OPF Glossary - S

safety

(1) a user-oriented quality requirement specifying the degree to which an application or component shall not directly or indirectly (e.g., via inactivity) cause accidental harm to either life (e.g., injury, loss of life) or property (e.g., loss of money or corruption of valuable data).

(2) a quality factor measuring the degree to which an application or component actually does not directly or indirectly (e.g., via inactivity) cause accidental harm to either life or property.

safety program

TBD.

safety risk

a categorization of hazards based on a combination of their severity and probability level.
Safety risk is used to prioritize the production of controls to eliminate or mitigate the associated hazard.

scalability

(1) a developer-oriented quality requirement specifying the degree to which an application or component shall be able to be modified to expand its existing capacities (e.g., to handle more simultaneous users or interactions, or to store more information in its databases).

(2) a quality factor measuring the degree to which an application or component actually be able to be modified to expand its existing capacities.

schedule management

the project management task, which ensures the timely completion of the project.

scheduler

the role that is played when a person maintains the master schedule of an endeavor.

scope

The size of an endeavor, application, or version of an application measured in terms of the collection of all relevant requirements to be implemented.

scope creep

The continual informal increase of scope (addition of requirements) without adequate scope management to control the impact of these additional requirements on the endeavor’s cost or schedule.

scope management

the management task that ensures that all changes in scope have been properly analyzed (based on their estimated impact on the endeavor’s cost, schedule, and success), formally authorized, and adequately documented.
Note that this ensures the scope of the endeavor (measured in terms of requirements to be implemented) is not permitted to inadvertently creep.

script

(1) a small interpreted software program that is a part of a webpage and executed by a browser.

(2) See test script.

scripting language

a language used during used to implement software scripts.
For example, JavaScript, JScript, Visual Basic Script.

security

the quality factor representing the degree to which a system or component prevents, detects, reacts, and adapts to malicious harm to valuable assets caused by attackers
Contrast with security requirement.
See also authentication, authorization, identification, immunity, integrity, intrusion detection, nonrepudiation, privacy (a.k.a., confidentiality), security auditing, and system maintenance security.

security analyst

the role that is played when a person has overall responsibility for the security of one or more applications, components, or centers.

security architect

the role that is played when a person architects the security mechanisms of an application, component, or center.
Contrast with business architect, database architect, hardware architect, information architect, software architect, and system architect.

security architecting

the architecting task during which the application's security architecture is produced.

security architecture

the architectural mechanisims, inventions, and decisions intended to fulfill an application's security requirements.

security auditing

(1) a user-oriented security quality requirement specifying the extent to which an application or component shall collect, analyze, and report information about the status and use of its security mechanisms.

(2) a quality factor measuring the extent to which an application or component actually collects, analyzes, and reports information about the status and use of its security mechanisms.

security audit report

the security set work product that documents the results of a security audit.

security engineer

the role that is played when a person explicitly implements security requirements and security mechanisms.

security engineering

the activity consisting of the cohesive collection of all tasks that are primarily performed to ensure the security of an endeavor and its work products.

security mechanism

a mechanism for implementing a security requirement.
See also access control, decryption, digital signature, encryption, firewall, and physical security.

security policy

the security set work product produced during business engineering that documents the customer organization's overall security policies.

security requirement

a user-oriented quality requirement that specifies a minimum required amount of a quality subfactor of the security quality factor
See also authentication, authorization, identification, immunity, integrity, intrusion detection, nonrepudiation, privacy (a.k.a., confidentiality), security auditing, and system maintenance security.

security risk assessment

the security set work product that documents the results of assessing the security risks associated with an endeavor or center.

security server

a server computer (a.k.a., authentication proxy, directory server, LDAP server) that increases performance by offloading process-intensive security mechanisms (such as identification, authentication, encryption, and decryption) from web or application servers.
For example, a security server converts between secure HTTPS (using SSL) into HTTP.
Note that a security server may provide single sign-on across multiple web or application servers.
Note that a security server typically lies between the first firewall and the web servers or between the second firewall and the application servers.

