Module 7: Ethical Decisions in Software Development

Question 1

When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk. A decision to accept a risk can be extremely difficult and controversial when dealing with safety-critical systems because making that determination involves forming personal judgments about the value of human life, assessing potential liability in case of an accident, evaluating the potential impact on the surrounding natural environment, and estimating the system’s costs and benefits.

Answer 1

acceptance

Question 2

A software development methodology in which a system is developed in iterations lasting from one to four weeks. Unlike the waterfall system development model, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project.

Answer 2

agile development

Question 3

The estimated loss from a potential risk event over the course of a year. The following equation is used to calculate the annual loss expectancy: A× SLE = ALE. Where ARO is the annualized rate of occurrence, an estimate of the probability that this event will occur over the course of a year and SLE is the single loss expectancy, the estimated loss that would be incurred if the event happens.

Answer 3

annualized loss expectancy (ALE)

Question 4

An estimate of the probability that a risk event will occur over the course of a year.

Answer 4

annualized rate of occurrence (ARO)

Question 5

The elimination of a vulnerability that gives rise to a particular risk in order to avoid the risk altogether. This is the most effective solution but often not possible due to organizational requirements and factors beyond an organization’s control.

Answer 5

avoidance

Question 6

A method or technique that has consistently shown results superior to those achieved with other means and that is used as a benchmark within a particular industry.

Answer 6

best practice

Question 7

A type of dynamic testing that involves viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box).

Answer 7

black-box testing

Question 8

When a product fails to meet the terms of its warranty.

Answer 8

breach of warranty

Question 9

A set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output.

Answer 9

business information system

Question 10

Collection of best practices that help organizations improve their processes.

Answer 10

Capability Maturity Model Integration (CMMI) models

Question 11

A specific application of CMMI frequently used to assess and improve software development practices.

Answer 11

CMMI-Development (CMMI-DEV)

Question 12

When the plaintiffs’ own actions contributed to their injuries

Answer 12

contributory negligence

Question 13

A type of business information system used to improve decision making in a variety of industries.

Answer 13

decision support system (DSS)

Question 14

Products created during various stages of the development process, including statements of requirements, flowcharts, and user documentation.

Answer 14

deliverable

Question 15

A QA process that tests the code for a completed unit of software by actually entering test data and comparing the results to the expected results.

Answer 15

dynamic testing

Question 16

A description of how a product or process could fail to perform the desired functions described by the customer.

Answer 16

failure mode

Question 17

An important technique used to develop ISO 9000-compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.

Answer 17

failure mode and effects analysis (FMEA)

Question 18

A logging and monitoring system used by safety engineers to track hazards from a project’s start to its finish.

Answer 18

hazard log

Question 19

Systems that are easy to learn and use because they perform quickly and efficiently; they meet their users’ needs; and they operate safely and reliably so that system downtime is kept to a minimum

Answer 19

high-quality software system

Question 20

Software testing done after successful unit testing, where the software units are combined into an integrated subsystem that undergoes rigorous testing to ensure that the linkages among the various subsystems work successfully.

Answer 20

integration testing

Question 21

A set of standards written to serve as a guide to quality products, services, and management. It provides a set of standardized requirements for a quality management system.

Answer 21

ISO 9000 family of standards

Question 22

The reduction in either the likelihood or the impact of the occurrence of a risk.

Answer 22

mitigation

Question 23

An approach to minimizing the impact of software errors by independently implementing the same set of user requirements N times (where N could be 2, 3, 4 or more); the N-versions of software are run in parallel; and, if a difference is found, a “voting algorithm” is executed to determine which result to use

Answer 23

N-version programming

Question 24

The liability of manufacturers, sellers, lessors, and others for injuries caused by defective products.

Answer 24

product liability

Question 25

Methods within the development process that are designed to guarantee reliable operation of a product.

Answer 25

quality assurance (QA)

Question 26

The defining, measuring, and refining of the quality of the development process and the products developed during its various stages. The objective of quality management is to help developers deliver high-quality systems that meet the needs of their users

Answer 26

quality management

Question 27

The provision of multiple interchangeable components to perform a single function in order to cope with failures and errors.

