Skip to content

Commit

Permalink
Add more uncertainty classification information.
Browse files Browse the repository at this point in the history
  • Loading branch information
sebinside committed Apr 22, 2024
1 parent 8b4ed7a commit 9e779a3
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 40 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,23 @@
},
"Type": {
"name": "Type",
"description": "Describes how much is known about the uncertainty and how it can be described on a scale from only being aware to having precise knowledge."
"description": "Describes how much is known about the uncertainty and how it can be described on a scale from only being aware to having precise knowledge. This only provides a first estimate and may change with growing knowledge."
},
"Manageability": {
"name": "Manageability",
"description": "Describes whether and to which extent the uncertainty can be managed, reduced, or mitigated."
"description": "Describes whether and to which extent the uncertainty can be managed, reduced, or mitigated. This only provides a first estimate and may change with growing knowledge."
},
"ResolutionTime": {
"name": "Resolution Time",
"description": "Describes the rough time span in the development process where the uncertainty is usually expected to be fully resolved."
},
"ReducibleByADD": {
"name": "Reducible by ADD",
"description": "Describes whether the uncertainty is resolvable by an architectural design decision."
"description": "Describes whether the uncertainty is resolvable by an architectural design decision, i.e., a decision that specifies or restricts a software's structure or behavior, limiting the design space."
},
"ImpactOnConfidentiality": {
"name": "Impact on Confidentiality",
"description": "Describes the potential impact on confidentiality requirements. This only provides a first, system-independent estimate."
"description": "Describes the impact on confidentiality requirements. This only provides a first, system-independent estimate."
},
"SeverityOfTheImpact": {
"name": "Severity of the Impact",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"Direct": {
"name": "Direct",
"description": "Direct impact on confidentiality.",
"exampleText": "Directly affecting personal user data.",
"description": "The uncertainty has a direct impact on the software system's confidentiality.",
"exampleText": "Uncertainty related to the input, processing, or storage of sensitive data like user data.",
"exampleImages": []
},
"Indirect": {
"name": "Indirect",
"description": "Impact only in conjunction with contextual factors.",
"exampleText": "Architectural Design Decisions (ADDs), Uncertainties",
"description": "The uncertainty only has an indirect impact on the software system's confidentiality that usually relies on other uncertainties or other contextual factors.",
"exampleText": "Uncertainty related to architectural design decisions, or security measures.",
"exampleImages": []
},
"impactNone": {
"name": "None",
"description": "No impact on confidentiality",
"exampleText": "If only publicly available data is affected",
"description": "The uncertainty is expected to have no impact on confidentiality at all.",
"exampleText": "Uncertainty related to handling non-sensitive data or within well-secured system parts.",
"exampleImages": []
}
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"Fully": {
"name": "Fully Reducible",
"description": "Reducible",
"exampleText": "By acquiring more knowledge, Comprehensive simulation",
"description": "The uncertainty can be fully resolved with appropriate means that mitigate its potential impact.",
"exampleText": "Acquiring more knowledge, making an informed architectural design decision, or applying comprehensive simulation.",
"exampleImages": []
},
"Partially": {
"name": "Partially Reducible",
"description": "At least partially reducible.",
"exampleText": "By applying scenario-based mitigation strategies.",
"description": "The uncertainty is at least partially reducible which reduces the potential impact severity or limits critical outcomes by appropriate mitigation techniques.",
"exampleText": "Applying scenario-based mitigation strategies, or system-wide constraints and policies.",
"exampleImages": []
},
"Irreducible": {
"name": "Irreducible",
"description": "Uncertainty cannot be further reduced.",
"exampleText": "Due to its aleatory nature.",
"description": "The uncertainty cannot be further reduced as there is no reasonable way to achieve the required knowledge at this point in time, or at all.",
"exampleText": "Uncertainty with an aleatory nature, that cannot be resolved at all.",
"exampleImages": []
}
}
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"Yes": {
"name": "Yes",
"description": "Uncertainty can be reduced by taking an ADD.",
"exampleText": "By designing the system in a way that the impact of the uncertainty is (partially) mitigated.",
"description": "The uncertainty can be reduced by taking an architectural design decision.",
"exampleText": "Uncertainty that can be addressed by designing the system in a way that the impact of the uncertainty is (partially) mitigated.",
"exampleImages": []
},
"No": {
"name": "No",
