Software Measurement and Testing
CSE3SMT
ASSESSMENT 1 - QUALITY RISK ASSESSMENT
Teaching Period Semester 2, 2024
Introduction
Imagine a company is implementing a brand-new software system, and they want to ensure they deliver the highest quality of software to their customers. A primary approach for delivering high quality software is to conduct a quality risk assessment early in the software development lifecycle, to identify project and product risks that can be mitigated (treated) by testing and quality assurance activities. This allows us to strategise and plan an approach to testing and QA that prevents and detects defects much earlier in the lifecycle.
Generative AI can be helpful for brainstorming quality risks, but can we trust it to do the job for us? The aim of this assignment is to:
1. Demonstrate your capabilities in conducting a quality risk assessment, and
2. Learn the advantages and limitations of using generative AI to identify project and product risks.
You are welcome to use ideas and materials from lecture 2 and lab 2 to support this assignment, and the risk assessment questionnaire that has been provided for lab 2 and the assignment..
Individual Assignment
This is an individual assignment. You are not permitted to work in groups when writing your answers to this assignment. However, you are welcome to brainstorm risks together with other students, as part group activities associated withs lab 2 and 3.
When submitting the assignment, students are required to submit their own work only. La Trobe University treats plagiarism seriously. When detected, penalties are strictly imposed. Further information can be found onhttps://www.latrobe.edu.au/students/admin/academic-integrity.
Total Subject Grade Contribution
This assignment contributes a total of 45% to your overall mark for the subject.
Due Date
This assignment is due at end of day (11.59pm) on Sunday 15th September 2024.
A penalty of 5% per day will be imposed for late assignments, and assignments can be submitted up to 5 days late at most (except in situations where special consideration applies). If you resubmit your assignment after the due date, it will be considered a late submission and will incura 5% penalty per day (except in situations where special consideration applies).
Submission
You are welcome to submit your answers in MS Excel, MS Word or PDF. It is preferable that all work be submitted in one file and that the file not be zipped.
Subject Intended Learning Outcomes
This assignment is designed to contribute towards the following learning outcomes:
• Relate the multiple industry-based roles involved in modern software testing
AssignmentTasks
The following tasks are mandatory and must be completed for this assignment.
Task 1 - Quality Risk Assessment
In this task, you will conduct a quality risk assessment for a chosen customer and system, based on the quality characteristics and sub-characteristics in the ISO/IEC 25010 product quality model.
You are not permitted to use generative AI for this task. All ideas and answers must be your own. All answers must be written in your own words.
Complete the following tasks:
1. Choose a customer and system as the basis for your quality risk assessment. Specify the customer’s name, system name (if known), and briefly describe the system.
You do not need to submit a customer profile for this task (although you may find the process we followed in lab 1 will support you in understanding your chosen customer).
2. Using the ISO/IEC 25010:2023 product quality model, and the risk assessment questionnaire provided in lab 2, identify a set of project and product risks for your system. For each risk, identify potential impacts, risk levels, and risk mitigations (including preventative and detective testing & QA activities that can mitigate each risk).
Include the following in your risk assessment:
a) At least 1 risk per sub-characteristic from the ISO/IEC 25010:2023 product quality model (i.e. minimum 40 risks). To support the process, read the risk assessment questionnaire, and consider how each characteristic and sub-characteristic might matter to your customer and their stakeholders (e.g., executives, managers, customers, staff, end-users). Please ensure you list the quality characteristic and the sub-characteristic for each risk.
b) At least 1 risk per project risk type from the risk assessment questionnaire (i.e. minimum 8 project risks).
c) Identify potential impacts, risk levels and mitigations for each risk.
d) Document the above in a risk register.
e) Provide a risk matrix to support your assignment of risk level.
f) Document your assumptions (minimum 5 assumptions).
Task 2 - AI-Generated Quality Risks
In this task, you will use a generative AI tool to generate quality risks for the same customer and system.
The aim is to find out what types of risks generative AI tools are able to produce, based on their current levels of capability. You do not need to reword or improve the risks or mitigations.
