Page 321 - Software and Systems Requirements Engineering in Practice
P. 321

283
                                                   n
                                                    a
                                                  A
                                                d

                                                        i
                                                         s
                                                       s
                                                     l
                                                      y
                                      1
                                       :
                                     1
                                   r

                                              a
                                               r
                                             z
                                          H
                                            a
                                                                        o
                                                                         d
                                                                       M
                                                                     t

                                                                             n
                                                                              g
                                                                             i
                                                                           e
                                                                            l
                                                             d

                                                            n

                                                           a
                                                                   e
                                                                    a
                                                                  r
                                                               T
                                                                h
                               a
                             h
                            C C h a p t e r   1 1 :      H a z a r d   A n a l y s i s   a n d   T h r e a t   M o d e l i n g      283
                                 t
                                p
                                  e
                  Symbol or
                  Relationship  Description         Comment
                  Hazard       This is a placeholder   When activated, would either
                               for a hazard analysis.  hyperlink to a hazard analysis or
                                                    open the hazard analysis if the
                                                    model and analysis are in the
                                                    same tool.
                  Mitigating   Identifies a         The requirement could be entirely
                  requirement  requirement is needed   in the model or could be a
                               to mitigate the risk of   placeholder for a hyperlink to the
                               a potential hazard.  requirement in a requirements
                                                    database.
                  Mitigates    A mitigation         This relationship can take the
                               relationship         place of manually entered and
                               between a hazard     maintained traces.
                               and a mitigating
                               requirement.
                  Impacts      An impact relationship   Indicates that the mitigating
                               between a mitigating   requirement may constrain
                               requirement and      or otherwise impact another
                               another requirement.  requirement.
                 TABLE 11.3  MDRE Extensions for Hazard Analysis
                   A Cautionary Tale
                   On July 12, 2006, the ceiling of a portion of a tunnel (the “Big Dig”)
                   in Boston fell on a woman’s car, killing her.  An investigation revealed
                                                       2
                   that the wrong glue had been used to fasten the ceiling panels. Each
                   of the organizations and staff that were involved in the construction
                   of the tunnel blamed other parties. Finally, the company that supplied
                   the glue was charged with involuntary manslaughter.  As there were
                                                                 3
                   no traces from requirements through construction, it was not possible
                   for  project  management  to  trace  from  the  installation  back  to  the
                   correct type of glue needed (the correct glue needed was known and
                   recorded at the start of the project). We can learn from this tragedy:
                      •  People  can  be  held  criminally  liable  for  failure  to  follow  best
                        practices.
                      •  Hazard  analysis  coupled  with  effective  trace  mechanisms  can
                        potentially save lives.
                      2  July 12, 2006, edition of the Christian Science Monitor.
                      3  August 9, 2007, edition of the Boston Globe.
   316   317   318   319   320   321   322   323   324   325   326