Software Engineering Body of Knowledge (v3) (2014) (811503), страница 94
Текст из файла (страница 94)
It provides information to users of the subsequent parts of ISO/IEC 15026, including theIEEE Std. 15026.2-2011 Standard Adoption of ISO/IEC 15026-2:2011 Systems and Software Engineering—Systems and Software Assurance—Part 2:Assurance CaseISO/IEC 15026-2:2011 is adopted by this standard. ISO/IEC 15026-2:2011 specifies minimumrequirements for the structure and contents of anassurance case to improve the consistency andcomparability of assurance cases and to facilitate stakeholder communications, engineeringdecisions, and other uses of assurance cases. Anassurance case includes a top-level claim for aproperty of a system or product (or set of claims),systematic argumentation regarding this claim,and the evidence and explicit assumptions thatunderlie this argumentation.
Arguing throughmultiple levels of subordinate claims, this structured argumentation connects the top-level claimto the evidence and assumptions. Assurancecases are generally developed to support claimsin areas such as safety, reliability, maintainability, human factors, operability, and security,although these assurance cases are often calledby more specific names, e.g., safety case or reliability and maintainability (R&M) case. ISO/IEC15026-2:2011 does not place requirements onthe quality of the contents of an assurance caseand does not require the use of a particular terminology or graphical representation.
Likewise, itplaces no requirements on the means of physicalimplementation of the data, including no requirements for redundancy or colocation.In many systems, some portions are critical toachieving the desired property while others are onlyAppendix B B-25incidental. For example, the flight control system ofan airliner is critical to safety, but the microwaveoven is not. Conventionally, the various portionsare assigned “criticality levels” to indicate their significance to the overall achievement of the property.The third part of ISO/IEC 15026 describes how thatis done. This part will be revised for better fit withthe remainder of the 15026 standard.ISO/IEC 15026-3:2011 Systems and Software Engineering—Systems and Software Assurance—Part 3:System Integrity LevelsISO/IEC 15026-3:2011 specifies the concept ofintegrity levels with corresponding integrity levelrequirements that are required to be met in orderto show the achievement of the integrity level.
Itplaces requirements on and recommends methods for defining and using integrity levels andtheir integrity level requirements, including theassignment of integrity levels to systems, software products, their elements, and relevant external dependences.ISO/IEC 15026-3:2011 is applicable to systems and software and is intended for use by:• definers of integrity levels such as industryand professional organizations, standardsorganizations, and government agencies;• users of integrity levels such as developersand maintainers, suppliers and acquirers,users, and assessors of systems or software,and for the administrative and technical support of systems and/or software products.One important use of integrity levels is by suppliers and acquirers in agreements; for example,to aid in assuring safety, economic, or securitycharacteristics of a delivered system or product.ISO/IEC 15026-3:2011 does not prescribe aspecific set of integrity levels or their integritylevel requirements.
In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes.ISO/IEC 15026-3:2011 can be used alone orwith other parts of ISO/IEC 15026. It can be usedwith a variety of technical and specialized riskanalysis and development approaches. ISO/IECTR 15026-1 provides additional information andreferences to aid users of ISO/IEC 15026-3:2011.ISO/IEC 15026-3:2011 does not require theuse of the assurance cases described by ISO/IEC15026-2 but describes how integrity levels andassurance cases can work together, especially inthe definition of specifications for integrity levelsor by using integrity levels within a portion of anassurance case.The final part of 15026 provides additionalguidance for executing the life cycle processes of12207 and 15288 when a system or software isrequired to achieve an important property.ISO/IEC 15026-4:2012 Systems and Software Engineering—Systems and Software Assurance—Part 4:Assurance in the Life CycleThis part of ISO/IEC 15026 gives guidance andrecommendations for conducting selected processes, activities and tasks for systems and softwareproducts requiring assurance claims for propertiesselected for special attention, called critical properties.
This part of ISO/IEC 15026 specifies a property-independent list of processes, activities, andtasks to achieve the claim and show the achievement of the claim. This part of ISO/IEC 15026establishes the processes, activities, tasks, guidance,and recommendations in the context of a definedlife cycle model and set of life cycle processes forsystem and/or software life cycle management.The next standard deals with a property—safety—that is often identified as critical.
