Managing Risk in Software Testing Phases

The cheapest place to fix a mistake in a software project is on a piece of paper, not in six months of code. Writing a clear requirement is a great start. But the real skill, the thing that separates a good project from a great one, is actively trying to break the logic before you build it. Here at Full Metal, we call this pre-emptive debugging. We map out the "happy path," where the user does everything perfectly. But then we spend more time on the "unhappy paths." We ask a series of 'what if' questions. For a simple password reset feature, we'll ask: ❌ What if the user enters an email that isn't registered? ❌ What if they click the reset link after it has expired? ❌ What if they try to reuse an old password? Each of those 'what ifs' becomes a new requirement, closing a loophole that could have caused problems down the line. It's about finding flaws where they're free to fix. This also helps us avoid common pitfalls I've seen time and again. The biggest is the ambiguity trap: using fuzzy words like "fast" or "easy." My "fast" is not your "fast." Instead of "The system should be quick," we define it: "The system shall return a response within 500ms." One is a wish; the other is a testable fact. This meticulous approach might seem like a lot of work up front, but it saves a fortune in rework and frustration later on. We explore these common pitfalls and how to avoid them in our latest blog for SME leaders. Find the blog here: https://lnkd.in/eptHVTKA Have you ever had a project go a bit pear-shaped because of a single, unasked 'what if' question? #SoftwareEngineering #RiskManagement #DigitalTransformation

One of the common practices followed in software testing is to allocate 25-30% of the development effort towards testing. However, this method can at times mislead us, particularly when we face seemingly minor changes that unfold into complex challenges. Take, for instance, an experience I had with a retail client aiming to extend their store number format from 4 to 8 digits to support business expansion. This seemingly straightforward task demanded exhaustive testing across multiple systems, significantly amplifying the testing workload beyond the initial development effort—by a factor of 500 in this instance. 💡 The Right Approach 💡 1️⃣ Conduct a thorough impact analysis: Understand the full scope of the proposed changes, including the affected components and their interactions. 2️⃣ Leverage historical data: Use insights from past projects that are similar in nature to make informed testing estimates. 3️⃣ Involve testing experts early on: The sooner they are in the loop, the better they can provide realistic perspectives on possible challenges and testing needs. 4️⃣ Adopt a flexible testing estimation model: Move away from the rigid percentage model to a dynamic one that takes into account the specific complexities of each change. Has anyone else experienced a similar situation? How do you navigate the complexities of testing estimations in your projects? Your insights are appreciated! #softwaretesting #qualityassurance #estimation

Circa 2012-14, at a FAANG company (can’t pin-point for obvious reason 😉), we once faced a choice that could have cost MILLIONS in downtime… 𝐇𝐞𝐫𝐞’𝐬 𝐰𝐡𝐚𝐭 𝐰𝐞 𝐝𝐢𝐝. A critical system update was set to go live. Everything was tested, reviewed, and ready. Until a last-minute test showed an unusual error. 𝐍𝐨𝐰 𝐰𝐞 𝐡𝐚𝐝 𝐭𝐰𝐨 𝐨𝐩𝐭𝐢𝐨𝐧𝐬: ↳ Push ahead and risk an outage that could cost millions per minute. ↳ Roll back and delay a major feature for weeks. 𝐍𝐞𝐢𝐭𝐡𝐞𝐫 𝐟𝐞𝐥𝐭 𝐫𝐢𝐠𝐡𝐭. So we took a smarter approach. 𝐇𝐞𝐫𝐞’𝐬 𝐰𝐡𝐚𝐭 𝐰𝐞 𝐝𝐢𝐝: ➡️ 1. Instead of an all-or-nothing launch, we released to 0.1% of our traffic first. If things went sideways, we could shut it down in real time. ➡️ 2. Pre-prod tests only catch what they’re designed to catch—but production is unpredictable. We used synthetic traffic to simulate real-user behavior in a controlled environment. ➡️ 3. We didn’t just have one rollback plan — 𝐰𝐞 𝐡𝐚𝐝 𝐭𝐡𝐫𝐞𝐞: App-layer toggle – Immediate rollback for end-user impact. Traffic rerouting – Redirecting requests to stable older versions if needed. DB versioning – Avoiding schema lock-in with backwards-compatible updates. ➡️ 4. We set up live telemetry dashboards tracking error rates, latencies, and key business metrics—so we weren’t reacting blindly. ➡️ 5. Before the rollout, we ran a “what-if” drill: If this update fails, how will it fail? This helped us build mitigation paths before they were needed. 𝐖𝐡𝐚𝐭 𝐇𝐚𝐩𝐩𝐞𝐧𝐞𝐝? The anomaly we caught in testing never materialized in production. If we had rolled back, we’d have wasted weeks fixing a non-issue. Most teams still launch software with an “all or nothing” mindset. But controlled rollouts, kill switches, and real-time observability can let you ship fast and safe—without breaking everything. How does your team handle high-risk deployments? Would love to hear that 🙂

