Tuesday, January 19, 2021

Risks Not Fears

This afternoon I attended From Fear To Risk: Redefine What Drives Your Enterprise Testing Strategy, a webinar featuring Jenna Charlton and Alon Eizenman, hosted by Sealights. In the first session, Jenna presented on risk from a very broad perspective and, in the second, Alon talked about how Sealights' tooling focuses on a narrow slice of (code-based) potential risks in a way which they hope complements the wider approach.

Jenna wants risks to be quantifiable and definable and scrutinisable. Fears, for her, are none of those things. To quantify a risk, she scores history (data about previous behaviour, including probability of error, etc), complexity (of the application, the context, the data, the build process, etc), and impact (or more correctly, business concern about impact) on a scale of 1 (low) to 5 (high) and then combines them using this formula:

total risk = impact * maximum_of(history, complexity)

This is an interesting informal variant of a more common calculation which multiplies impact by probability. True to my own experience, Jenna was clear that, despite the apparent formality of the maths, there's more than an element of subjectivity in the scoring of risks. Workshopping can help to mitigate biases that are introduced that way, though.

Alon presented a brief overview of ways in which the Sealights product prioritises test cases (manual or automated) based on risk factors such as recent failures, code usage in production, and the location and extent of code changes since the last release. He proposed this as a useful addition to the kind of global risks that Jenna would typically be looking at, which include business, team, and project considerations.

No comments:

Post a Comment