Our first #TestingChat is all about Identifying Risks

This thread is to carry on and collate the conversations from Twitter.
If someone said something you want to save so others can read it, post it here!
If someone recommended a resource, list it here!

If you want to answer the questions here instead, here they are, fire away!

Look up #TestingChat on Twitter to follow the chat!

What techniques do you use to identify risks? (Information shared by participants of #testingchat on 1st June ’ 17)

  1. TestSpere (Blue Deck)

  2. Oblique Testing

  3. Thinking of the worst possible headline for your product/service and reverse engineer it to see if you could make it happen

  4. Heuristics

  5. Analysis

  6. Communication

  7. Early Exploratory Testing

  8. Bug taxonomies – Classes of typical bugs happening in a type of software. A collection of all-time bugs sorted by categories.

  9. Do a pre-mortem standup and talk to stakeholders. Add the risks they see to a list, calculate an RPN (Risk Priority Number), and monitor.

  10. Failure case studies.

  11. Failure Mode Effect Analysis (FMEA)

  12. Flowcharts and Models used to spot gaps and follow user journeys to find risks before development (It is useful to build up a Library of different user types for this sort of work.)

  13. Cheatsheets of common project/product risks.

  14. Drawing maps on a board whilst people talk through an idea to highlight risk due to areas not considered

  15. Story points as estimates. Abstract out time - if there’s no agreement on relative scale then there’s likely assumptions & risk

More Techniques along with documents to refer:

  1. Risk/Threat Modelling – Example: STRIDE Model (Specific to Security Risks)

a) https://www.owasp.org/index.php/Threat_Risk_Modeling
b) https://www.owasp.org/images/1/19/OTGv4.pdf
c) https://en.m.wikipedia.org/wiki/STRIDE_(security)
d) https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx

  1. Collaboratively identifying and mitigating release risks - http://katrinatester.blogspot.co.uk/2016/10/risk-based-release-testing.html

  2. The Risk Questionnaire - http://www.a-sisyphean-task.com/2016/09/the-risk-questionnaire.html

  3. Heuristic Risk-Based Testing - http://www.satisfice.com/articles/hrbt.pdf

  4. Exploring uncertainties to understand them as risks. - https://www.ministryoftesting.com/2015/03/not-sure-about-uncertainty/

  5. By asking as many relevant “what if”-questions as possible to raise awareness of possible risks.
    a) http://enjoytesting.blogspot.co.uk/2011/10/release-of-my-ebook-what-if.html?m=1
    b) http://enjoytesting.blogspot.co.uk/p/books.html

  6. Challenge use of watchwords such as “just”, “only”, “quick”, “simply” as they normally indicate assumptions and therefore risk
    Miscommunication risks -

  7. Brainstorming session with developers by utilising ‘Me - We - Us’ facilitation technique.

  8. Generic Testing heuristics for risk assessment