用于回顾性安全案例的软件安全风险分类法

31st IEEE Software Engineering Workshop (SEW 2007) Pub Date : 2007-03-06 DOI:10.1109/SEW.2007.88

Janice Hill

{"title":"用于回顾性安全案例的软件安全风险分类法","authors":"Janice Hill","doi":"10.1109/SEW.2007.88","DOIUrl":null,"url":null,"abstract":"Safety standards contain technical and process-oriented safety requirements. The best time to include these requirements is early in the development lifecycle of the system. When software safety requirements are levied on a legacy system after the fact, a retrospective safety case will need to be constructed for the software in the system. This can be a difficult task because there may be few to no artifacts available to show compliance to the software safety requirements. The risks associated with not meeting safety requirements in a legacy safety-critical computer system must be addressed to give confidence for reuse. This paper introduces a proposal for a software safety risk taxonomy for legacy safety-critical computer systems, by specializing the Software Engineering Institute's 'Software Development Risk Taxonomy' with safety elements and attributes.","PeriodicalId":277367,"journal":{"name":"31st IEEE Software Engineering Workshop (SEW 2007)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A Software Safety Risk Taxonomy for Use in Retrospective Safety Cases\",\"authors\":\"Janice Hill\",\"doi\":\"10.1109/SEW.2007.88\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Safety standards contain technical and process-oriented safety requirements. The best time to include these requirements is early in the development lifecycle of the system. When software safety requirements are levied on a legacy system after the fact, a retrospective safety case will need to be constructed for the software in the system. This can be a difficult task because there may be few to no artifacts available to show compliance to the software safety requirements. The risks associated with not meeting safety requirements in a legacy safety-critical computer system must be addressed to give confidence for reuse. This paper introduces a proposal for a software safety risk taxonomy for legacy safety-critical computer systems, by specializing the Software Engineering Institute's 'Software Development Risk Taxonomy' with safety elements and attributes.\",\"PeriodicalId\":277367,\"journal\":{\"name\":\"31st IEEE Software Engineering Workshop (SEW 2007)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-03-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"31st IEEE Software Engineering Workshop (SEW 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SEW.2007.88\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"31st IEEE Software Engineering Workshop (SEW 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEW.2007.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

安全标准包含技术和面向过程的安全要求。包含这些需求的最佳时机是在系统开发生命周期的早期。当软件安全需求在遗留系统上被征收时，将需要为系统中的软件构建一个追溯性的安全案例。这可能是一项困难的任务，因为可能几乎没有可用的工件来显示对软件安全需求的遵从性。必须解决遗留的安全关键型计算机系统中与不满足安全需求相关的风险，以提供重用的信心。本文通过将软件工程协会的“软件开发风险分类法”与安全元素和属性进行专门化，介绍了针对遗留安全关键型计算机系统的软件安全风险分类法的建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Software Safety Risk Taxonomy for Use in Retrospective Safety Cases

Safety standards contain technical and process-oriented safety requirements. The best time to include these requirements is early in the development lifecycle of the system. When software safety requirements are levied on a legacy system after the fact, a retrospective safety case will need to be constructed for the software in the system. This can be a difficult task because there may be few to no artifacts available to show compliance to the software safety requirements. The risks associated with not meeting safety requirements in a legacy safety-critical computer system must be addressed to give confidence for reuse. This paper introduces a proposal for a software safety risk taxonomy for legacy safety-critical computer systems, by specializing the Software Engineering Institute's 'Software Development Risk Taxonomy' with safety elements and attributes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

31st IEEE Software Engineering Workshop (SEW 2007)

自引率

0.00%

发文量