Risk analysis is a method to determine how much risk is involved in something. In testing, it can be used to determine when to test something or whether to test something at all. Items with higher risk values should be tested early and often. Items with lower risk value can be tested later, or not at all. It can also be used with defects. Severity tells us how bad a defect is: "how much damage can it cause?" Priority tells us how soon it is desired to fix the defect: "should we fix this and if so, by when?"

Defects with High Severity and Priority are tested first.

While a test plan is being created, risks involved in testing the product are to be taken into consideration along with possibility of their occurrence and the damage they may cause along with solutions; if any. Detailed study of this is called as Risk Analysis.

Some of the risks could be:

New Hardware 

New Technology 

New Automation Tool 

Sequence of code delivery 

Availability of application test resources 

Identify and describe the risk magnitude indicators: High, Medium and Low

High magnitude means the effect of the risk would be very high and non-tolerable. Company may face severe loss and its reputation is at risk. Must be tested.

Medium: tolerable but not desirable. Company may suffer financially but there is limited liability or loss of reputation. Should be tested.

Low: tolerable. Little or no external exposure. Little or no financial loss. Company’s reputation unaffected. Might be tested.

Three perspectives of Risk Assessment: Effect, Cause and Likelihood.

To assess risk by Effect, identify a condition, event or action and try to determine its impact.

To asses risk by Cause is opposite of by Effect. Begin by stating an undesirable event or condition and identify the set of events that could have permitted the condition to exist.

To asses risk by Likelihood is to determine the probability that a requirement will not be satisfied.

Privatization would no doubt lead to better services.But saying that 'this is the only ' is wrong

Capability Maturity Model (CMM) is a model of 5 levels of process 'maturity' that determine effectiveness in delivering quality software. The 5 levels of CMM are described as below:

Level 1: Initial: - characterized by chaos, periodic panics, and heroic efforts required by individuals to successfully complete projects. Very few or none of the processes are in place.

Level 2: Repeatable: - Software Project Tracking, Requirements Management, Realistic Planning and Configuration Management Processes are in place; successful practices can be repeated.

Level 3: Defined: - Standard Software Development and Maintenance Processes are integrated throughout an organization. A Software Engineering Process Group is in place to oversee software processes, and training programs are used to ensure understanding and compliance.

Level 4: Managed: - Metrics are used to track productivity, processes, and products. Project performance is predictable, and quality is consistently high.

Level 5: Optimizing: - The focus is on continuous process improvement. The impact of new processes and technologies can be predicted and effectively implemented when required.

Any organization can start from any level, but its motto is to reach level 5; where the focus is continuous process improvement. By doing this, high quality s/w delivery is assured.

From this, we can see that the whole essence of CMM or CMMI is to produce quality software. It targets the whole organizational practices (or processes), which are believed to be the best across industries. Testing is part of Quality Assurance. CMM levels play an important role in an organization’s Quality Assurance effort. Thus testing plays an important role in determining CMM level.

Clearly, independent  judiciary is necessary for impartial judgements so that the executive does'nt take wrong measures.So only argument 1 holds

A bug leakage results when a bug is detected which should have been detected in earlier builds/versions of the application.

A defect which exists during testing yet unfound by the tester which is eventually found by the tester/end-user is also called bug leakage.

A bug release is when a particular version of s/w is released with a set of known bug(s)/defect(s). These bugs are usually low severity and/or low priority bugs. It is done when the company can afford the existence of bug in the released s/w rather than the time/cost for fixing it in that particular version. These bugs are usually mentioned in the Release Notes.

 I have used following 4 types of Methodologies: 

1. Boundary value analysis   

2. Equivalence partitioning   

3. Error guessing   

4. Cause effect graphing

Integration testing is done at module level when various modules are integrated with each other to form a system or sub-system. Its main purpose is to ensure that interfaces between various modules are working properly; i.e. modules which are working individually are also working correctly together.

System testing is done on a complete, integrated system to evaluate the system’s compliance with its specified requirements. It validates that the system meets its functional and non-functional requirements.

From these definitions, it is clear that the purpose of Integration and purpose of System Testing are different. Therefore, Integration test cases focus more on the interfaces between modules (interface integrity) - the data transfer and their interaction with each other. System test cases focus on testing the product as a whole; i.e. whether the functional, non-functional requirements of the System are met or not. Since System Testing is the final phase before delivery of the product, System test cases should pinpoint configuration related errors along with testing for performance, security, reliability etc.