Five Key Points
1. Thousands of anomalies can be tried
2. Every hazard that is observed after fault injection should be analyzed and mitigated
3. Non-orange anomalies (including nonsense anomalies) can force the software to behave like orange anomalies
4. Dynamic testing is used to partially determine if the blue space can lead to a software hazard
5. Fault injection only needs to simulate small programmer faults because testing will determine if large faults result in hazards