What are some common examples of risks in testing?

I was looking for a list of some simple examples of risks in some commonly used software products (e.g. online shopping, word processor/office etc.)? I saw a few questions here which talk about how to think about risk based testing, but they don’t list many examples (i.e. just one or two). Can we put a few simple examples in this thread?


Probably been asked so many times (you can see I’ve been doing this job for too long LOL.) But since it’s a common question , …here we go again, just show me the door.

Nicola Lindgreen https://www.youtube.com/watch?v=dwHYJUtkxzA&ab_channel=NicolaLindgren has bit of a hint list to start us off. Risks are a different thing , but it’s a start.


‘Risks’ are anything that can affect the quality of the product you’re testing, or the customers perception of the quality of the product, and some risks are greater than others.

For example a typo is very low risk, but still affects the customers perception of quality. Imagine reading the terms and conditions of a site, and its full of typos, you could start to question the quality of everything else relating to the site. Stakeholders probably care less about typos, but will still want things correct - and they should be of course.

Another example; Unable to checkout on an ecommerce site, extremely high risk, and affects the customers perception of quality. It’s very likely the customer will abandon their checkout experience losing the business money. Stakeholders most likely care about this the most, for obvious reasons.

‘Risks’ in testing could be confused with ‘risk based testing’ - Which is a different conversation really.

1 Like

A risk is anything that threats the value of the software to someone who matters.

If you look at the Quality Criteria in the Heuristic Testing Strategy Model, you can have some ideas of the types of risks.

And if you look at the Oracles, you can discover ways to see if there is a certain type of risk in a particular situation.

E.g., if your project doesn’t have good code static analysis, you may have problems with the maintainability (quality criteria) that developers (people who matter) can have, which would be bad because it will cause confusion, annoyance, surprise, and frustration on this group of people.

To uncover risks, you can do the thought process in reverse: Pick someone who matters, discover what this person values (with the Quality Criteria), think about what can threaten his/her perceived value (with the Oracles) and explore your product/project for such threats.


By the way, you might want to check out the risk-storming technique: