95. Developing safe software is crucial to prevent loss of life, property damage, or liability. Which of the following practices is least useful to ensuring a safe software product?

a. Use high coupling between critical functions and data from noncritical ones.

b. Use low data coupling between critical units.

c. Implement a fail-safe recovery system.

d. Specify and test for unsafe conditions.

95. a. “Critical” may be defined as pertaining to safety, efficiency, and reliability. Each application system needs a clear definition of what “critical” means to it. Software hazards analysis and fault tree analysis can be performed to trace system-level hazards (for example, unsafe conditions) through design or coding structures back to software requirements that could cause the hazards. Functions and features of software that participate in avoiding unsafe conditions are termed critical. Critical functions and data should be separated from noncritical ones with low coupling, not with high coupling.

Avoiding unsafe conditions or ensuring safe conditions is achieved by separating the critical units from noncritical units, by low data coupling between critical units, and by fail-safe recovery from unsafe conditions when they occur, and by testing for unsafe conditions. Data coupling is the sharing or passing of simple data between system modules via parameter lists. A low data coupling is preferred at interfaces as it is less error prone, ensuring a safety product.

96. Developing a superior quality or safe software product requires special attention. Which of the following techniques to achieve superior quality are based on mathematical theory?

a. Multiversion software

b. Proof-of-correctness

c. Software fault tree analysis

d. Software reliability models

96. b. The proof-of-correctness (formal verification) involves the use of theoretical and mathematical models to prove the correctness of a program without executing it. Using this method, the program is represented by a theorem and is proved with first-order predicate calculus.

The other three choices do not use mathematical theory. Multiversion software is incorrect because its goal is to provide high reliability, especially useful in applications dealing with loss of life, property, and damage. The approach is to develop more than one version of the same program to minimize the detrimental effect on reliability of latent defects.

Software fault tree analysis is incorrect because it identifies and analyzes software safety requirements. It is used to determine possible causes of known hazards. This is done by creating a fault tree, whose root is the hazard. The system fault tree is expanded until it contains at its lowest level basic events that cannot be further analyzed.

Software reliability models are incorrect because they can predict the future behavior of a software product, based on its past behavior, usually in terms of failure rates.

97. Predictable failure prevention means protecting an information system from harm by considering which of the following?

a. Mean-time-to-repair (MTTR)

b. Mean-time-to-failure (MTTF)

c. Mean-time between failures (MTBF)

d. Mean-time between outages (MTBO)

97. b. MTTF focuses on the potential failure of specific components of the information system that provide security capability. MTTF is the amount of mean-time to the next failure. MTTR is the amount of time it takes to resume normal operation. MTBF is the average length of time the system is functional. MTBO is the mean time between equipment failures that result in a loss of system continuity or unacceptable degradation.

98. Regarding software installation, “All software is checked against a list approved by the organization” refers to which of the following?

a. Blacklisting

b. Black-box testing

c. White-box testing

d. Whitelisting

98. d. Whitelisting is a method to control the installation of software to ensure that all software is checked against a list approved by the organization. It is a quality control check and is a part of software configuration activity. An example of blacklisting is creating a list of electronic-mail senders who have previously sent spam to a user. Black-box testing is a functional analysis of a system, whereas white-box testing is a structural analysis of a system.

99. Which of the following is not an example of the defect prevention method in software development and maintenance processes?

a. Documented standards

b. CleanRoom processes

c. Formal technical reviews

d. Documentation standards

99. c. Formal technical reviews (for example, inspections and walkthroughs) are used for defect detection, not prevention. If properly conducted, formal technical reviews are the most effective way to uncover and correct errors, especially early in the life cycle, where they are relatively easy and inexpensive to correct.

Documented standards are incorrect because they are just one example of defect prevention methods. Documented standards should be succinct and possibly placed into a checklist format as a ready application reference. A documented standard also permits audits for adherence and compliance with the approved method.

CleanRoom processes are incorrect because they are just one example of defect prevention methods. The CleanRoom process consists of (i) defining a set of software increments that combine to form the required system, (ii) using rigorous methods for specification, development, and certification of each increment, (iii) applying strict statistical quality control during the testing process, and (iv) enforcing a strict separation of the specification and design tasks from testing activities.

Documentation standards are incorrect because they are just one example of defect prevention methods. Standard methods can be applied to the development of requirements and design documents.

100. The scope of formal technical reviews conducted for software defect removal would not include:

a. Configuration management specification

b. Requirements specification

c. Design specification

d. Test specification

100. a. The formal technical review is a software quality assurance activity that is performed by software developers. The objectives of these reviews are to (i) uncover errors in function and logic, (ii) verify that software under review meets its requirements, (iii) ensure that software represents the predefined standards. Configuration management specifications are a part of project planning documents, not technical documents. The purpose is to establish the processes that the project uses to manage the configuration items and changes to them. Program development, quality, and configuration management plans are subject to review but are not directly germane to the subject of defect removal.