From 9e779a34f2cd0025e4fa5d2034c6b88c70f3598e Mon Sep 17 00:00:00 2001 From: Sebastian Hahner Date: Mon, 22 Apr 2024 17:55:16 +0200 Subject: [PATCH] Add more uncertainty classification information. --- .../src/model/categories/StaticCategoryData.json | 8 ++++---- .../ImpactOnConfidentialityStaticData.json | 12 ++++++------ .../options/ManageabilityStaticData.json | 12 ++++++------ .../options/ReducibleByAddStaticData.json | 8 ++++---- .../options/ResolutionTimeStaticData.json | 16 ++++++++-------- .../options/SeverityOfTheImpactStaticData.json | 12 ++++++------ .../model/categories/options/TypeStaticData.json | 12 ++++++------ 7 files changed, 40 insertions(+), 40 deletions(-) diff --git a/UncertaintySourceArchive/src/model/categories/StaticCategoryData.json b/UncertaintySourceArchive/src/model/categories/StaticCategoryData.json index 1e6594b..e41d6da 100644 --- a/UncertaintySourceArchive/src/model/categories/StaticCategoryData.json +++ b/UncertaintySourceArchive/src/model/categories/StaticCategoryData.json @@ -9,11 +9,11 @@ }, "Type": { "name": "Type", - "description": "Describes how much is known about the uncertainty and how it can be described on a scale from only being aware to having precise knowledge." + "description": "Describes how much is known about the uncertainty and how it can be described on a scale from only being aware to having precise knowledge. This only provides a first estimate and may change with growing knowledge." }, "Manageability": { "name": "Manageability", - "description": "Describes whether and to which extent the uncertainty can be managed, reduced, or mitigated." + "description": "Describes whether and to which extent the uncertainty can be managed, reduced, or mitigated. This only provides a first estimate and may change with growing knowledge." }, "ResolutionTime": { "name": "Resolution Time", @@ -21,11 +21,11 @@ }, "ReducibleByADD": { "name": "Reducible by ADD", - "description": "Describes whether the uncertainty is resolvable by an architectural design decision." + "description": "Describes whether the uncertainty is resolvable by an architectural design decision, i.e., a decision that specifies or restricts a software's structure or behavior, limiting the design space." }, "ImpactOnConfidentiality": { "name": "Impact on Confidentiality", - "description": "Describes the potential impact on confidentiality requirements. This only provides a first, system-independent estimate." + "description": "Describes the impact on confidentiality requirements. This only provides a first, system-independent estimate." }, "SeverityOfTheImpact": { "name": "Severity of the Impact", diff --git a/UncertaintySourceArchive/src/model/categories/options/ImpactOnConfidentialityStaticData.json b/UncertaintySourceArchive/src/model/categories/options/ImpactOnConfidentialityStaticData.json index 0bac309..e1d3b45 100644 --- a/UncertaintySourceArchive/src/model/categories/options/ImpactOnConfidentialityStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/ImpactOnConfidentialityStaticData.json @@ -1,20 +1,20 @@ { "Direct": { "name": "Direct", - "description": "Direct impact on confidentiality.", - "exampleText": "Directly affecting personal user data.", + "description": "The uncertainty has a direct impact on the software system's confidentiality.", + "exampleText": "Uncertainty related to the input, processing, or storage of sensitive data like user data.", "exampleImages": [] }, "Indirect": { "name": "Indirect", - "description": "Impact only in conjunction with contextual factors.", - "exampleText": "Architectural Design Decisions (ADDs), Uncertainties", + "description": "The uncertainty only has an indirect impact on the software system's confidentiality that usually relies on other uncertainties or other contextual factors.", + "exampleText": "Uncertainty related to architectural design decisions, or security measures.", "exampleImages": [] }, "impactNone": { "name": "None", - "description": "No impact on confidentiality", - "exampleText": "If only publicly available data is affected", + "description": "The uncertainty is expected to have no impact on confidentiality at all.", + "exampleText": "Uncertainty related to handling non-sensitive data or within well-secured system parts.", "exampleImages": [] } } diff --git a/UncertaintySourceArchive/src/model/categories/options/ManageabilityStaticData.json