks in the Test project itself Bad management Lack of qualification Too few or the wrong people, too late Bad coordination Bad cooperation Problems with equipment and tools Medicine: Normal good project management. Risk based testing © 2005 Hans Schaefer Slide no. 24 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 13 How to make testing cheaper? Good people save time and money Good Prioritization Try to get rid of part of the task... Risk based testing © 2005 Hans Schaefer Slide no. 25 Getting rid of work Get someone else to pay for it or cut it out completely! – Who pays for unit testing? – What about test entry criteria? – Less documentation - more exploratory test Cutting installation cost - strategies for defect repair – When to correct a defect, when not? – Rule 1: Repair only defects causing important failures! – Rule 2: Change requests to next release! – Rule 3: Install corrections in groups! – Rule 4: Daily build! Less Test, should the customers pay ???? Risk based testing © 2005 Hans Schaefer Slide no. 26 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 14 Test reporting, risks and benefits addresses Testing Risks demonstrates n e at re informs about th Project Benefits status Risk based testing © 2005 Hans Schaefer Slide no. 27 Risk-based reporting Planned today end star t Residual Risks all risks ‘open’ at the start residual risks of releasing TODAY Progress through the test plan Risk based testing © 2005 Hans Schaefer Slide no. 28 © Hans Schaefer, 2000
GI-TAV 22 Bremen 17-Feb-2005 Page 15 References IEEE Standard 1044-2002: Standard Classification for Software Anomalies IEEE Standard 1044.1-2002: Guide to Classification for Software Anomalies Soon to come: IEEE Std. 16085 Standard for Software Engineering - Software Life Cycle Processes - Risk Management -You find them at sales@ieee.org Rex Black, Managing the Testing Process, John Wiley, 2002. (includes CD with a test priority spreadsheet) Hall, Payson: A Calculated Gamble. In STQE Magazine No 1 +2 / 2003. • Stamatis, D.H., Failure Mode and Effect Analysis: FMEA from Theory to Execution, ASQ Quality Press, 2003, ISBN 0-873-895983. Schaefer, Hans: „Strategies for Prioritizing Test“, STAR WEST 1998. http://home.c2i.net/schaefer/testing/risktest.doc James Bach, Risk Based Testing, STQEMagazine, Vol1, No. 6, www.stqemagazine.com/featured.asp?stamp=1129125440 Felix Redmill in „Professional Tester“, April 2003. www.professional-tester.com Tom DeMarco and Tim Lister, quot;Waltzing with Bears: Managing Risk on Software Projects”, 2003. Leveson, N. G. (1995). Safeware: System Safety and Computers. Reading, Massachusetts: Addison Wesley. Risk based testing © 2005 Hans Schaefer Slide no. 29 Thank you for listening Questions? Risk based testing © 2005 Hans Schaefer Slide no. 30 © Hans Schaefer, 2000

Recommended

Risk Management Basics for Globalization Projects
Risk Management Basics for Globalization ProjectsRisk Management Basics for Globalization Projects
Risk Management Basics for Globalization Projectsvanessa_wilburn
 
Better Software Classic Testing Mistakes
Better Software Classic Testing MistakesBetter Software Classic Testing Mistakes
Better Software Classic Testing Mistakesnazeer pasha
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
Risk factors
Risk factors Risk factors
Risk factors Neil Pande
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing FundamentalsChankey Pathak
 
Linux
LinuxLinux
Linuxnazeer pasha
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)nazeer pasha
 
Test Techniques
Test TechniquesTest Techniques
Test Techniquesnazeer pasha
 

Recommended

Risk Management Basics for Globalization Projects
Risk Management Basics for Globalization ProjectsRisk Management Basics for Globalization Projects
Risk Management Basics for Globalization Projectsvanessa_wilburn
 
Better Software Classic Testing Mistakes
Better Software Classic Testing MistakesBetter Software Classic Testing Mistakes
Better Software Classic Testing Mistakesnazeer pasha
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
Risk factors
Risk factors Risk factors
Risk factors Neil Pande
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing FundamentalsChankey Pathak
 
