Johan Hoberg, profile picture
Uploaded byJohan Hoberg
PPTX, PDF4,928 views

Risk-based Testing

The document discusses the challenges of implementing risk-based testing for complex software systems. It explains that while risk-based testing aims to prioritize tests based on risk, determining the appropriate test scope for changes in a complex system with many configurations and dependencies is difficult. The key challenges identified are understanding the system dependencies, collecting relevant data over time to learn how changes impact the system, and ensuring tests and manual exploratory testing sessions adequately capture this information. While risk analysis, automated testing frameworks, and exploratory testing can help guide scope selection, it remains a complex problem with no simple solution.

Embed presentation

Downloaded 207 times
Risk-based Testing The Devil is in the Details 1 2013-09-27 PA1 Confidential
Introduction • Johan Hoberg • Sony Mobile ▫ ~10 years ▫ Tester, Test Team Leader, Test Architect • This is a presentation of my experiences of risk-based testing 2 2013-09-27 PA1 Confidential
Definition • Risk-based testing (RBT) is a type of software testing that prioritizes the tests of features and functions based on the risk of their failure - a function of their importance and likelihood or impact of failure. (http://en.wikipedia.org/wiki/Risk-based_testing) 3 2013-09-27 PA1 Confidential
The Devil is in the Details • Refers to a catch or mysterious element hidden in the details • Derives from “God is in the Details” ▫ Generally attributed to Gustave Flaubert (1821–1880) • It is easy to ask for efficient, risk-based testing • It is much more difficult to actually do it well 4 2013-09-27 PA1 Confidential
System Under Test Configuration 1 Configuration 2 Android Gingerbread Generic Configuration 3 Android Gingerbread Customer A Android Gingerbread Customer B Android Jellybean Generic Product X Product Y Android Jellybean Customer A Android Jellybean Customer B 5 2013-09-27 PA1 Confidential
System Under Test 6 2013-09-27 PA1 Confidential
Changes in the System • There is a change introduced somewhere in the system • Could be a bug fix, a change request, a new feature, refactoring, etc. 7 2013-09-27 PA1 Confidential
Scope Selection • Do you run every available test on every possible configuration of the system and verify all interoperability? • A smart scope is necessary to make it containable • We must be able to reuse test results between products, configuration, and branches 8 2013-09-27 PA1 Confidential
Scope Selection based on Risk Change Introduced 9 2013-09-27 PA1 System Impact Risk-based Scope Confidential
Complex vs. Complicated • Complicated ▫ Opposite of simple ▫ Containing intricately combined or involved parts • Complex ▫ Opposite of predictable? ▫ This adjective means having parts so interconnected as to make the whole perplexing 10 2013-09-27 PA1 Confidential
Complex System • A complex system is difficult to predict • It is therefore difficult to plan which actions to take to mitigate different outcomes • It is difficult to plan which tests to run to cover all potentially relevant defects 11 2013-09-27 PA1 Confidential
Reduce Complexity Reduce Complex System complexity Very difficult! Scope Selection Change 12 2013-09-27 PA1 Confidential
Example • A change is introduced into the Display Driver component – What do I need to test? ▫ Camera? ▫ Interoperability with TV and similar devices? ▫ Multimedia  View pictures, video etc.? ▫ All UI testing? ▫ Other parts of the system? 13 2013-09-27 PA1 Confidential
Reduce Complexity • Risk Analysis • Automated Test Framework • Early Exploratory Testing 14 2013-09-27 PA1 Confidential
Risk Analysis – Input Data Feature & Hardware Delta Historical Data Code Changes System Dependencies & Architecture 15 2013-09-27 PA1 •Easy to obtain •Might give us an indication on where to start looking, but can often give false confidence in scope selection, especially when it comes to E2E system test •Hard to obtain Confidential
