Skip to main content
SpringerLink
Log in
Book cover

International Conference on Software Quality

SWQD 2012: Software Quality. Process Automation in Software Development pp 159–180Cite as

Integrating Manual and Automatic Risk Assessment for Risk-Based Testing

  • Conference paper

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 94))

Abstract

In this paper we define a model-based risk assessment procedure that integrates automatic risk assessment by static analysis, semi-automatic risk assessment and guided manual risk assessment. In this process probability and impact criteria are determined by metrics which are combined to estimate the risk of specific system development artifacts. The risk values are propagated to the assigned test cases providing a prioritization of test cases. This supports to optimize the allocation of limited testing time and budget in a risk-based testing methodology. Therefore, we embed our risk assessment process into a generic risk-based testing methodology. The calculation of probability and impact metrics is based on system and requirements artifacts which are formalized as model elements. Additional time metrics consider the temporal development of the system under test and take for instance the bug and version history of the system into account. The risk assessment procedure integrates several stakeholders and is explained by a running example.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Merriam-Webster: Merriam-Webster Online Dictionary (2009), http://www.merriam-webster.com/dictionary/clear (accessed: July 12, 2011)

  2. Bach, J.: Troubleshooting risk-based testing. Software Testing and Quality Engineering 5(3), 28–33 (2003)

    Google Scholar 

  3. Ropponen, J., Lyytinen, K.: Components of software development risk: How to address them? a project manager survey. IEEE Transactions on Software Engineering 26(2), 98–112 (2000)

    Article  Google Scholar 

  4. Pfleeger, S.: Risky business: what we have yet to learn about risk management. Journal of Systems and Software 53(3), 265–273 (2000)

    Article  Google Scholar 

  5. Boehm, B.: A spiral model of software development and enhancement. Computer 21(5), 61–72 (1988)

    Article  Google Scholar 

  6. Kontio, J.: Risk management in software development: a technology overview and the riskit method. In: Proceedings of the 21st International Conference on Software Engineering, pp. 679–680. ACM (1999)

    Google Scholar 

  7. Karolak, D., Karolak, N.: Software Engineering Risk Management: A Just-in-Time Approach. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  8. Amland, S.: Risk-based testing: Risk analysis fundamentals and metrics for software testing including a financial application case study. Journal of Systems and Software 53(3), 287–295 (2000)

    Article  Google Scholar 

  9. Bach, J.: Heuristic risk-based testing. Software Testing and Quality Engineering Magazine 11, 99 (1999)

    Google Scholar 

  10. Carr, M., Konda, S., Monarch, I., Ulrich, F., Walker, C.: Taxonomy-based risk identification. Carnegie-Mellon University of Pittsburgh (1993)

    Google Scholar 

  11. Stallbaum, H., Metzger, A., Pohl, K.: An automated technique for risk-based test case generation and prioritization. In: Proceedings of the 3rd International Workshop on Automation of software Test. ACM (2008)

    Google Scholar 

  12. Stallbaum, H., Metzger, A.: Employing Requirements Metrics for Automating Early Risk Assessment. In: Proc. of MeReP 2007, Palma de Mallorca, Spain, pp. 1–12 (2007)

    Google Scholar 

  13. Lund, M.S., Solhaug, B., Stolen, K.: Model-driven Risk Analysis. Springer, Heidelberg (2011)

    Book  MATH  Google Scholar 

  14. Lee, W., Grosh, D., Tillman, F.: Fault tree analysis, methods, and applications - a review. IEEE Transactions on Reliability (1985)

    Google Scholar 

  15. Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Alexander, I.: Misuse cases: Use cases with hostile intent. IEEE Software 20(1), 58–66 (2003)

    Article  Google Scholar 

  17. Asnar, Y., Giorgini, P.: Modelling Risk and Identifying Countermeasure in Organizations. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 55–66. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. McCall, J., Richards, P.K., Walters, G.F.: Factors in software quality. Technical report, NTIS, Vol 1, 2 and 3 (1997)

    Google Scholar 

  19. Haimes, Y.Y.: Risk Modeling, Assessment, and Management. Wiley (2004)

    Google Scholar 

  20. Nagappan, N., Ball, T., Zeller, A.: Mining metrics to predict component failures. In: Proceedings of the 28th International Conference on Software Engineering. ACM (2006)

    Google Scholar 

  21. Illes-Seifert, T., Paech, B.: Exploring the relationship of a file’s history and its fault-proneness: An empirical method and its application to open source programs. Information and Software Technology 52(5) (2010)

    Google Scholar 

  22. McCabe, T.: A complexity measure. IEEE Transactions on software Engineering, 308–320 (1976)

    Google Scholar 

  23. Jiang, Y., Cuki, B., Menzies, T., Bartlow, N.: Comparing design and code metrics for software quality prediction. In: Proceedings of the 4th International Workshop on Predictor Models in Software Engineering, pp. 11–18. ACM (2008)

    Google Scholar 

  24. NIST: National Vulnerability Database, http://nvd.nist.gov/ (accessed: July 12, 2011)

  25. The Open Source Vulnerability Database, http://osvdb.org/ (accessed: July 12, 2011)

  26. Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131–138. ACM (2006)

    Google Scholar 

  27. Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Security & Privacy 4(6), 85–89 (2006)

    Article  Google Scholar 

  28. Spillner, A., Linz, T., Rossner, T., Winter, M.: Software Testing Practice: Test Management. Dpunkt (2007)

    Google Scholar 

  29. van Veenendaal, E.: Practical risk–based testing, product risk management: the prisma method. Technical report, Improve Quality Services BV (2009)

    Google Scholar 

  30. CAST, http://www.castsoftware.com/ (accessed: July 12, 2011)

  31. Understand, http://www.scitools.com/ (accessed: July 12, 2011)

  32. Sonar, http://www.sonarsource.org/ (accessed: July 12, 2011)

  33. iPlasma, http://loose.upt.ro/iplasma/index.html (accessed: July 12, 2011)

  34. Zhao, M., Ohlsson, N., Wohlin, C., Xie, M.: A comparison between software design and code metrics for the prediction of software fault content. Information and Software Technology 40(14), 801–810 (1998)

    Article  Google Scholar 

  35. Nagappan, N., Ball, T.: Static analysis tools as early indicators of pre-release defect density. In: Proceedings of the 27th International Conference on Software Engineering, pp. 580–586. ACM (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Innsbruck, Austria

    Michael Felderer, Christian Haisjackl & Ruth Breu

  2. Kapsch CarrierCom AG, Vienna, Austria

    Johannes Motz

Authors
  1. Michael Felderer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Haisjackl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Johannes Motz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Software Technology and Interactive Systems, Vienna University of Technology, Favoritenstrasse 9/188, 1040, Vienna, Austria

    Stefan Biffl  & Dietmar Winkler  & 

  2. Software Quality Lab GmbH, Gewerbepark Urfahr 30, BG4, 4041, Linz, Austria

    Johannes Bergsmann

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Felderer, M., Haisjackl, C., Breu, R., Motz, J. (2012). Integrating Manual and Automatic Risk Assessment for Risk-Based Testing. In: Biffl, S., Winkler, D., Bergsmann, J. (eds) Software Quality. Process Automation in Software Development. SWQD 2012. Lecture Notes in Business Information Processing, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27213-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27213-4_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27212-7

  • Online ISBN: 978-3-642-27213-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation