Requirements-Related Risks in Critical Systems

This talk considers some of the roles that requirements engineering plays in computer system development, with particular emphasis on systems with critical requirements such as security, reliability, safety, and survivability. The RISKS archives are littered with cases attributable to requirements problems that propagate throughout development, from which many lessons need to be learned. Various possible remedies are discussed. Peter G. Neumann is a Principal Scientist in the Computer Science Laboratory at SRI (where he has been since 1971), concerned with computer system survivability, security, reliability, human safety, and high assurance. He is the author of Computer-Related Risks, Moderator of the ACM Risks Forum (comp. risks), Chairman of the ACM Committee on Computers and Public Policy, and Associate Editor of the CACM for the Inside Risks column. He was founder and for 19 years Editor of the ACM SIGSOFT Software Engineering Notes. He is currently a member of the U.S. Gen’l. Accounting Office Exec. Council on Information Management and Technology. See http://www.CSL.sri.com/neumann/ for Senate and House committee testimonies, RISKS material, papers, course lecture notes, etc. Neumann taught at the Technische Hochschule Darmstadt in 1960, Stanford University in 1964, the University of California at Berkeley in 1970-71, and most recently the University of Maryland in the fall of 1999 (teaching a course on survivable systems and networks). Neumann is a Fellow of the American Association for the Advancement of Science, the ACM, and the Institute of Electrical and Electronics Engineers (of which he is also a member of the Computer Society). He has received the ACM Outstanding Contribution Award for 1992, the first SRI Exceptional Performance Award for Leadership in Community Service in 1992, the Electronic Frontier Foundation Pioneer Award in 1996, the ACM SIGSOFT Distinguished Service Award in 1997, and the CPSR Norbert Wiener Award for in October 1997, for “deep commitment to the socially responsible use of computing technology.”