It wasoriginally developed in cooperation with the USnuclear power industry.IEEE Std. 1228-1994 Standard for Software SafetyPlansThe minimum acceptable requirements for thecontent of a software safety plan are established.This standard applies to the software safety planused for the development, procurement, maintenance, and retirement of safety-critical software.B-26 SWEBOK® Guide V3.0This standard requires that the plan be preparedwithin the context of the system safety program. Only the safety aspects of the software areincluded. This standard does not contain specialprovisions required for software used in distributed systems or in parallel processors.Classical treatments suggest that “verification”deals with static evaluation methods and that“testing” deals with dynamic evaluation methods.
Recent treatments, including ISO/IEC draft29119, are blurring this distinction, though, sotesting standards are mentioned here.IEEE Std. 829-2008 Standard for Software and System Test DocumentationSee Software Testing KAIEEE Std. 1008-1987 Standard for Software UnitTestingSee Software Testing KAIEEE Std. 26513-2010 Standard Adoption of ISO/IEC 26513:2009 Systems and Software Engineering—Requirements for Testers and Reviewers ofDocumentationSee Software Testing KAISO/IEC/IEEE 29119 [four parts] (Draft) Softwareand Systems Engineering—Software TestingSee Software Testing KAKnowledge (SWEBOK)See GeneralAn SC 7 standard provides a framework forcomparisons among certifications of softwareengineering professionals. That standard statesthat the areas considered in certification must bemapped to the SWEBOK Guide.ISO/IEC 24773:2008 Software Engineering—Certification of Software Engineering ProfessionalsISO/IEC 24773:2008 establishes a framework forcomparison of schemes for certifying softwareengineering professionals.
A certification schemeis a set of certification requirements for softwareengineering professionals. ISO/IEC 24773:2008specifies the items that a scheme is required tocontain and indicates what should be defined foreach item.ISO/IEC 24773:2008 will facilitate the portability of software engineering professional certifications between different countries or organizations. At present, different countries andorganizations have adopted different approacheson the topic, which are implemented by meansof regulations and bylaws. The intention of ISO/IEC 24773:2008 is to be open to these individual approaches by providing a framework forexpressing them in a common scheme that canlead to understanding.SOFTWARE ENGINEERINGPROFESSIONAL PRACTICESC 7 is currently drafting a guide that will supplement 24773.IEEE is a provider of products related to the certification of professional practitioners of softwareengineering. The first has already been described,the Guide to the Software Engineering Body ofKnowledge.
The SWEBOK Guide has been adoptedby ISO/IEC as an outline of the knowledge that professional software engineers should have.SOFTWARE ENGINEERING ECONOMICSISO/IEC TR 19759:2005 Software Engineering—Guide to the Software Engineering Body ofNo standards are allocated to this KA.COMPUTING FOUNDATIONSNo standards are allocated to this KA.MATHEMATICAL FOUNDATIONSNo standards are allocated to this KA.Appendix B B-27ENGINEERING FOUNDATIONSThe list of standards published for ISO/IEC JTC1/SC 7 can be found at www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=45086.Because the URL might change, readers mighthave to navigate to the list. Begin at www.iso.org/iso/store.htm, then click on “browse standardscatalogue,” then “browse by TC,” then “JTC 1,”then “SC 7.”Finding the current list of standards for S2ESCis a bit more difficult. Begin at http://standards.ieee.org/.
In the search box under “Find Standards,” type “S2ESC.” This should produce alist of published standards for which S2ESC isresponsible.Keep in mind that the searchable databasesare compilations. Like any such database, theycan contain errors that lead to incomplete searchresults.The definitions contained in ISO/IEC/IEEE24765, System and Software Vocabulary, arefreely available at www.computer.org/sevocab.However, the vast majority of standards are notfree. ISO/IEC standards are generally purchasedfrom the national standards organization of thecountry in which one lives.
For example, in theUS, international standards can be purchasedfrom the American National Standards Instituteat http://webstore.ansi.org/. Alternatively, standards can be purchased directly from ISO/IECat www.iso.org/iso/store.htm. It should be notedthat each individual nation is free to set its ownprices, so it may be helpful to check both sources.IEEE standards may be available to you forfree if your employer or library has a subscriptionto IEEE Xplore: http://ieeexplore.ieee.org/.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
