Dependency on outside suppliers See section 10 for a discussion.
TABLE 3.2
Hazard/consequence
ID P Consequence
a. 50% Report unavailable for analyst
b. 20% Report unavailable for chairman
c. 30% Report wrong
34
Manage Software Testing
We can express this set of hazards and probabilities as a diagram as shown in Figure 3.2 and as
another equation:
which when evaluated looks like this:
This represents the total risk exposure of this feature. To assess the reliability of the software see
section 18.6.
Example 2
: A lightning strike can only hit a space vehicle during the exit and entry phases ??” in other
words when it is in some atmosphere. For the rest of the mission the vehicle??™s lightning risk
exposure is nil. During launch and re-entry periods the probability is kept low by ensuring that
no launches, or re-entries occur in discharge-potential weather (risk mitigation 1). If a strike
occurs, the vehicle is built to minimize any upset for example by keeping its computers well
shielded (risk mitigation 2). The risk of a lightning strike remains the probability of a strike (when
exposed) times the cost.
FIGURE 3.2
Hazard/consequence decision tree
1, 350,003 = (2.25/5) * ((0.5 * 3000000) + (0.2 * 10) + (0.3 * 5000000)) +
(2.75/5) * (((0.5 * 5) + (0.2 * 5) + (0.3 * 5)))
USD 3m
Cost Distribution
On critical day
On non-critical
day
Hazard distribution
Report unavailable for chairman
Report unavailable for analyst
Report unavailable for chairman
Report unavailable for analyst
Report wrong
Report wrong
USD 10
P F
A U
F
A U
a.
Pages:
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146