What is testing? In one of the sessions at the Cambridge Software Testing Clinic the other night, the whole group collaborated on a mind map on that very question.
I find it interesting how the mind can latch on to one small aspect of a thing. I attend these kinds of events to find something new, perhaps a new idea, a different perspective on something I already know, or something about the way I act. In this case, under a node labelled mindset, one of the participants proposed risk-averse. I challenged that, and counter-proposed risk-aware. You can see them both on the map on this page, centre-left, near the bottom. And that's the thing I've been coming back to since: accepting that there is a testing mindset (with all the sociological and semantic challenges that might have) is it reasonable to say that it includes risk aversion or risk awareness?
Let's start here: why did I challenge? I challenged because the interpretation that I took in the moment was that of testers saying "no, let's not ship because we know there are problems." And that's not something that I want to hear testers who work for me saying. At least not generally, because I can think of contexts in which that kind of phrase is entirely appropriate. But I won't follow that train of thought just now.
But do I even have a decent idea what risk-aversion is? I think so: according to Wikipedia's opening sentence on the topic risk-aversion "is a preference for a sure outcome over a gamble with higher or equal expected value." In my scenario, not shipping is a more certain outcome (in terms of risk that those known problems will be found in the product by customers) than shipping. But I can think of other aspects of shipping that might be more certain than in the case of not shipping. Perhaps I'll come back to them.
But then, do I have a decent idea what the person who suggested risk-aversion meant by it? In all honesty, no. I have some evidence, because they were keen on risk-awareness when I suggested it, that they overlap with me here, but I can't be sure. Even if they were with me right now, and we could spend hours talking about it, could we be certain that we view this particular conceptual space in the same way? A good question for another time.
So what did I mean by risk-aware? I meant that I want testers who work for me to be alert to the risks that might be present in any piece of work they are doing. In fact, I want them to be actively looking for those risks. And I want them to be able to characterise the risks in various ways.
For example, if they have found an issue in the product I'd like them to be able to talk to stakeholders about it, what the associated risks are, why this matters and to who, and ideally something about the likelihood of it occurring and something about impact if the issue was to occur. I'd also like my testers to be able to talk to stakeholders in the same way about risk that they observe in the processes we're using to build our product, and also in the approach taken to testing, and in the results of testing. If I thought harder could I add more to this? Undoubtedly and perhaps I will, one of these days.
While we're here, this kind of risk assessment is inherently part of testing for me. (Perceived) risk is one of the data points that should be be in the mix when deciding what to test at any given time. Actually, I might elaborate on that: risk and uncertainty are two related data points that should be considered when deciding what to test. But I don't really want to open up another front in this discussion, so see Not Sure About Uncertainty for further thoughts on that.
Would it be fair to say that a tester engaging in risk-based testing is risk-averse to some extent or another? Try this: through their testing they are trying to obtain the surest outcome (in terms of understanding of the product) for the stakeholders by exploring those areas of the product that are most risky. So, well, yes, that would seem to satisfy the definition from Wikipedia wouldn't it?
Permission to smirk granted. You are observing me wondering whether I am arguing that a tester who is risk-aware, and uses that risk-awareness to engage in risk-based testing, must necessarily be risk-averse. And now I'm also thinking that perhaps this is possible because the things at risk might be different, but I time-boxed this post (to limit the risk of not getting to my other commitments, naturally) and I've run out of time.
So here's the thing that I enjoy so much: one thought blown up into a big claggy mess of conceptual strands, each of which themselves could lead to other interesting places, but with the knowledge that following one means that I won't be following another, with an end goal that can't be easily characterised, alert for synergy, overlap, contradiction, ambiguity and other relationships, and which might simply reflect my personal biases, with the intellectual challenge of disentanglement and value-seeking, all limited by time.
Hmm. What is testing?
Image: Cambridge Software Testing Clinic