b/UncertaintySourceArchive/src/model/categories/options/ManageabilityStaticData.json index 27321b4..f59aeeb 100644 --- a/UncertaintySourceArchive/src/model/categories/options/ManageabilityStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/ManageabilityStaticData.json @@ -1,20 +1,20 @@ { "Fully": { "name": "Fully Reducible", - "description": "Reducible", - "exampleText": "By acquiring more knowledge, Comprehensive simulation", + "description": "The uncertainty can be fully resolved with appropriate means that mitigate its potential impact.", + "exampleText": "Acquiring more knowledge, making an informed architectural design decision, or applying comprehensive simulation.", "exampleImages": [] }, "Partially": { "name": "Partially Reducible", - "description": "At least partially reducible.", - "exampleText": "By applying scenario-based mitigation strategies.", + "description": "The uncertainty is at least partially reducible which reduces the potential impact severity or limits critical outcomes by appropriate mitigation techniques.", + "exampleText": "Applying scenario-based mitigation strategies, or system-wide constraints and policies.", "exampleImages": [] }, "Irreducible": { "name": "Irreducible", - "description": "Uncertainty cannot be further reduced.", - "exampleText": "Due to its aleatory nature.", + "description": "The uncertainty cannot be further reduced as there is no reasonable way to achieve the required knowledge at this point in time, or at all.", + "exampleText": "Uncertainty with an aleatory nature, that cannot be resolved at all.", "exampleImages": [] } } diff --git a/UncertaintySourceArchive/src/model/categories/options/ReducibleByAddStaticData.json b/UncertaintySourceArchive/src/model/categories/options/ReducibleByAddStaticData.json index 8d1124d..0a8f99c 100644 --- a/UncertaintySourceArchive/src/model/categories/options/ReducibleByAddStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/ReducibleByAddStaticData.json @@ -1,14 +1,14 @@ { "Yes": { "name": "Yes", - "description": "Uncertainty can be reduced by taking an ADD.", - "exampleText": "By designing the system in a way that the impact of the uncertainty is (partially) mitigated.", + "description": "The uncertainty can be reduced by taking an architectural design decision.", + "exampleText": "Uncertainty that can be addressed by designing the system in a way that the impact of the uncertainty is (partially) mitigated.", "exampleImages": [] }, "No": { "name": "No", - "description": "Uncertainty is not resolvable or treatable by taking an ADD.", - "exampleText": "The behavior of a user with a software system.", + "description": "The uncertainty is not resolvable or treatable by taking an architectural design decision.", + "exampleText": "Uncertainty that is outside the scope of the designed software system, and cannot be properly addressed within the design process, e.g., the behavior of a third-party.", "exampleImages": [] } } diff --git a/UncertaintySourceArchive/src/model/categories/options/ResolutionTimeStaticData.json b/UncertaintySourceArchive/src/model/categories/options/ResolutionTimeStaticData.json index 76849c3..e4862fa 100644 --- a/UncertaintySourceArchive/src/model/categories/options/ResolutionTimeStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/ResolutionTimeStaticData.json @@ -1,26 +1,26 @@ { "Requirements": { "name": "Requirements Time", - "description": "As soon as requirements are defined, the uncertainty is resolved.", - "exampleText": "Confidentiality requirements", + "description": "The uncertainty is expected to be resolved as soon as the requirements are defined.", + "exampleText": "Uncertainty related to confidentiality requirements or security policies.", "exampleImages": [] }, "Design": { "name": "Design Time", - "description": "As soon as the system is designed, the uncertainty is resolved", - "exampleText": "System structure, System Componets", + "description": "The uncertainty is expected to be resolved as soon as the software system is designed.", + "exampleText": "Uncertainty related to architectural design decisions, the system structure, or components.", "exampleImages": [] }, "Realization": { "name": "Realization Time", - "description": "As soon as the system or parts of it are implemented and deployed, the uncertainty is resolved.", - "exampleText": "Where a software system is deployed and used.", + "description": "The uncertainty is expected to be resolved as soon as the software system or parts of it are implemented and deployed.", + "exampleText": "Uncertainty related to implementation or deployment details.", "exampleImages": [] }, "Runtime": { "name": "Runtime", - "description": "As knowledge is gained from testing and system operations, the uncertainty is resolved.", - "exampleText": "Monitoring", + "description": "The uncertainty is expected to be resolved as knowledge is gained from testing and system operations, or not at all.", + "exampleText": "Uncertainty related to runtime properties that can be inspected using dynamic analysis, e.g., using monitoring, or profiling.", "exampleImages": [] } } diff --git a/UncertaintySourceArchive/src/model/categories/options/SeverityOfTheImpactStaticData.json b/UncertaintySourceArchive/src/model/categories/options/SeverityOfTheImpactStaticData.json index aec0952..e16b4da 100644 --- a/UncertaintySourceArchive/src/model/categories/options/SeverityOfTheImpactStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/SeverityOfTheImpactStaticData.json @@ -1,20 +1,20 @@ { "High": { "name": "High", - "description": "Total loss of confidentiality, or sensitive data.", - "exampleText": "An admin's password might get leaked", + "description": "The uncertainty can cause a total loss of confidentiality, e.g. due to a data breach.", + "exampleText": "Uncertainty either related to highly sensitive data like certificate or encryption keys, or an admin password or uncertainty related to central security measures like sanitization.", "exampleImages": [] }, "Low": { "name": "Low", - "description": "Access to restricted information could be obtained but the damage is limited.", - "exampleText": "User input is not validated before being processed by a software system.", + "description": "The uncertainty can cause access to restricted information but the damage is limited.", + "exampleText": "Uncertainty in the input validation that has limited effects due to proper security policies.", "exampleImages": [] }, "severityNone": { "name": "None", - "description": "No loss of confidentiality expected at all.", - "exampleText": "The user somehow gets access to metadata when interacting with a system.", + "description": "The uncertainty is expected to cause no loss of confidentiality at all.", + "exampleText": "Uncertainty related to parts of a software system that does not deal with sensitive information.", "exampleImages": [] } } diff --git a/UncertaintySourceArchive/src/model/categories/options/TypeStaticData.json b/UncertaintySourceArchive/src/model/categories/options/TypeStaticData.json index 042c959..eb96ff9 100644 --- a/UncertaintySourceArchive/src/model/categories/options/TypeStaticData.json +++ b/UncertaintySourceArchive/src/model/categories/options/TypeStaticData.json @@ -1,20 +1,20 @@ { "Statistical": { "name": "Statistical Uncertainty", - "description": "Uncertainty describable with statistical means.", - "exampleText": "Stochastic expressions", + "description": "The uncertainty can be described with statistical means, e.g., related to the probability of certain outcomes.", + "exampleText": "Expressing uncertainty using stochastic expressions, or probability distributions.", "exampleImages": [] }, "Scenario": { "name": "Scenario Uncertainty", - "description": "Distinct scenarios depending on the uncertain outcome, no statistical means", - "exampleText": "Handling different types of input data in a software system.", + "description": "The uncertainty can be described with distinct scenarios but there is a lack of knowledge to apply statistical means.", + "exampleText": "Expressing uncertainty using enumerations of scenarios, e.g., depending on the potential outcome or form.", "exampleImages": [] }, "Recognized": { "name": "Recognized Ignorance", - "description": "Awareness of the uncertainty but no mitigation or description strategy is in place.", - "exampleText": "The trustworthiness of partner companies that are included in the software engineering process.", + "description": "There is awareness of the uncertainty but no knowledge about potential scenarios or lack of a description strategy. This is the most general form of a known unknown.", + "exampleText": "Only collecting potential uncertainty sources without considering their form.", "exampleImages": [] } }