Information Technology Reference
In-Depth Information
Use risk analysis to determine where testing should be focused. Because it is
rarely possible to test every possible aspect of an application, every possible combi-
nation of events, every dependency, or everything that could go wrong, risk analysis
is appropriate to most software development projects. This requires judgment skills,
common sense, and experience. Considerations can include the following:
◾
Which functionality is most visible to the user?
Which functionality is most important to the project's intended purpose?
◾
◾
Which functionality has the largest financial impact on users?
Which functionality has the largest security impact?
◾
◾
Which aspects of the application can be tested early in the development cycle?
Which aspects of the application are most important to the end users?
◾
◾
Which parts of the application were developed in rush or panic mode?
Which parts of the code are most complex, and thus most subject to errors?
◾
◾
Which aspects of similar/related previous projects had large maintenance
Which aspects of similar/related previous projects caused problems?
◾
expenses?
Which parts of the requirements and design are unclear or poorly thought-out?
◾
◾
What kinds of problems would cause the worst publicity?
What do the developers think are the highest-risk aspects of the application?
◾
◾
What kinds of tests could easily cover multiple functionalities?
What kinds of problems would cause the most customer service complaints?
◾
◾
Which tests will have the best high-risk-coverage-to-time-required ratio?
..2
Risks Related to the Application Being Tested
◾
Complex—Anything disproportionately large, intricate, or convoluted
◾
Changed—Anything that has been tampered with or “improved”
New—Anything that has no history in the product
◾
◾
in the rest of the system
Downstream dependency—Anything that is especially sensitive to failures in
Upstream dependency—Anything whose failure will cause cascading failure
◾
the rest of the system
Critical—Anything whose failure could cause substantial damage
◾
Precise—Anything that must meet its requirements exactly
◾
◾
Strategic—Anything that has special importance to your business, such as a
Popular—Anything that will be used a lot
◾
feature that sets you apart from the competition
Third-party—Anything used in the product but developed outside the project
◾
◾
work together
Defective—Anything known to have a lot of problems
Distributed—Anything spread out in time or space, yet whose elements must
◾
Recent failure—Anything with a recent history of failure
◾
