Conclusions

• Rigorous methods for stressing systems are valuable when safety is a concern

• Cannot work without definition of "what are unacceptable" system-level events

• Results of fault-injection are limited guarantees; so is every other validation & verification method

• Safety design processes, as a means of certification, are not trustworthy. Dynamic analyses are still necessary

• Business-critical, enterprise-critical, and financial/banking information systems can also benefit from these principles

  • malicious test case generation for e-commerce systems

Previous slide

Back to first slide

View graphic version