Linux
LinuxLinux
Linuxnazeer pasha
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)nazeer pasha
 
Test Techniques
Test TechniquesTest Techniques
Test Techniquesnazeer pasha
 
Testing Types Presentation
Testing Types PresentationTesting Types Presentation
Testing Types Presentationnazeer pasha
 
Bug Advocacy
Bug AdvocacyBug Advocacy
Bug Advocacynazeer pasha
 
Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1nazeer pasha
 
Teaching Testing Qw%202001
Teaching Testing Qw%202001Teaching Testing Qw%202001
Teaching Testing Qw%202001nazeer pasha
 
Orth Arrays
Orth ArraysOrth Arrays
Orth Arraysnazeer pasha
 
Testing
TestingTesting
Testingnazeer pasha
 
Tc Checklist
Tc ChecklistTc Checklist
Tc Checklistnazeer pasha
 
Software Testing Guide
Software Testing GuideSoftware Testing Guide
Software Testing Guidenazeer pasha
 
Cstp Certification Compare
Cstp Certification CompareCstp Certification Compare
Cstp Certification Comparenazeer pasha
 
Blackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test SeriesBlackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test Seriesnazeer pasha
 
Exploratory Testing
Exploratory TestingExploratory Testing
Exploratory Testingnazeer pasha
 
Chanakya Niti
Chanakya NitiChanakya Niti
Chanakya Nitinazeer pasha
 
Unit Testing
Unit TestingUnit Testing
Unit Testingnazeer pasha
 
Testing
TestingTesting
Testingnazeer pasha
 
Testing Types And Models
Testing Types And ModelsTesting Types And Models
Testing Types And Modelsnazeer pasha
 
Swtesting
SwtestingSwtesting
Swtestingnazeer pasha
 
Testing Framework
Testing FrameworkTesting Framework
Testing Frameworknazeer pasha
 
Testing
TestingTesting
Testingnazeer pasha
 
Swe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based TestingSwe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based Testingnazeer pasha
 
Softwaretesting
SoftwaretestingSoftwaretesting
Softwaretestingnazeer pasha
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 

More Related Content

More from nazeer pasha

Testing Types Presentation
Testing Types PresentationTesting Types Presentation
Testing Types Presentationnazeer pasha
 
Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1nazeer pasha
 
Teaching Testing Qw%202001
Teaching Testing Qw%202001Teaching Testing Qw%202001
Teaching Testing Qw%202001nazeer pasha
 
Software Testing Guide
Software Testing GuideSoftware Testing Guide
Software Testing Guidenazeer pasha
 
Cstp Certification Compare
Cstp Certification CompareCstp Certification Compare
Cstp Certification Comparenazeer pasha
 
Blackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test SeriesBlackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test Seriesnazeer pasha
 
Exploratory Testing
Exploratory TestingExploratory Testing
Exploratory Testingnazeer pasha
 
Testing Types And Models
Testing Types And ModelsTesting Types And Models
Testing Types And Modelsnazeer pasha
 
Swe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based TestingSwe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based Testingnazeer pasha
 

More from nazeer pasha (20)

Testing Types Presentation
Testing Types PresentationTesting Types Presentation
Testing Types Presentation
 
Bug Advocacy
Bug AdvocacyBug Advocacy
Bug Advocacy
 
Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1Doe Taguchi Basic Manual1
Doe Taguchi Basic Manual1
 
Teaching Testing Qw%202001
Teaching Testing Qw%202001Teaching Testing Qw%202001
Teaching Testing Qw%202001
 
Orth Arrays
Orth ArraysOrth Arrays
Orth Arrays
 
Testing
TestingTesting
Testing
 
Tc Checklist
Tc ChecklistTc Checklist
Tc Checklist
 
Software Testing Guide
Software Testing GuideSoftware Testing Guide
Software Testing Guide
 
Cstp Certification Compare
Cstp Certification CompareCstp Certification Compare
Cstp Certification Compare
 
Blackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test SeriesBlackboxtesting 02 An Example Test Series
Blackboxtesting 02 An Example Test Series
 
Exploratory Testing
Exploratory TestingExploratory Testing
Exploratory Testing
 
Chanakya Niti
Chanakya NitiChanakya Niti
Chanakya Niti
 
Unit Testing
Unit TestingUnit Testing
Unit Testing
 
Testing
TestingTesting
Testing
 
Testing Types And Models
Testing Types And ModelsTesting Types And Models
Testing Types And Models
 
Swtesting
SwtestingSwtesting
Swtesting
 
Testing Framework
Testing FrameworkTesting Framework
Testing Framework
 
Testing
TestingTesting
Testing
 
Swe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based TestingSwe3643 2006 Decision Table Based Testing
Swe3643 2006 Decision Table Based Testing
 
Softwaretesting
SoftwaretestingSoftwaretesting
Softwaretesting
 

Recently uploaded

"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 

Recently uploaded (20)

"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 

Good Ppt On Risk

  • 1. GI-TAV 22 Bremen 17-Feb-2005 Page 1 Risk based testing How to choose what to test more and less by Hans Schaefer hans.schaefer@ieee.org - What is risk - Factors determining damage - Factors determining probability - A simple method to calculate risk - Risk management in test projects: Risks before, during and after the test Risk based testing © 2005 Hans Schaefer Slide no. 1 The duty of testing “It shall be the duty of managers to make decisions and the duty of engineers to make them informed ones.” Jukka Talvio, Development Manager, F-Secure Risk based testing © 2005 Hans Schaefer Slide no. 2 © Hans Schaefer, 2000
  • 2. GI-TAV 22 Bremen 17-Feb-2005 Page 2 Why this presentation Because testing is always under pressure Testing is the last thing done in a project (“caboose effect”) You must be able to cut down the least important things Risk based testing © 2005 Hans Schaefer Slide no. 3 Strategy Objective: Find the most important defects as early as possible at the lowest price No risk -> No test Business / user / client based decision Risk based testing © 2005 Hans Schaefer Slide no. 4 © Hans Schaefer, 2000
  • 3. GI-TAV 22 Bremen 17-Feb-2005 Page 3 What is risk? The product of the probability, that something negative, a failure, will happen, and the cost, (damage) of the consequences which will then happen. RISK Damage Probability of failure (cost of failure) Quality Usage frequency Damage / Use (failure rate / defect density) Risk:= You don’t know what will happen but you do know the probabilities Uncertainty = You don’t even know the probabilities. Risk based testing © 2005 Hans Schaefer Slide no. 5 Determining probability of failure Probability of failure Quality Functional volume (failure rate / defect density) (how much is “in there”) Probability = defect density / volume Risk based testing © 2005 Hans Schaefer Slide no. 6 © Hans Schaefer, 2000
  • 4. GI-TAV 22 Bremen 17-Feb-2005 Page 4 Risk definition • Damage – Catastrophic: Loss of lives, loss of license – Financial, loss of (faith of) clients, damage to corporate identity – Impact on other functions or systems – Detection and repair time • Probability of failure – Globally = complexity / (estimated) size – In detail = knowledge of development project (just before testing) • Risk = Damage * Probability R( f ) = P( f ) * C ( f ) Risk based testing © 2005 Hans Schaefer Slide no. 7 Risk analysis • Applicable on the level of – system – subsystem – individual function or module (e.g. insert new entry into phone database) • Fundamental problems: – Difficult to measure – Failure to account for risk compensation (people compensate for greater safety by taking more risks) Risk based testing © 2005 Hans Schaefer Slide no. 8 © Hans Schaefer, 2000
