In this chapter, I introduce a powerful technique for targeting your test efforts. I call this technique quality risk analysis. I’m going to show you three approaches for quality risk analysis: one informal, one based on an industry-standard software requirements structuring practice, and the third based on a quality management system.
I use quality risk analysis to guide the project team through finding specific quality risks (groups of similar potential bugs) that live within the quality risk categories you met in the last chapter. Once those risks are discovered, the team assigns levels of priority to each quality risk based on likelihood and impact. These levels of priority serve to focus the testing effort. We should spend a lot of testing effort where the risk level is highest, less where it’s a bit lower, even less where it’s lower still, and ultimately, little if any effort where the risk is marginal.
Let’s see how, starting with an overview of the quality risk analysis process and its goals.
Don’t be mystified by the phrase “quality risk analysis.” It’s a simple concept: Test where the odds favor the highest benefit. Finding likely bugs is beneficial. Finding dangerous bugs is beneficial. The more likely or dangerous any particular group of potential bugs is, the more time and money you should invest in looking for them. Quality risk analysis makes testing a form of risk management.
Where do you ...