Risk Analysis – Risk Model Risk Identification Probability Severity (S) Occurrence (O) Detection (D) 16 2013-09-27 PA1 Consequence Mitigation Plan Risk Priority Number (RPN) = S*O*D Confidential
Risk Analysis - Complex vs. Complicated Risk analysis of whole system is complex 17 2013-09-27 PA1 Risk analysis of sufficiently small part is more complicated than complex Confidential
Risk Analysis Database • If each function performs risk analysis on their components and enters risks in a database this information could be used on system level to get better understanding of impact of specific changes • Requires a uniform way of handing risk information 18 2013-09-27 PA1 Confidential
Problems? • We can get a lot of data that will help us select a scope – but ultimately we will introduce a lot of risk if we do not know how the system is designed, and how different components depend on each other • To get a complete dependency map of the whole system requires not only a good risk-handling infrastructure, but a common effort from a lot of people 19 2013-09-27 PA1 Confidential
Dependency Map Example Application Application Application Application Framework Application Application Application Framework Library Driver 20 2013-09-27 PA1 Confidential
Automated Test Framework Change + Basic Risk Analysis Automated Test Execution 21 Scope Setting Test Results Analysis 2013-09-27 PA1 Test Execution Confidential
Automated Test Framework Change Automated Tests Executed Better understanding of System Dependencies 22 2013-09-27 PA1 Failed Tests Investigated Change in component mapped towards failed tests in other components Confidential
Self-learning System • Over time you will have more and more information about how different changes impact the system • Map code changes to failed tests • This impact map can further help you set an efficient scope 23 2013-09-27 PA1 Confidential
Continuous Integration • The more code changes we have and the more isolated these code changes are, the easier it is to create the impact map • If you only have one integration per month, with thousands of lines of code changed in different parts of the system, it will be difficult to draw conclusions 24 2013-09-27 PA1 Confidential
Problems? • The information value you receive is dependant on how good the tests are • Dependency graph grows over time – in the beginning there is very little data 25 2013-09-27 PA1 Confidential
Early Exploratory Testing Change + Basic Risk Analysis Exploratory Testing 26 Scope Setting Test Results Analysis 2013-09-27 PA1 Test Execution Confidential
Codifying Experience • How do you transfer the knowledge gained from one tester to the other? • The understanding about impact and dependencies we gain from performing exploratory testing must be stored in a way which makes it accessible to other testers for their risk-based scope selections 27 2013-09-27 PA1 Confidential
Manual Dependency Map • After each exploratory session it is possible to add information to a dependency map, where you indicate which changes were made, and what impact those changes had • It needs to be done in a way which is quick and easy, otherwise it will not be done at all 28 2013-09-27 PA1 Confidential
Problems? • Additional time might be needed before testers get experience with the new process • It will be more difficult to time plan activity before early exploratory testing is done – this can cause problems with test/project leaders and managers • It requires skilled testers 29 2013-09-27 PA1 Confidential
Final thoughts • Every risk-based scope introduces risk – our goal is to eliminate any unnecessary risk • Without skilled testers to write good automated tests or perform exploratory testing it becomes very difficult without a very intricate risk/impact framework 30 2013-09-27 PA1 Confidential
Conclusion • It is very difficult to perform riskbased testing for a large, complex system • It is very easy to ask someone else to reduce their test scope by introducing risk-based testing 31 2013-09-27 PA1 Confidential
Contact • Email ▫ johan.hoberg@outlook.com • Slideshare ▫ www.slideshare.net/JohanHoberg 32 2013-09-27 PA1 Confidential

