This is one of two heuristic approaches to risk analysis and evaluation that considers different types of quality threats. The other is Something vs Nothing. These two types of approaches to risk can be combined together into one quadrant.
Testers think not just in terms of how value of the software can be reduced or lost altogether, but also how other harm could come about. This creates two broad categories of risk that testers consider when testing otherwise potentially important bugs may be missed:
- Risk of value being mitigated
- Risk of further damage occurring
It may help to think of product value on a hypothetical scale where positive numbers mean value is being delivered to someone and zero means the value isn’t being delivered to them at all. Delivering little to no value around the “zero” mark is bad enough, but it can be much worse. In such cases negative numbers mean harm is being delivered that overrides any potential value. Lost value or harm can apply to any instance of threatened quality in a bug report or apply to any software product, system or service, or feature, as a whole.
This number scale is just used for illustrative purposes only as value and risk must be described as stories. There can be any number of stories of lost value and harm for any given story of value, which means value and harm aren’t mutually exclusive, as any software aspect, feature or function can deliver value to someone in one way whilst still causing harm to someone else or the same person in another way.
|← Increasing harm||Lost value||← Losing value|
A self-driving taxi delivers value to passengers by having them pick them up from a specified pick-up point, drive them to their destination and then drop them off at their target.
The self-driving taxi would start to lose value if it didn’t drive the passenger to the correct destination or did it too slowly. It would lose value altogether if passengers got in and the taxi just sat there unable to move. Testers would identify the value of the self-driving taxi then hypothesise risks such as these that cause the value to reduce or not come about.
On the other hand, if the passenger got into the self-driving taxi and it drove them into a lake, drove so fast it caused them injuries or drove on the pavement hitting other pedestrians, then this would be causing harm. In the latter two cases the self-driving taxi may still deliver the value to the passenger in getting them to their destination on time, but the potential harm outweighs the benefit substantially.