Answer 27

redundancy

Question 28

A measure of the rate of failure in a system that would render it unusable over its expected lifetime

Answer 28

reliability

Question 29

The potential of gaining or losing something of value. Risk can be quantified by three elements: a risk event, the probability of the event happening, and the impact (positive or negative) on the business outcome if the risk does actually occur.

Answer 29

risk

Question 30

A logging and monitoring system used by safety engineers to track hazards from a project’s start to its finish.

Answer 30

risk management

Question 31

A system whose failure may cause human injury or death.

Answer 31

safety-critical system

Question 32

The estimated loss that would be incurred if a risk event occurs

Answer 32

single loss expectancy (SLE)

Question 33

Any error that, if not removed, could cause a software system to fail to meet its users’ needs.

Answer 33

software defect

Question 34

A standard, proven work process that enables systems analysts, programmers, project managers, and others to make controlled and orderly progress in developing high-quality software.

Answer 34

software development methodology

Question 35

The degree to which a software product meets the needs of its users.

Answer 35

software quality

Question 36

A software-testing technique in which software is tested without actually executing the code. It consists of two steps—review and static analysis.

Answer 36

static testing

Question 37

A situation in which the defendant is held responsible for injuring another person, regardless of negligence or intent.

Answer 37

strict liability

Question 38

Someone who has explicit responsibility for ensuring that a system will operate in a safe and reliable manner while meeting its users’ needs.

Answer 38

system safety engineer

Question 39

Software testing done after successful integration testing, where the various subsystems are combined to test the entire system as a complete entity.

Answer 39

system testing

Question 40

A risk management strategy in which the risk, should it happen, does not rest solely on one individual or organization. For example, a common way to accomplish risk transference is for an individual or an organization to purchase insurance, such as auto or business liability insurance. Another way to transfer risk is to outsource the risk by contracting with a third party to manage the risk.

Answer 40

transference

Question 41

A software-testing technique that involves testing individual components of code (subroutines, modules, and programs) to verify that each unit performs as intended.

Answer 41

unit testing

Question 42

Software testing done independently by trained end users to ensure the system operates as expected

Answer 42

user acceptance testing

Question 43

Assures buyers or lessees that a product meets certain standards of quality.

Answer 43

warranty

Question 44

A software development methodology that involves a sequential, multistage system development process in which development of the next stage of the system cannot begin until the results of the current stage are approved or modified as necessary.

Answer 44

waterfall system development model

Question 45

A type of dynamic testing that treats the software unit as a device that has expected input and output behaviors but whose internal workings, unlike the unit in black-box testing, are known.

Answer 45

white-box testing

Question 46

A software _________ is any error that, if not removed, could cause a software system to fail.

Answer 46

defect

Question 47

_______________the development process and the products developed during its various stages.

Answer 47

Quality management

Question 48

_____________ means that the defendant is held responsible for injuring another person, regardless of negligence or intent.

Answer 48

Strict liability

Question 49

A standard, proven work process that enables systems analysts, programmers, project managers, and others to make controlled and orderly progress in developing high-quality software is called a software _____________

Answer 49

development methodology

Question 50

The cost to identify and remove a defect in an early stage of software development is typically much less than the cost of removing a defect in an operating piece of software after it has been distributed to many customers. True or False?

Answer 50

True

Question 51

A system development methodology in which systems are developed in iterations, often called “sprints,” lasting from one to four weeks is called _______ development.

Answer 51

agile

Question 52

A software-testing technique in which the software is tested without actually executing the code is _____________.

Answer 52

static testing

Question 53

_____________ is a collection of best practices that help organizations assess and improve their software development practices.

Answer 53

CMMI-DEV

Question 54

If the annualized rate of occurrence is one percent and the annual loss expectancy is $100,000, the single loss expectancy is _____________.

Answer 54

$10 million

Question 55

The provision of multiple interchangeable components to perform a single function to cope with failures and errors is called _____________.

Answer 55

redundancy

Question 56

________ is a measure of the rate of failure in a system that would render it unusable over its expected lifetime

Answer 56

Reliability

Question 57

One of the most important and challenging areas of safety-critical system design is the system–human interface. True or False?

Answer 57

True

Question 58

_____________ is an important technique used to develop ISO 9000–compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.

Answer 58

FMEA