Chapter 12

Explain why the risk-based approach is interpreted in different ways when specifying safety and security.

In the insulin pump system, the user has to change the needle and insulin supply at regular intervals and may also change the maximum single dose and the maximum daily dose that may be administered. Suggest three user errors that might occur and propose safety requirements that would avoid these errors resulting in an accident.

A safety-critical software system for treating cancer patients has two principal components: A radiation therapy machine that delivers controlled doses of radiation to tumor sites. This machine is controlled by an embedded software system. A treatment database that includes details of the treatment given to each patient. Treatment requirements are entered in this database and are automatically downloaded to the radiation therapy machine. Identify three hazards that may arise in this system. For each hazard, suggest a defensive requirement that will reduce the probability that these hazards will result in an accident. Explain why your suggested defense is likely to reduce the risk associated with the hazard.

Suggest appropriate reliability metrics for the classes of software systems below. Give reasons for your choice of metric. Predict the usage of these systems and suggest appropriate values for the reliability metrics. -a system that monitors patients in a hospital intensive care unit. -a word processor. -an automated vending machine control system. -a system to control braking in a car. -a system to control a refrigeration unit. -a management report generator.

Explain why there is a need for both preliminary security risk assessment and life-cycle security risk assessment during the development of a system.

Should software engineers working on the specification and development of safety-related systems be professionally certified in some way? Explain your reasoning.