  • 5. GI-TAV 22 Bremen 17-Feb-2005 Page 5 Risk analysis • Risk analysis should lead to a limited number of classes of approximately equal risks (3-5) • Quality characteristics: What is the probability that failures will happen and the damage for – functional defects – bad performance ISO/IEC Std 9126 as checklist – bad usability – low maintainability – ... Risk based testing © 2005 Hans Schaefer Slide no. 9 Risk based Test - Practice Before the Test: Identify what is critical Test identifies areas with lots of detects “Top-20” 1 2 Extra Testing: - Extra Test by product specialist - automated regression test - ... 3 Risk based testing © 2005 Hans Schaefer Slide no. 10 © Hans Schaefer, 2000
  • 6. GI-TAV 22 Bremen 17-Feb-2005 Page 6 Prioritization for the first test Risk based testing © 2005 Hans Schaefer Slide no. 11 Product Risks: What to think about Damage factors: • Which functions and attributes are critical? – (essential for the business success to reduce the business risk). • How visible is a problem in a function or attribute? (for customers, users, people outside) • How often is a function used? • Can we do without? • Legal consequences Risk based testing © 2005 Hans Schaefer Slide no. 12 © Hans Schaefer, 2000
  • 7. GI-TAV 22 Bremen 17-Feb-2005 Page 7 Failure probability: What is (presumably) worst? – Complex areas – Time pressure – Changed areas – Areas which needed optimizing – Number of people involved – Areas with many defects before – Turnover – Geographical spread – New technology, solutions, – History of prior use methods – Local factors - New tools Risk based testing © 2005 Hans Schaefer Slide no. 13 Do not forget Can we test ONLY PART of the product? Other versions later? Risk based testing © 2005 Hans Schaefer Slide no. 14 © Hans Schaefer, 2000
  • 8. GI-TAV 22 Bremen 17-Feb-2005 Page 8 How to calculate priority of risk areas? Assign weights to the chosen factors. (1 - 3 - 10) Assign points to every area and factor (1 - 2 - 3 - 4 - 5) Calculate the weighted sum (damage * probability). The spreadsheet does not contain the “surprise” factor, but that can be added. Spreadsheet Download: http://home.c2i.net/schaefer/testing/riskcalc.hqx Risk based testing © 2005 Hans Schaefer Slide no. 15 Example Damage Probability Area to test Usage Visibility Complexity Geography Turnover SUM frequency Weight 3 10 3 1 3 1125 Function A 5 3 2 4 5 1530 Function A 5 3 5 4 5 performanc e Function B 2 1 2 2 5 368 FB 1 1 4 2 5 377 usability 572 Function C 4 4 3 2 0 Function D 5 0 4 1 1 240 Risk based testing © 2005 Hans Schaefer Slide no. 16 © Hans Schaefer, 2000
  • 9. GI-TAV 22 Bremen 17-Feb-2005 Page 9 What is the formula? Risk = Damage * Probability Damage = (Weight for impact factor 1 * value for this factor + Weight for impact factor 2 * value for this factor + + + Weight for impact factor n * value for this factor ) Probability = (Weight for probability factor 1 * value for this factor + Weight for probability factor 2 * value for this factor + + + Weight for probability factor n * value for this factor ) Risk based testing © 2005 Hans Schaefer Slide no. 17 The mathematics behind it It works well enough. We may actually be on a logarithmic scale (humans assigning points do so), which means we should ADD instead of MULTIPLY. The highest weighted sums -> thorough testing Middle weighted sums -> ordinary testing Low weighted sums -> light testing Make sure you use your head! Analyze unexpected results! Risk based testing © 2005 Hans Schaefer Slide no. 18 © Hans Schaefer, 2000
  • 10. GI-TAV 22 Bremen 17-Feb-2005 Page 10 Selecting test techniques Example Reliability 30 State trans test Boundary value, branch coverage Usability 40 Paper review, Usability lab Efficiency 10 No test Flexibility 20 Design review (maintain) Monitoring of repairs Risk based testing © 2005 Hans Schaefer Slide no. 19 What to do if you do not know anything about the product? Run a test. Prioritize roughly by risk. First a breadth test (”smoke test”), everything a little, risky items more. (Explore the product). Then prioritize a more thorough test for the second test cycle. Risk based testing © 2005 Hans Schaefer Slide no. 20 © Hans Schaefer, 2000
