A Taxonomy to Assess and Tailor Risk-based Testing in Recent Testing Standards
This work provides a tool for practitioners to evaluate and adapt risk-based testing methods in software engineering standards, but it is incremental as it builds on existing frameworks without introducing new testing paradigms.
The authors developed a taxonomy for risk-based testing to define, tailor, and assess approaches, applying it to standards like ISO/IEC/IEEE 29119 and methods such as SmartTesting to identify deviations and compare their practical potential.
This article provides a taxonomy for risk-based testing that serves as a tool to define, tailor, or assess risk-based testing approaches in general and to instantiate risk-based testing approaches for the current testing standards ISO/IEC/IEEE 29119, ETSI EG and OWASP Security Testing Guide in particular. We demonstrate the usefulness of the taxonomy by applying it to the aforementioned standards as well as to the risk-based testing approaches SmartTesting, RACOMAT, PRISMA and risk-based test case prioritization using fuzzy expert systems. In this setting, the taxonomy is used to systematically identify deviations between the standards' requirements and the individual testing approaches so that we are able to position and compare the testing approaches and discuss their potential for practical application.