Tutorial A

Systems Theory to Manage Testing, Safety and Risk

Anders Dinsen

09:30-13:00 CEST Tuesday 28th Sept

Systems theory allows us to identify safety, security, and quality risks. It can help increase testability, reduce testing debt, and help projects deliver quality and mitigate risk. Traditional risk analysis focus either on requirements or code. They rely on experience and gut feeling. Systems Theory and cybernetics was developed by Norbert Wiener in the 1940’s as a structured way to model complexity. In this talk, I will introduce a STPA, a holistic analysis technique which can be used to analyse complex systems of software and people. STPA is part of a systems theoretical framework for safety engineering complex socio-technical systems. Developed by Professor Dr. Nancy Leveson at MIT in the 2000’s. It is a powerful analysis technique for complex systems and helps us deal with complexity.

The verb testing comes from latin testa, noun for the pot of clay in which tradesmen used to test the value of gold used in their transactions by melting it over fire. Testing was a necessary step as the purity of the gold of stamped coins could not be trusted.

Complex software is pure design. The value of it as experienced by our users and stakeholders is not intrinsic in the code, but emergent. In one way software is like gold: It might have some claimed quality. But no inspection of the raw material, the code, can prove the quality of a system or an application with real users and stakeholders.

Complexity results in poor testability. Costs of managing testing and setting up test environments are increasing. Systems theory is necessary in mitigating these problems. On your next workday, you will be able to model and analyze the system you are working on, identifying system risks, critical requirements, and test cases. This will help you discover risks and issues, and help your team test more effectively.