Appendix G: Risk Analysis, FMEA, and Brainstorming

Throughout much of this book, I have talked about risks, risk identification, and using risk in testing. This appendix gives some basic risk analysis concepts. Risk analysis is a big subject with many books and classes [1,2]. I wanted to give you enough points and information to get you started, but you must understand risk associated with your product and then adapt risk analysis for each attack.

The software and systems engineering vocabulary (SEVOCAB) [3] defines risk as

(1) an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives (A Guide to the Project Management Body of Knowledge (PMBOK(R) Guide)—Fourth Edition) (2) combination ...

Get Software Test Attacks to Break Mobile and Embedded Devices now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.