More Related Content

PPTX
Introduction to software testing
byHadi Fadlallah
 
PPTX
Software testing life cycle
byGaruda Trainings
 
PDF
Fundamentals of Risk-based Testing
byTechWell
 
PPTX
risk based testing and regression testing
byToshi Patel
 
PPT
Difference between functional testing and non functional testing
bypooja deshmukh
 
PDF
Risk based testing a new case study
byBassam Al-Khatib
 
PDF
Test plan
byNadia Nahar
 
PDF
Fundamentals of Software Testing
bySagar Joshi
 
Introduction to software testing
byHadi Fadlallah
 
Software testing life cycle
byGaruda Trainings
 
Fundamentals of Risk-based Testing
byTechWell
 
risk based testing and regression testing
byToshi Patel
 
Difference between functional testing and non functional testing
bypooja deshmukh
 
Risk based testing a new case study
byBassam Al-Khatib
 
Test plan
byNadia Nahar
 
Fundamentals of Software Testing
bySagar Joshi
 

What's hot

PPTX
Istqb foundation level day 1
byShuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
PDF
Software Testing Metrics
byVladimir Arutin
 
PDF
Smoke Testing
byKanoah
 
PPTX
Software testing.ppt
byKomal Garg
 
PPTX
Getting Ready for UAT
byProject Management Solutions
 
PPT
Testing Metrics
byPM Venkatesha Babu
 
PDF
Software testing
byOmar Al-Bokari
 
ODP
Presentation on Agile Testing
by1Solutions
 
PPTX
An Overview of User Acceptance Testing (UAT)
byUsersnap
 
PDF
Test cases
byChandra Maddigapu
 
PPT
Code coverage
byReturn on Intelligence
 
PPTX
Risk based testing and random testing
byHimanshu
 
PPTX
What is Ad-Hoc Testing
byExforsys Inc
 
PPTX
Software testing
byKunal Prajapati
 
PDF
ISTQB Foundation Level Basic
byErol Selitektay
 
PDF
Black Box Testing
byTestbytes
 
PPS
Test Process
bytokarthik
 
PPT
Non Functional Testing
byNishant Worah
 
DOC
Manual testing interview question by INFOTECH
byPravinsinh
 
PPTX
Acceptance testing
byCOEPD HR
 
Istqb foundation level day 1
byShuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
Software Testing Metrics
byVladimir Arutin
 
Smoke Testing
byKanoah
 
Software testing.ppt
byKomal Garg
 
Getting Ready for UAT
byProject Management Solutions
 
Testing Metrics
byPM Venkatesha Babu
 
Software testing
byOmar Al-Bokari
 
Presentation on Agile Testing
by1Solutions
 
An Overview of User Acceptance Testing (UAT)
byUsersnap
 
Test cases
byChandra Maddigapu
 
Code coverage
byReturn on Intelligence
 
Risk based testing and random testing
byHimanshu
 
What is Ad-Hoc Testing
byExforsys Inc
 
Software testing
byKunal Prajapati
 
ISTQB Foundation Level Basic
byErol Selitektay
 
Black Box Testing
byTestbytes
 
Test Process
bytokarthik
 
Non Functional Testing
byNishant Worah
 
Manual testing interview question by INFOTECH
byPravinsinh
 
Acceptance testing
byCOEPD HR
 

Viewers also liked

PPT
Practical Application Of Risk Based Testing Methods
byReuben Korngold
 
PPTX
Put Risk Based Testing in place right now!
bySQALab
 
PPTX
Requirements Driven Risk Based Testing
byJeff Findlay
 
PDF
[HCMC STC Jan 2015] Risk-Based Software Testing Approaches
byHo Chi Minh City Software Testing Club
 
PDF
Good Ppt On Risk
bynazeer pasha
 
PPT
Risks of Risk-Based Testing
byrrice2000
 
PPTX
How to deal with bad requirements of software
byBugRaptors
 
PDF
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
byQA or the Highway
 
PDF
What to do with the problems you cannot solve?
bySQALab
 
PDF
Forget Quality!
bySQALab
 
PDF
Methods for Validating and Testing Software Requirements (lecture slides)
byDagmar Monett
 
PDF
Software Testing without Requirements: Survival Guide
byOleksandr Lutsaievskyi
 
PPTX
A New Model for Testing
bySQALab
 
PPT
Risk factors
byNeil Pande
 
PDF
Mixtures & Solutions PPT
bysammenheuser
 
PPSX
Risk-Based Testing - Designing & managing the test process (2002)
byNeil Thompson
 
PDF
Example requirements specification
byindrisrozas
 
PPT
Regression analysis ppt
byElkana Rorio
 
PDF
Implementation of Risk-Based Approach for Quality & Cost Optimization
bySonata Software
 
PPT
Software Testing Fundamentals
byChankey Pathak
 
Practical Application Of Risk Based Testing Methods
byReuben Korngold
 
Put Risk Based Testing in place right now!
bySQALab
 
Requirements Driven Risk Based Testing
byJeff Findlay
 
[HCMC STC Jan 2015] Risk-Based Software Testing Approaches
byHo Chi Minh City Software Testing Club
 
Good Ppt On Risk
bynazeer pasha
 
Risks of Risk-Based Testing
byrrice2000
 
How to deal with bad requirements of software
byBugRaptors
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
byQA or the Highway
 
What to do with the problems you cannot solve?
bySQALab
 
Forget Quality!
bySQALab
 
Methods for Validating and Testing Software Requirements (lecture slides)
byDagmar Monett
 
Software Testing without Requirements: Survival Guide
byOleksandr Lutsaievskyi
 
A New Model for Testing
bySQALab
 
Risk factors
byNeil Pande
 
Mixtures & Solutions PPT
bysammenheuser
 
Risk-Based Testing - Designing & managing the test process (2002)
byNeil Thompson
 
Example requirements specification
byindrisrozas
 
Regression analysis ppt
byElkana Rorio
 
Implementation of Risk-Based Approach for Quality & Cost Optimization
bySonata Software
 
