11
-
Agile methods
- When would you recommend against the use of an agile method for developing a software system?
- should probably not be used when the software is being developed by teams who are not co-located.
- If any of the individual teams use agile methods, it is very difficult to coordinate their work with other teams. Furthermore, the informal communication which is an essential part of agile methods is practically impossible to maintain.
- should probably be avoided for critical systems e.g. HR system, payroll system where the consequences of a specification error are serious.
- In those circumstances, a system specification that is available before development starts makes a detailed specification analysis possible.
- However, some ideas from agile approaches are certainly applicable to critical systems e.g. test first development, Test driven development.
What are the critical system
- Critical system, also known as a ‘life-critical’ or ‘safety-critical’ system.
- It is a system in which failure is likely to result in the loss of life or environmental damage. Failure can be considered to include both catastrophic failure of the system or mere malfunctions.
- Examples of critical systems include medical appliances, nuclear reactors, air traffic control systems and an airbag system in a car. The fields that critical systems are employed in are wide, ranging from the examples given in medicine, energy and transport to spaceflight and recreation.
What happen if critical system is failure?
- A critical system need to maintain high reliability. This requirement and the need to be able to demonstrate a high level of confidence has led to regulatory standards becoming common within industries that apply critical systems. E.g. IEC 62304 is a standard specified for the development of medical device software from the International Electro technical Commission (IEC).
- These standards define strict frameworks for the development process, it needs to meet standards which has led to heavyweight methodologies, such as Waterfall, dominating software development in critical systems.
- These processes, with their focus on upfront analysis and design and defined phases, are viewed as better suited to the process.
- The standards also generally require that records are kept (to ensure traceability) and again, with their emphasis on documentation, heavyweight development processes are a natural choice.
What are the critical system
- Safety-critical systems:
- Failure may cause injury or death to human beings.
- Business-critical:
- Failure may result in the failure of the business using that system.
-
Business-critical system
- Customer account system in a bank.
- Areas where secrecy is required.
- Sensitive data/areas in companies.
- Areas where personal data are administered e.g. hr (human resource) system; police personnel records or Administration of student marks.
Safety-Critical system
- Medical Devices.
- Aerospace
- Military system
- Chemical Industry.
- Nuclear Power Stations.
- Railway control system.
- Air traffic control.
- Road traffic control (esp. traffic lights).
Open source Software (OSS)
- Advantages
- It is a widespread type of software that can
- increase the agility of software evolution,
- reduce the costs of software procurement and
- development and enhance the speed of market penetration.
- Disadvantages:
- It comes with significant operational and legal risks
- when adopting or acquiring solutions with significant OSS components.
- The worst is to incorporate OSS code into your product can mean that the source code in that product must be available to everyone at no cost.
OSS
- OSS is characterised by the public availability of the source code at no cost, under licence terms that oblige any users of the code to keep the code publicly available under those same licence terms.
- The public availability of the source code means the code is accessible to both developers and hackers.
- The likelihood and risk of a security vulnerability being identified
Copyleft licences
- OSS licence is the “copyleft” licences, it does not allow the programmer who uses the "copyleft" code to create an application to exercise the usual registered copyright and patent rights in the resulting work product.
- Any new application will be subject to the copyleft licence terms.
- It means that the programmer would not be entitled to charge for a licence to use that application.
- Instead, the new code used in the new application must also be publicly available and free to use for everyone at no cost.
- As each licence can often be difficult to determine with precision what rights a person has in any given collecting of OSS code.
- For example:
- Some OSS licence terms include an obligation to preserve notices identifying the original programmer/author, or require the licensed software to be adept of use in any way without restrictions.
- Data source: http://www.lexology.com/library/detail.aspx?g=e32fe98e-374d-4517-b079-1820365eb865
-
Example of cryptographic code
- A common cryptographic code used in
- over 66% web servers in the world,
- many email servers,
- chat and virtual private networks, and
- made headlines for the invisible exposure of highly sensitive personal information, emails and financial data.
- p.s. Cryptography is the discipline of using codes and ciphers to encrypt a message and make it unreadable unless the recipient knows the secret to decrypt it.
Result for misuse open source
- A failure to promptly correct the issue, whether by applying a security patch or transitioning to a different system, creates an exposure to claims there was a failure to reasonably secure personal information from
- misuse,
- interference loss or unauthorised access, modification or disclosure (in breach of Australian Privacy Principle 11) or
- a breach of confidentiality obligations in relation to the financial data by recklessly allowing its disclosure.
- any remedial costs, fines and damages that would flow from these claims, the reputational damage could also be significant.
use Open source in your project?
- OSS is a very powerful tool that can be used effectively to create cost-effective software and support agile business models.
- However, its adoption comes with risks.
- A proper risk assessment, both legal and technical, is recommended before adoption of OSS in any products or business critical functions.
-
Discussion question:
- Explain why there are fundamental ideas of software engineering that apply to all types of software systems.
-
Key Terms
- Critical system: It is a system in which failure is likely to result in the loss of life or environmental damage. Failure can be considered to include both catastrophic failure of the system or mere malfunctions.
- Open Source Software (OSS): It is characterised by the public availability of the source code at no cost, under licence terms that oblige any users of the code to keep the code publicly available under those same licence terms.
- OSS licence: It is the “copyleft” licences, it does not allow the programmer who uses the "copyleft" code to create an application to exercise the usual registered copyright and patent rights in the resulting work product.