"description": "Uncertainty is not resolvable or treatable by taking an ADD.",
"exampleText": "The behavior of a user with a software system.",
"description": "The uncertainty is not resolvable or treatable by taking an architectural design decision.",
"exampleText": "Uncertainty that is outside the scope of the designed software system, and cannot be properly addressed within the design process, e.g., the behavior of a third-party.",
"exampleImages": []
}
}
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
{
"Requirements": {
"name": "Requirements Time",
"description": "As soon as requirements are defined, the uncertainty is resolved.",
"exampleText": "Confidentiality requirements",
"description": "The uncertainty is expected to be resolved as soon as the requirements are defined.",
"exampleText": "Uncertainty related to confidentiality requirements or security policies.",
"exampleImages": []
},
"Design": {
"name": "Design Time",
"description": "As soon as the system is designed, the uncertainty is resolved",
"exampleText": "System structure, System Componets",
"description": "The uncertainty is expected to be resolved as soon as the software system is designed.",
"exampleText": "Uncertainty related to architectural design decisions, the system structure, or components.",
"exampleImages": []
},
"Realization": {
"name": "Realization Time",
"description": "As soon as the system or parts of it are implemented and deployed, the uncertainty is resolved.",
"exampleText": "Where a software system is deployed and used.",
"description": "The uncertainty is expected to be resolved as soon as the software system or parts of it are implemented and deployed.",
"exampleText": "Uncertainty related to implementation or deployment details.",
"exampleImages": []
},
"Runtime": {
"name": "Runtime",
"description": "As knowledge is gained from testing and system operations, the uncertainty is resolved.",
"exampleText": "Monitoring",
"description": "The uncertainty is expected to be resolved as knowledge is gained from testing and system operations, or not at all.",
"exampleText": "Uncertainty related to runtime properties that can be inspected using dynamic analysis, e.g., using monitoring, or profiling.",
"exampleImages": []
}
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"High": {
"name": "High",
"description": "Total loss of confidentiality, or sensitive data.",
"exampleText": "An admin's password might get leaked",
"description": "The uncertainty can cause a total loss of confidentiality, e.g. due to a data breach.",
"exampleText": "Uncertainty either related to highly sensitive data like certificate or encryption keys, or an admin password or uncertainty related to central security measures like sanitization.",
"exampleImages": []
},
"Low": {
"name": "Low",
"description": "Access to restricted information could be obtained but the damage is limited.",
"exampleText": "User input is not validated before being processed by a software system.",
"description": "The uncertainty can cause access to restricted information but the damage is limited.",
"exampleText": "Uncertainty in the input validation that has limited effects due to proper security policies.",
"exampleImages": []
},
"severityNone": {
"name": "None",
"description": "No loss of confidentiality expected at all.",
"exampleText": "The user somehow gets access to metadata when interacting with a system.",
"description": "The uncertainty is expected to cause no loss of confidentiality at all.",
"exampleText": "Uncertainty related to parts of a software system that does not deal with sensitive information.",
"exampleImages": []
}
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"Statistical": {
"name": "Statistical Uncertainty",
"description": "Uncertainty describable with statistical means.",
"exampleText": "Stochastic expressions",
"description": "The uncertainty can be described with statistical means, e.g., related to the probability of certain outcomes.",
"exampleText": "Expressing uncertainty using stochastic expressions, or probability distributions.",
"exampleImages": []
},
"Scenario": {
"name": "Scenario Uncertainty",
"description": "Distinct scenarios depending on the uncertain outcome, no statistical means",
"exampleText": "Handling different types of input data in a software system.",
"description": "The uncertainty can be described with distinct scenarios but there is a lack of knowledge to apply statistical means.",
"exampleText": "Expressing uncertainty using enumerations of scenarios, e.g., depending on the potential outcome or form.",
"exampleImages": []
},
"Recognized": {
"name": "Recognized Ignorance",
"description": "Awareness of the uncertainty but no mitigation or description strategy is in place.",
"exampleText": "The trustworthiness of partner companies that are included in the software engineering process.",
"description": "There is awareness of the uncertainty but no knowledge about potential scenarios or lack of a description strategy. This is the most general form of a known unknown.",
"exampleText": "Only collecting potential uncertainty sources without considering their form.",
"exampleImages": []
}
}

0 comments on commit 9e779a3

Please sign in to comment.