Software Testing Fundamentals
byChankey Pathak
 

Similar to Risk-based Testing

PPTX
Hoberg's test octagon
byJohan Hoberg
 
PDF
Security Testing for Test Professionals
byTechWell
 
PDF
Security Testing for Testing Professionals
byTechWell
 
DOCX
Security testing activities
byDharmdev Maurya
 
PDF
Security Testing for Test Professionals
byTechWell
 
PPTX
Testing vs. checking rephrased
byJohan Hoberg
 
PDF
shaabani-Final-NC
byMahdi Shabani
 
PDF
Security Testing for Testing Professionals
byTechWell
 
PPT
Testing 1 - the Basics
byArleneAndrews2
 
PPTX
Testing Mobile Applications
byJohan Hoberg
 
PDF
Exploratory Testing Is Now in Session
byTechWell
 
PPT
Design testabilty
byRichard Neeve
 
PDF
Security Testing for Test Professionals
byTechWell
 
PDF
20050314 specification based regression test selection with risk analysis
byWill Shen
 
PPTX
Test Plan Simplicity
byJohan Hoberg
 
PDF
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
byTEST Huddle
 
PPT
Stc 2015 regional-round-ppt-exlopratory mobile testing with risk analysis
byArchana Krushnan
 
PDF
Add More Security To Your Testing and Automating - Saucecon 2021
byAlan Richardson
 
PDF
Security Testing for Testing Professionals
byTechWell
 
PDF
ISTQB CTAL - Test Analyst
bySamer Desouky
 
Hoberg's test octagon
byJohan Hoberg
 
Security Testing for Test Professionals
byTechWell
 
Security Testing for Testing Professionals
byTechWell
 
Security testing activities
byDharmdev Maurya
 
Security Testing for Test Professionals
byTechWell
 
Testing vs. checking rephrased
byJohan Hoberg
 
shaabani-Final-NC
byMahdi Shabani
 
Security Testing for Testing Professionals
byTechWell
 
Testing 1 - the Basics
byArleneAndrews2
 
Testing Mobile Applications
byJohan Hoberg
 
Exploratory Testing Is Now in Session
byTechWell
 
Design testabilty
byRichard Neeve
 
Security Testing for Test Professionals
byTechWell
 
20050314 specification based regression test selection with risk analysis
byWill Shen
 
Test Plan Simplicity
byJohan Hoberg
 
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
byTEST Huddle
 
Stc 2015 regional-round-ppt-exlopratory mobile testing with risk analysis
byArchana Krushnan
 
Add More Security To Your Testing and Automating - Saucecon 2021
byAlan Richardson
 
Security Testing for Testing Professionals
byTechWell
 
ISTQB CTAL - Test Analyst
bySamer Desouky
 

More from Johan Hoberg

PDF
Quality Intelligence Feedback Loop - A QI Concept
byJohan Hoberg
 
PDF
Purpose-Driven Quality Intelligence - A QI Concept
byJohan Hoberg
 
PDF
Quality Intelligence - or why AI won't replace testers anytime soon
byJohan Hoberg
 
PDF
Deep Testing, Deep Work - How and when we should enable deep work for testers
byJohan Hoberg
 
PDF
Turning Quality Information into Quality Intelligence - A QI Concept
byJohan Hoberg
 
PDF
Quality Intelligence, Documentation & AI
byJohan Hoberg
 
PDF
How Trust Impacts Quality and Efficiency in Games Development
byJohan Hoberg
 
PDF
7 Quality Pillars of Mobile Game Development
byJohan Hoberg
 
PDF
Approaches to unraveling a complex test problem
byJohan Hoberg
 
PDF
A business case for a modern QA organization
byJohan Hoberg
 
PDF
Signing off on Quality
byJohan Hoberg
 
PDF
Quality Information Coverage - A QI Concept
byJohan Hoberg
 
PDF
The Bug Backlog - An Evergrowing Mountain
byJohan Hoberg
 
PDF
Quality Intelligence: Transparency & Visibility
byJohan Hoberg
 
PDF
Building a QA Mindset
byJohan Hoberg
 
PPTX
What is QI?
byJohan Hoberg
 
PDF
Building High Quality Software
byJohan Hoberg
 
PPTX
Testit 2017 - Exploratory Testing for Everyone
byJohan Hoberg
 
DOCX
Don’t celebrate failure. Don’t celebrate success. Celebrate commitment, owner...
byJohan Hoberg
 