For the same customer and system, use the generative AI tool to complete the following tasks:
3. Choose a generative AI tool, specifying the name and URL of the tool.
4. For the same customer and system, ask the tool to generate:
a. A set of 40 (minimum) product quality risks. You may need to run a series of prompts to generate a minimum of 40 risks.
b. A set of 8 (minimum) testing project risks.
c. Potential risk impacts, risk levels, and risk mitigations including preventative and detective testing and QA activities, for each risk.
d. Document the above in a risk register.
e. Document the prompts that were used to generate the above.
Task 3 - Compare the Results
In this task, you will compare the risks you identified, against those that were generated by the AI tool.
You are not permitted to use generative AI for this task. All ideas and answers must be your own. All answers must be written in your own words.
5. Compare the risks that were identified in tasks 1 and 2, providing answers to the following questions (including rationale/justification for each answer):
a) Did the AI tool generate any risks that were not included in your risk register?
a. Would any of the new risks have been useful to include in your risk register (e.g., to produce a higher-quality system for the customer)?
b. Were any of the new risks not useful?
b) Were any ISO/IEC 25010:2023 product quality sub-characteristics missed by the AI tool?
a. Which sub-characteristics were missed?
b. Why do you think they were missed?
c. Could any of the missing sub-characteristics impact on the quality of the system?
c) Did the AI tool introduce any new risk types that were not included in the ISO/IEC 25010:2023 product quality model?
a. Were they useful?
b. Would they be useful to include in the ISO/IEC 25010 product quality model?
d) Which approach to risk identification do you think could result in a higher-quality system - task 1, task 2, or a combination?
MarkingRubric-CSE3SMT-Assignment1
|
Task Criteria Poor (0-2) Average (3-6) Excellent (7-10) Grade & Feedback
|
|
1
|
Product risks
|
Covers few to none of the product quality
sub-characteristics from ISO/IEC
25010:2023 product quality model.
Risks are generic, poorly specified, or are not related to the given system
|
Moderate attempt. Fewer than 40 risks identified, or some risks do not relate to the ISO/IEC 25010 product quality model, are generic, unsuitable, loosely related to the given system, or not well specified
|
Covers all 40 product quality sub- characteristics from the ISO/IEC
25010:2023 product quality model.
All risks are related to the given system, and are well specified
|
|
|
|
Criteria
|
Poor (0-1)
|
Average (2)
|
Excellent (3)
|
Grade & Feedback
|
|
|
Impacts
|
Few impacts are specified, or impacts are not suitable for the given risk
|
Moderate attempt. Only some impacts are specified, or some are not suitable for the given risk, system or customer
|
Risk impacts are well-specified, and are well-related to the given system and
customer
|
|
|
Mitigations
|
Few mitigations are suitable for the given risk, or few include both preventative and detective testing & QA approaches
|
Moderate attempt. Some mitigations are unsuitable for the given risk, or do not
include preventative and detective testing & QA approaches
|
All risk mitigations are suitable, well
specified, and include both preventative and detective testing & QA approaches
|
|
|
|
Criteria
|
Poor (0)
|
Average (1)
|
Excellent (2)
|
Grade & Feedback
|
|
|
Project risks
|
Few project risks are specified, or risks are not suitable for the given system or
customer
|
Moderate attempt. Only some project risk types are covered, or some are not
suitable for the given system or customer
|
All 8 project risk types are covered, with all risks well-written, and well-related to the given system and customer
|
|
|
Risk levels
|
Risk levels are not specified at all, or risk matrix has not been provided
|
Moderate attempt. Risk levels are not well specified, or risk matrix is not well
specified
|
Risk levels are well specified, and risk matrix is well structured and suitable
|
|
|
Assumptions
|
No assumptions specified
|
Few assumptions submitted, assumptions are not well specified, or are not related to given system or customer
|
Set of 5 (minimum) well-specified
assumptions, all being well-related to the given system and customer
|
|