  • 11. GI-TAV 22 Bremen 17-Feb-2005 Page 11 Another risk based approach: Project risks for the Tester Risks BEFORE Test Risks DURING Test Risks AFTER Test Risk based testing © 2005 Hans Schaefer Slide no. 21 Risks BEFORE Testing Bad Quality Many faults overlooked Blocking faults Too many new versions -> Requirements to, and follow up of quality assurance before test Delays -> Alternative plans Lack of knowledge -> Test of earlier versions Risk based testing © 2005 Hans Schaefer Slide no. 22 © Hans Schaefer, 2000
  • 12. GI-TAV 22 Bremen 17-Feb-2005 Page 12 Risks AFTER Testing THESE SHOULD NOT HAPPEN… Customer finds faults. Customer uses the product in new ways. Analysis of necessary reliability! Risk based testing © 2005 Hans Schaefer Slide no. 23 Risks in the Test project itself Bad management Lack of qualification Too few or the wrong people, too late Bad coordination Bad cooperation Problems with equipment and tools Medicine: Normal good project management. Risk based testing © 2005 Hans Schaefer Slide no. 24 © Hans Schaefer, 2000
  • 13. GI-TAV 22 Bremen 17-Feb-2005 Page 13 How to make testing cheaper? Good people save time and money Good Prioritization Try to get rid of part of the task... Risk based testing © 2005 Hans Schaefer Slide no. 25 Getting rid of work Get someone else to pay for it or cut it out completely! – Who pays for unit testing? – What about test entry criteria? – Less documentation - more exploratory test Cutting installation cost - strategies for defect repair – When to correct a defect, when not? – Rule 1: Repair only defects causing important failures! – Rule 2: Change requests to next release! – Rule 3: Install corrections in groups! – Rule 4: Daily build! Less Test, should the customers pay ???? Risk based testing © 2005 Hans Schaefer Slide no. 26 © Hans Schaefer, 2000
  • 14. GI-TAV 22 Bremen 17-Feb-2005 Page 14 Test reporting, risks and benefits addresses Testing Risks demonstrates n e at re informs about th Project Benefits status Risk based testing © 2005 Hans Schaefer Slide no. 27 Risk-based reporting Planned today end star t Residual Risks all risks ‘open’ at the start residual risks of releasing TODAY Progress through the test plan Risk based testing © 2005 Hans Schaefer Slide no. 28 © Hans Schaefer, 2000
  • 15. GI-TAV 22 Bremen 17-Feb-2005 Page 15 References IEEE Standard 1044-2002: Standard Classification for Software Anomalies IEEE Standard 1044.1-2002: Guide to Classification for Software Anomalies Soon to come: IEEE Std. 16085 Standard for Software Engineering - Software Life Cycle Processes - Risk Management -You find them at sales@ieee.org Rex Black, Managing the Testing Process, John Wiley, 2002. (includes CD with a test priority spreadsheet) Hall, Payson: A Calculated Gamble. In STQE Magazine No 1 +2 / 2003. • Stamatis, D.H., Failure Mode and Effect Analysis: FMEA from Theory to Execution, ASQ Quality Press, 2003, ISBN 0-873-895983. Schaefer, Hans: „Strategies for Prioritizing Test“, STAR WEST 1998. http://home.c2i.net/schaefer/testing/risktest.doc James Bach, Risk Based Testing, STQEMagazine, Vol1, No. 6, www.stqemagazine.com/featured.asp?stamp=1129125440 Felix Redmill in „Professional Tester“, April 2003. www.professional-tester.com Tom DeMarco and Tim Lister, quot;Waltzing with Bears: Managing Risk on Software Projects”, 2003. Leveson, N. G. (1995). Safeware: System Safety and Computers. Reading, Massachusetts: Addison Wesley. Risk based testing © 2005 Hans Schaefer Slide no. 29 Thank you for listening Questions? Risk based testing © 2005 Hans Schaefer Slide no. 30 © Hans Schaefer, 2000