by Dwayne Phillips
When we build systems, build them to do and have no more and no less than we intend.
A few pseudo definitions:
- Requirements: what the user wants.
- Intentions: what the builder intends.
- Hazards: when the builder builds more or less than intended.
The users says, “I want a system that does this and that is and like this and that.”
The builders say among themselves, “We can do those things and a little more here and maybe a little less there, but we will provide value for the price.”
Years later if something horrible happens, an observer will say, “The builder put more into the system than they intended. Someone else saw that extra and exploited it.”
This is about the recently neglected field of systems engineering. Requirements are traced to design, build, test, delivery, etc. The builders build what they intend to build: no more and no less. The system doesn’t do more than intended. The system doesn’t do less than intended. Those things would be apparent when the systems engineer(s) trace requirements to the rest of it.
“But if you press these three keys for four seconds and then these four keys for three seconds the system will…” Nope. This is not a movie with heroes and villains and last-second rescues. This is real life. That extra clever thing is a capability built into the system and it wasn’t intended. The cyber security weakness is a capability built into the system and it wasn’t intended.
Let’s do what we intend. No more and no less.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment