1
Outsourcing threats and mitigations (continued)
Undesirable outcomes Contributory threats
How the customer test facility can mitigate
the threat
Product failure ??? Customer failure to:
??“ define requirements and/or SLA with
sufficient clarity
??“ define operating environment interfaces
with sufficient clarity
??“ clarify the
purpose
of the requirements with
sufficient clarity (and the supplier??™s failure
to enquire)
??“ test with sufficient rigor
??? Supplier failure to test with sufficient rigor
??? Supplier inexperience in providing ancillary
support
??? Supplier malevolence in injecting Trojan horses
and leaving trapdoors
??? Review SLA
??? Check that all metrics used in SLA can be
verified independently by the customer
??? Review the interface and installation
specifications
??? Review the requirements specification
and ensure that the purpose of each
requirement is known or discoverable
??? Unit test all units
??? System-test all system-level deliverables
d
??? Compare system-test results from
multiple suppliers
??? Prepare evidence of product failure for
liquidated damages litigation
a
Both an Admiral and a fisherman know what wet feet mean. Software engineers the world over understand the meaning
of ???there??™s a bug.??? For ???
cultural discontinuity
??? read ???
the customer couldn??™t write the requirements right and the vendor couldn??™t
read them
.???
b
???
If that signal goes low the brakes fail.
Pages:
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394