Appendix G: Risk Analysis, FMEA, and Brainstorming
Throughout much of this book, I have talked about risks, risk identification, and using risk in testing. This appendix gives some basic risk analysis concepts. Risk analysis is a big subject with many books and classes [1,2]. I wanted to give you enough points and information to get you started, but you must understand risk associated with your product and then adapt risk analysis for each attack.
The software and systems engineering vocabulary (SEVOCAB)  defines risk as
(1) an uncertain event or condition that, if it occurs, has a positive or negative effect on a projectâs objectives (A Guide to the Project Management Body of Knowledge (PMBOK(R) Guide)âFourth Edition) (2) combination ...