{"title":"The safety requirements engineering dilemma","authors":"D. Berry","doi":"10.1109/IWSSD.1998.667930","DOIUrl":null,"url":null,"abstract":"A key idea followed in the software and system safety community is that an identified hazard is best dealt with by changing the requirements of the system so that the hazard does not even occur. This modus operandi creates a serious dilemma. The hazard identification, that is needed in order to know what hazards to avoid, is best done after the code has been written, because only then are the potential effects of any particular stimulus, event, etc. deducible. However, if the response to the identified hazard is to change the requirements, then this requirements change will happen only after the code is written. Such changes are both expensive and dangerous. So, a means to identify all hazards at requirements analysis time is needed.","PeriodicalId":431074,"journal":{"name":"Proceedings Ninth International Workshop on Software Specification and Design","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1998-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Ninth International Workshop on Software Specification and Design","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWSSD.1998.667930","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26
Abstract
A key idea followed in the software and system safety community is that an identified hazard is best dealt with by changing the requirements of the system so that the hazard does not even occur. This modus operandi creates a serious dilemma. The hazard identification, that is needed in order to know what hazards to avoid, is best done after the code has been written, because only then are the potential effects of any particular stimulus, event, etc. deducible. However, if the response to the identified hazard is to change the requirements, then this requirements change will happen only after the code is written. Such changes are both expensive and dangerous. So, a means to identify all hazards at requirements analysis time is needed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