DOCX
Moving from scripted regression testing to exploratory testing
byJohan Hoberg
 
Quality Intelligence Feedback Loop - A QI Concept
byJohan Hoberg
 
Purpose-Driven Quality Intelligence - A QI Concept
byJohan Hoberg
 
Quality Intelligence - or why AI won't replace testers anytime soon
byJohan Hoberg
 
Deep Testing, Deep Work - How and when we should enable deep work for testers
byJohan Hoberg
 
Turning Quality Information into Quality Intelligence - A QI Concept
byJohan Hoberg
 
Quality Intelligence, Documentation & AI
byJohan Hoberg
 
How Trust Impacts Quality and Efficiency in Games Development
byJohan Hoberg
 
7 Quality Pillars of Mobile Game Development
byJohan Hoberg
 
Approaches to unraveling a complex test problem
byJohan Hoberg
 
A business case for a modern QA organization
byJohan Hoberg
 
Signing off on Quality
byJohan Hoberg
 
Quality Information Coverage - A QI Concept
byJohan Hoberg
 
The Bug Backlog - An Evergrowing Mountain
byJohan Hoberg
 
Quality Intelligence: Transparency & Visibility
byJohan Hoberg
 
Building a QA Mindset
byJohan Hoberg
 
What is QI?
byJohan Hoberg
 
Building High Quality Software
byJohan Hoberg
 
Testit 2017 - Exploratory Testing for Everyone
byJohan Hoberg
 
Don’t celebrate failure. Don’t celebrate success. Celebrate commitment, owner...
byJohan Hoberg
 
Moving from scripted regression testing to exploratory testing
byJohan Hoberg
 

Recently uploaded

PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
The year in review - MarvelClient in 2025
bypanagenda
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
AI Technology important knowledge ......
byutkarshj2007
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 