security team

the team that ensures the security of an application or an organization’s facilities (e.g., data center or contact center).

security technique

a technique that is used when performing a security task.

security testing

the testing of a system, application, or component against its security requirements and the implementation of its security mechanisms
Examples include testing to determine if the system:

• Fails to identify and authenticate a user.
• Allows a user to perform an unauthorized function.
• Fails to protect itself or its content against unauthorized usage.
• Allows the integrity of data or messages to be violated.
• Allows undetected intrusion.
• Fails to ensure privacy by using an inadequate encryption technique.

Note that security tests may be either automated using a security tool or performed manually (e.g., tests of physical security).

sequence diagram

an interaction diagram documenting the sequence of collaborations between objects.

server

See server computer.

server computer

a hardware component consisting of a relatively powerful computer in a multi-tier networked hardware architecture that performs significant processing and persistence of data for multiple client computers.
See also application server, B2B server, chat server, database server, email server, file server, gateway server, integration server, load balancer, media server, presentation server, printer server, security server, telephone server, video server, web accellerator, web server, and wireless gateway server.

servlet

a small Java program that runs on a server.
Contrast with applet.

severity one defect

a defect that causes catastrophic failure of the system or one of its essential components. A severity one defect prevents effective exception handling, preventing further system responses to at least one user.

severity two defect

a defect that causes the system to violate a business rule, a primary use case path, or a quality requirement affecting users.
Example: a defect that causes incorrect results to be returned to a user in response to a query.

severity three defect

a defect that causes the system to violate a secondary use case path or causes an inconvenience to the users.
Example: data returned to a user that is correct but incorrectly formatted on the webpage.

service

the performance of one or more related task that provide value to an organization.

sitemap

a webpage that provides hyperlinks to all other webpages of a website.

smart card

a plastic card (like a credit card) that contains an embedded integrated circuit for storing data.

smart phone

a mobile telephone with numerous advanced features typically including the ability to handle data as well as voice.

software architect

the role that is played when a person produces a software architecture.
Contrast with business architect, database architect, hardware architect, information architect, security architect, system architect.

software architecting

the architecting task during which the application's software architecture is produced.

software architecture

the architecture of a software application in terms of its type architecture, package architecture, and concurrency architecture.
Contrast with business architecture and system architecture.

software architecture document (SWAD)

an architecture work product that documents a software architecture.
See also architecture document.
Contrast with system architecture document.

software architecture prototype

the application architecture work product that models a partial application that verifies the software architecture of an application.

software component

an implementation work product modeling an encapsulated cohesive piece of computer software that:

• Offers a cohesive set of services via one or more interfaces.
• Is designed, implemented, and tested as a unit prior to integration into the application.

software component design

the activity involving the design of the software components.

software component implementation

the implementation task of coding and debugging the software components.

software design document (SDD)

the design work product that formally documents the design of the software components.

software designer

the role that is played when a person designs the software components.

software development team

the team that produces the software components of an application.

software inspection team

the team that inspects the work products that are produced by the software development team.

software integration

the integration activity of integrating software components before integrating the system by deploying software components to their eventual production hardware components.

software integration testing

the incremental testing of two or more integrated software components to produce failures caused by interface defects.

specification language

a language used during requirements engineering to analyze and formally specify requirements.
For example Object Constraint Language (OCL).

stage

a formally identified period or point in time that provides organization to the work units of a delivery process.
See also build, cycle, phase, and milestone.

stakeholder

a role that has a legitimate material or vested interest in an application or reusable component sometime during its lifecycle and thus should be allowed to influence it (e.g., by providing requirements). The following roles are typically stakeholders:

• Customer Representatives
• Governmental Regulators
• Marketing Representatives
• Operations Representatives:
  • Computer Operators
  • Content Workers
  • Database Administrators
  • Systems Administrators
• Reuse Librarians
• User Representatives (of all types)

standard

a convention that specifies the required content and format for a work product.
Contrast with checklist, example, guideline, procedure, and template.