Too many companies are still running endless manual test cases that add zero value. Why? Because no one stopped to ask the most important question in testing: "What actually has changed?" If the areas covered by your manual test cases are not impacted, then running them over and over is nothing but wasted time, wasted effort, and wasted money. Automation makes this easier, you push a button, the suite runs and you get results. But what about the many organizations that don't have automation? This is where human intelligence becomes the critical factor. Risk-based testing and impact analysis are not optional. They are the difference between: a. Testing with purpose b. Testing with strategy c. Testing that protects the business Without these two practices, teams fall into the trap of activity over value by executing thousands of test cases simply because they exist, not because they are needed. In a world without full automation, testers must think. They must identify the riskiest areas, understand what changed, and focus their energy where failures actually matter. This is the core of HIST (Human Intelligence Software Testing): Testing driven by judgment, reasoning, prioritization and business impact and not by volume. Stop running everything, start testing what matters. Thoughts? How do you apply risk-based approach and impact analysis in your current environments? #HIST #RiskBasedTesting #ImpactAnalysis #SoftwareTesting #QualityEngineering #HumanIntelligence #TestingStrategy

In an ideal world, we’d get instant feedback on software quality the moment a line of code is written (by AI or humans) (we’re working hard to build that world, but in the meantime); how do we BALANCE speed to market with the right level of testing? Here are 6 tips to approach it: 1 - Assess your risk tolerance: Risk and user patience are variable. A fintech app handling transactions can’t afford the same level of defects as a social app with high engagement and few alternatives. Align your testing strategy with the actual cost of failure. 2 - Define your “critical path”: Not all features are created equal. Identify the workflows that impact revenue, security, or retention the most; these deserve the highest testing rigor. 3 - Automate what matters: Automated tests provide confidence without slowing you down. Prioritize unit and integration tests for core functionality and use end-to-end tests strategically. 4 - Leverage environment tiers: Move fast in lower environments but enforce stability in staging and production. 5 - Shift Left: Catching defects earlier saves time and cost. Embed testing at the pull request, commit, and review stages to reduce late-stage surprises. 6 - Timebox your testing: Not every feature needs exhaustive QA. Set clear limits based on risk, business impact, and development speed to avoid getting stuck in endless validation cycles. The goal is to move FAST WITHOUT shipping avoidable FIRES. Prioritization, intelligent automation, and risk-based decision-making will help you release with confidence (until we reach a future where testing is instant and invisible). Any other tips?

How’s testing going? A simple question, yet how we answer it determines whether stakeholders see testing as a value driver or just a checklist activity. Too often, testers respond with status updates: • "80% of test cases executed.” • "15 defects found.” • "Regression in progress.” This tells them what we did, but not what they need to know. Stakeholders want answers to: • Are we on track to release with confidence? • What risks remain, and how significant are they? • What do we not know yet that could hurt us? The key is to shift from activity reporting to storytelling with impact. Here’s how to frame the response: Start with business context “We’ve been focusing on [critical flows, high-risk areas, or user journeys] because [business impact].” Highlight risk insights “Our latest findings show that [describe key risks], which could impact [business, customers, or performance].” Show what’s known and unknown “We have confidence in [specific areas] based on [evidence], but we are still exploring [areas of uncertainty].” End with recommendations, not just status “To move forward, we suggest [adjustments in scope, additional tests, bug fixes, risk mitigation, etc.].” For example: A bad answer would be: “We executed 150 test cases and found 12 defects.” A better answer would be: “Our testing focused on checkout flows. We found a payment issue that affects 10% of transactions, which could lead to revenue loss. Fixing this before launch is critical.” Testing is not just about execution metrics. It’s about enabling informed decisions. When stakeholders ask, how’s testing going?, tell them a story that helps them take action. #softwaretesting #softwareengineering #quality #risks #brijeshsays

If you’re not focusing on the highest risks, are you truly testing? Risk-based testing transforms our approach by directing attention where it matters most: the areas that could truly harm the business or the user experience if something goes wrong. Rather than superficially testing every function with equal depth, we triage features based on their potential for catastrophic failure, their importance to revenue, or their impact on user trust. This pragmatic mindset doesn’t just save time—it provides a strategic lens that aligns testing activities with business priorities. When you focus on risk, you’re not only finding bugs; you’re safeguarding the product’s most crucial aspects.