Risk-based Testing

  • 1.
    Risk-based Testing The Devilis in the Details 1 2013-09-27 PA1 Confidential
  • 2.
    Introduction • Johan Hoberg •Sony Mobile ▫ ~10 years ▫ Tester, Test Team Leader, Test Architect • This is a presentation of my experiences of risk-based testing 2 2013-09-27 PA1 Confidential
  • 3.
    Definition • Risk-based testing(RBT) is a type of software testing that prioritizes the tests of features and functions based on the risk of their failure - a function of their importance and likelihood or impact of failure. (http://en.wikipedia.org/wiki/Risk-based_testing) 3 2013-09-27 PA1 Confidential
  • 4.
    The Devil isin the Details • Refers to a catch or mysterious element hidden in the details • Derives from “God is in the Details” ▫ Generally attributed to Gustave Flaubert (1821–1880) • It is easy to ask for efficient, risk-based testing • It is much more difficult to actually do it well 4 2013-09-27 PA1 Confidential
  • 5.
    System Under Test Configuration1 Configuration 2 Android Gingerbread Generic Configuration 3 Android Gingerbread Customer A Android Gingerbread Customer B Android Jellybean Generic Product X Product Y Android Jellybean Customer A Android Jellybean Customer B 5 2013-09-27 PA1 Confidential
  • 6.
  • 7.
    Changes in theSystem • There is a change introduced somewhere in the system • Could be a bug fix, a change request, a new feature, refactoring, etc. 7 2013-09-27 PA1 Confidential
  • 8.
    Scope Selection • Doyou run every available test on every possible configuration of the system and verify all interoperability? • A smart scope is necessary to make it containable • We must be able to reuse test results between products, configuration, and branches 8 2013-09-27 PA1 Confidential
  • 9.
    Scope Selection basedon Risk Change Introduced 9 2013-09-27 PA1 System Impact Risk-based Scope Confidential
  • 10.
    Complex vs. Complicated •Complicated ▫ Opposite of simple ▫ Containing intricately combined or involved parts • Complex ▫ Opposite of predictable? ▫ This adjective means having parts so interconnected as to make the whole perplexing 10 2013-09-27 PA1 Confidential
  • 11.
    Complex System • Acomplex system is difficult to predict • It is therefore difficult to plan which actions to take to mitigate different outcomes • It is difficult to plan which tests to run to cover all potentially relevant defects 11 2013-09-27 PA1 Confidential
  • 12.
    Reduce Complexity Reduce Complex System complexity Verydifficult! Scope Selection Change 12 2013-09-27 PA1 Confidential
  • 13.
    Example • A changeis introduced into the Display Driver component – What do I need to test? ▫ Camera? ▫ Interoperability with TV and similar devices? ▫ Multimedia  View pictures, video etc.? ▫ All UI testing? ▫ Other parts of the system? 13 2013-09-27 PA1 Confidential
  • 14.
    Reduce Complexity • RiskAnalysis • Automated Test Framework • Early Exploratory Testing 14 2013-09-27 PA1 Confidential
  • 15.
    Risk Analysis –Input Data Feature & Hardware Delta Historical Data Code Changes System Dependencies & Architecture 15 2013-09-27 PA1 •Easy to obtain •Might give us an indication on where to start looking, but can often give false confidence in scope selection, especially when it comes to E2E system test •Hard to obtain Confidential
  • 16.
    Risk Analysis –Risk Model Risk Identification Probability Severity (S) Occurrence (O) Detection (D) 16 2013-09-27 PA1 Consequence Mitigation Plan Risk Priority Number (RPN) = S*O*D Confidential
  • 17.
    Risk Analysis -Complex vs. Complicated Risk analysis of whole system is complex 17 2013-09-27 PA1 Risk analysis of sufficiently small part is more complicated than complex Confidential
  • 18.
    Risk Analysis Database •If each function performs risk analysis on their components and enters risks in a database this information could be used on system level to get better understanding of impact of specific changes • Requires a uniform way of handing risk information 18 2013-09-27 PA1 Confidential
  • 19.
    Problems? • We canget a lot of data that will help us select a scope – but ultimately we will introduce a lot of risk if we do not know how the system is designed, and how different components depend on each other • To get a complete dependency map of the whole system requires not only a good risk-handling infrastructure, but a common effort from a lot of people 19 2013-09-27 PA1 Confidential
  • 20.
  • 21.
    Automated Test Framework Change+ Basic Risk Analysis Automated Test Execution 21 Scope Setting Test Results Analysis 2013-09-27 PA1 Test Execution Confidential
  • 22.
    Automated Test Framework Change AutomatedTests Executed Better understanding of System Dependencies 22 2013-09-27 PA1 Failed Tests Investigated Change in component mapped towards failed tests in other components Confidential
  • 23.
    Self-learning System • Overtime you will have more and more information about how different changes impact the system • Map code changes to failed tests • This impact map can further help you set an efficient scope 23 2013-09-27 PA1 Confidential
  • 24.
    Continuous Integration • Themore code changes we have and the more isolated these code changes are, the easier it is to create the impact map • If you only have one integration per month, with thousands of lines of code changed in different parts of the system, it will be difficult to draw conclusions 24 2013-09-27 PA1 Confidential
  • 25.
    Problems? • The informationvalue you receive is dependant on how good the tests are • Dependency graph grows over time – in the beginning there is very little data 25 2013-09-27 PA1 Confidential
  • 26.
    Early Exploratory Testing Change+ Basic Risk Analysis Exploratory Testing 26 Scope Setting Test Results Analysis 2013-09-27 PA1 Test Execution Confidential
  • 27.
    Codifying Experience • Howdo you transfer the knowledge gained from one tester to the other? • The understanding about impact and dependencies we gain from performing exploratory testing must be stored in a way which makes it accessible to other testers for their risk-based scope selections 27 2013-09-27 PA1 Confidential
  • 28.
    Manual Dependency Map •After each exploratory session it is possible to add information to a dependency map, where you indicate which changes were made, and what impact those changes had • It needs to be done in a way which is quick and easy, otherwise it will not be done at all 28 2013-09-27 PA1 Confidential
  • 29.
    Problems? • Additional timemight be needed before testers get experience with the new process • It will be more difficult to time plan activity before early exploratory testing is done – this can cause problems with test/project leaders and managers • It requires skilled testers 29 2013-09-27 PA1 Confidential
  • 30.
    Final thoughts • Everyrisk-based scope introduces risk – our goal is to eliminate any unnecessary risk • Without skilled testers to write good automated tests or perform exploratory testing it becomes very difficult without a very intricate risk/impact framework 30 2013-09-27 PA1 Confidential
  • 31.
    Conclusion • It isvery difficult to perform riskbased testing for a large, complex system • It is very easy to ask someone else to reduce their test scope by introducing risk-based testing 31 2013-09-27 PA1 Confidential
  • 32.
    Contact • Email ▫ johan.hoberg@outlook.com •Slideshare ▫ www.slideshare.net/JohanHoberg 32 2013-09-27 PA1 Confidential