Risk-driven testing


To develop a framework that uses risk related information as the 'driver' for test planning and management.


The contact for this research project is here.


As information systems become more and more complex there is need for verification that their functionality meets the requirements. Most often this is done through testing of the system. However, the thorough testing of a developed software is impossible unless we have infinite resources. Therefore a problem arises: what should be tested and how?

If we are able to recognize how "important" certain parts of system are and to order them according to decreasing "importance" then we have the clue which parts to test first (and perhaps in a more rigorous way). A way for determining the "importance" of system parts can be through the concept of risk. However a pure risk analysis doesn't take into account internal software structure but rather services that software provides. On the other hand these are particular software items that are the subject of testing. Therefore, to use risk as the driving force for testing, there is a need for investigating the relationship between risk analysis and software testing domains.


The approach bases on the experiences in safety systems domain - from which it inherits the concepts of risk, risk analysis and software integrity levels. The process of risk-based testing may be presented in the following steps:

  • Risk analysis focused on system's services is performed.

  • System internal structure is introduced (through UML model).

  • The "importance" of software components is evaluated based on the consequences resulting from a failure of a given component.

  • Testing requirements are assigned to each software component according to its "importance".

The above process is performed iteratively, using the increasing knowledge about the system resulting from the progress of the development process.

The research assumes that the risk identification and assessment results are already available ( this issue is covered by the RiskGuide project described elsewhere).


The project started in 2005.


The framework is expected to be applicable to critical systems as well as to the 'standard' systems with less critical requirements. It should provide for effective and efficient resource allocation for testing and to support managers in test planning and performance.

Two M.Sc. theses have been finished. One of them was realised in cooperation with EU Joint Research Centre, Ispra, Italy. Both theses resulted in development of software tools supporting risk-driven testing.


  1. Witkowicz M. : A system supporting test planning based on the risk of software development process, M.Sc. Thesis, Department of Software Engineering, Gdansk University of Technology, 2006. (in Polish)

  2. Korzeniowski L., A framework for risk based software testing, M.Sc. Thesis, Department of Software Engineering, Gdansk University of Technology, 2005.