star network

a network in which each computer is connected to a central hub.
Contrast with bus network, mesh network, and ring network.

state model

a part of the object model that documents the states and transitions of objects of a given type.

state modeling guidelines

guidelines used during state modeling to produce quality state models.

statement coverage

a test coverage technique for ensuring that an adequate number of statements are executed by a unit test suite.
Contrast with path coverage.

statement of work (SOW)

is the management work product that models a narrative description of the work products and services to be delivered by the development organization to the customer organization under the contract.

statement testing

a testing technique that uses a test suite designed to achieve a certain level of statement coverage.
Contrast with path testing.

static analysis

a a technique that analyzes an executable work product without executing it.
for example, compiling a program to identify compilation defects or running an HTML validator to identify syntax defects.

status report

a management work product that regularly documents the status of the endeavor.

stereotype

a characterization of an object or its behavior.

strategy

1) the activity

2) the work product that is produced during the strategy activity.

strategy document

the document that formally captures the customer's e-strategy including (but not limited to) customer analysis, user analysis, market analysis, business case, and recommended applications.

strategy inspection team

the team that inspects the strategy work products.

stress testing

testing that attempts to cause failures involving how the system behaves under extreme but valid conditions (e.g., extreme utilization, insufficient memory inadequate hardware, and dependency on over-utilized shared resources).
Note that a stress test determines how the system degrades and eventually fails as conditions become extreme (e.g., the number of simultaneous users increases, queries that return the entire contents of a database, queries with an extreme number of restrictions, and an entry at the maximum amount of data in a field).
Contrast with load testing and robustness testing

subcontractor organization

an organization works for the development organization during the development of an application or the reengineering of a business.

subcontractor representative

the role that is played when a person formally represents a subcontractor organization in interactions with members of other organizations.

subject matter expert

the role that is played by a person who acts as an expert in a given subject matter.
Synonym for domain expert.

support hardware

a hardware component that is used to support a data center.
See also air conditioner, fire suppression, physical security device, and power supply.

switch

a kind of hub that only sends each signal only to the port for which it is destined.

system

an application consisting of data components, hardware components, software components, human role components (i.e., wetware or personnel), and document components (i.e., paperware).

system architect

the role that is played when a person produces a system architecture.
Contrast with business architect database architect, hardware architect, information architect, security architect, and software architect.

system architecting

the architecture subactivity during which a system architecture is produced.

system architecture

the architecture of a system in terms of its logical (e.g., functional) and physical (component) architecture.
Contrast with business architecture and software architecture.

system architecture document (SYSAD)

the architecture document that formally formally documents the architecture of the system in terms of its major blackbox components, their responsibilities, and the relationships between them. The system architecture document also documents how these system components collaborate to implement the architecturally significant requirements.
Contrast with software architecture document.

system integration testing

the testing of integrated system components. Specifically, system integration testing is the testing of software components that have been distributed across multiple platforms (e.g., client, web server, application server, and database server) to produce failures caused by system integration defects (i.e., defects involving distribution and back-office integration).

system maintenance security

(1) a user-oriented security quality requirement specifying the degree to which an application or component shall prevent authorized modifications from accidentally defeating its security mechanisms.

(2) a quality factor measuring the degree to which an application or component actually prevents authorized modifications from accidentally defeating its security mechanisms.

system requirement

a requirement for a system application including data, hardware, and software components.

system requirements specification (SRS)

the requirements work product that formally specifies the operational, data, and quality requirements of a system as well as any major design constraints on the system.
Contrast with application vision statement.

systems administration

the operations task of administering a data center and its associated production environments.

systems administrator

the role that is played when a person administers a data center and its associated production environments.

system testing

the validation testing subactivity of testing of an integrated, blackbox application against its requirements during the construction phase.

system usability testing

the system testing of an application against its usability requirements to determine if it contains any usability defects.