OPF Glossary - S



safety
(1) a user-oriented quality requirement specifying the degree to which an application or component shall not directly or indirectly (e.g., via inactivity) cause accidental harm to either life (e.g., injury, loss of life) or property (e.g., loss of money or corruption of valuable data).
(2) a quality factor measuring the degree to which an application or component actually does not directly or indirectly (e.g., via inactivity) cause accidental harm to either life or property.
safety program
TBD.
safety risk
a categorization of hazards based on a combination of their severity and probability level.
Safety risk is used to prioritize the production of controls to eliminate or mitigate the associated hazard.
scalability
(1) a developer-oriented quality requirement specifying the degree to which an application or component shall be able to be modified to expand its existing capacities (e.g., to handle more simultaneous users or interactions, or to store more information in its databases).
(2) a quality factor measuring the degree to which an application or component actually be able to be modified to expand its existing capacities.
schedule management
the project management task, which ensures the timely completion of the project.
scheduler
the role that is played when a person maintains the master schedule of an endeavor.
scope
The size of an endeavor, application, or version of an application measured in terms of the collection of all relevant requirements to be implemented.
scope creep
The continual informal increase of scope (addition of requirements) without adequate scope management to control the impact of these additional requirements on the endeavor’s cost or schedule.
scope management
the management task that ensures that all changes in scope have been properly analyzed (based on their estimated impact on the endeavor’s cost, schedule, and success), formally authorized, and adequately documented.
Note that this ensures the scope of the endeavor (measured in terms of requirements to be implemented) is not permitted to inadvertently creep.
script
(1) a small interpreted software program that is a part of a webpage and executed by a browser.
(2) See test script.
scripting language
a language used during used to implement software scripts.
For example, JavaScript, JScript, Visual Basic Script.
security
(1) a user-oriented quality requirement specifying the degree to which an application or component shall protect itself and its sensitive data and communications from accidental, malicious, or unauthorized access, use, modification, destruction, or disclosure.
(2) a quality factor measuring the actual degree to which an application or component protects itself and its sensitive data and communications from accidental, malicious, or unauthorized access, use, modification, destruction, or disclosure.
Contrast with security architecture and security technique.
See also authentication, authorization, identification, immunity, integrity, intrusion detection, nonrepudiation, privacy (a.k.a., confidentiality), security auditing, and system maintenance security.
security analyst
the role that is played when a person has overall responsibility for the security of one or more applications, components, or centers.
security architect
the role that is played when a person architects the security mechanisms of an application, component, or center.
Contrast with business architect, database architect, hardware architect, information architect, software architect, and system architect.
security architecting
the architecting task during which the application's security architecture is produced.
security architecture
the architectural mechanisims, inventions, and decisions intended to fulfill an application's security requirements.
security auditing
(1) a user-oriented security quality requirement specifying the extent to which an application or component shall collect, analyze, and report information about the status and use of its security mechanisms.
(2) a quality factor measuring the extent to which an application or component actually collects, analyzes, and reports information about the status and use of its security mechanisms.
security audit report
the security set work product that documents the results of a security audit.
security engineer
the role that is played when a person explicitly implements security requirements and security mechanisms.
security engineering
the activity consisting of the cohesive collection of all tasks that are primarily performed to ensure the security of an endeavor and its work products.
security mechanism
a mechanism for implementing a security requirement.
See also access control, decryption, digital signature, encryption, firewall, and physical security.
security policy
the security set work product produced during business engineering that documents the customer organization's overall security policies.
security risk assessment
the security set work product that documents the results of assessing the security risks associated with an endeavor or center.
security server
a server computer (a.k.a., authentication proxy, directory server, LDAP server) that increases performance by offloading process-intensive security mechanisms (such as identification, authentication, encryption, and decryption) from web or application servers.
For example, a security server converts between secure HTTPS (using SSL) into HTTP.
Note that a security server may provide single sign-on across multiple web or application servers.
Note that a security server typically lies between the first firewall and the web servers or between the second firewall and the application servers.
security team
the team that ensures the security of an application or an organization’s facilities (e.g., data center or contact center).
security technique
a technique that is used when performing a security task.
security testing
the system testing of an integrated blackbox [partial] application against its security requirements and the implementation of its security mechanisms
Examples include the system:
Note that security tests may test software or system applications.
Note that security tests may be either automated using a security tool or manual(e.g., tests of physical security).
sequence diagram
an interaction diagram documenting the sequence of collaborations between objects.
server
See server computer.
server computer
a hardware component consisting of a relatively powerful computer in a multi-tier networked hardware architecture that performs significant processing and persistence of data for multiple client computers.
See also application server, B2B server, chat server, database server, email server, file server, gateway server, integration server, load balancer, media server, presentation server, printer server, security server, telephone server, video server, web accellerator, web server, and wireless gateway server.
servlet
a small Java program that runs on a server.
Contrast with applet.
severity one defect
a defect that causes catastrophic failure of the system or one of its essential components. A severity one defect prevents effective exception handling, preventing further system responses to at least one user.
severity two defect
a defect that causes the system to violate a business rule, a primary use case path, or a quality requirement affecting users.
Example: a defect that causes incorrect results to be returned to a user in response to a query.
severity three defect
a defect that causes the system to violate a secondary use case path or causes an inconvenience to the users.
Example: data returned to a user that is correct but incorrectly formatted on the webpage.
service
the performance of one or more related task that provide value to an organization.
sitemap
a webpage that provides hyperlinks to all other webpages of a website.
smart card
a plastic card (like a credit card) that contains an embedded integrated circuit for storing data.
smart phone
a mobile telephone with numerous advanced features typically including the ability to handle data as well as voice.
software architect
the role that is played when a person produces a software architecture.
Contrast with business architect, database architect, hardware architect, information architect, security architect, system architect.
software architecting
the architecting task during which the application's software architecture is produced.
software architecture
the architecture of a software application in terms of its type architecture, package architecture, and concurrency architecture.
Contrast with business architecture and system architecture.
software architecture document (SWAD)
an architecture work product that documents a software architecture.
See also architecture document.
Contrast with system architecture document.
software architecture prototype
the application architecture work product that models a partial application that verifies the software architecture of an application.
software component
an implementation work product modeling an encapsulated cohesive piece of computer software that:
software component design
the activity involving the design of the software components.
software component implementation
the implementation task of coding and debugging the software components.
software design document (SDD)
the design work product that formally documents the design of the software components.
software designer
the role that is played when a person designs the software components.
software development team
the team that produces the software components of an application.
software inspection team
the team that inspects the work products that are produced by the software development team.
software integration
the integration activity of integrating software components before integrating the system by deploying software components to their eventual production hardware components.
software integration testing
the incremental testing of two or more integrated software components to produce failures caused by interface defects.
specification language
a language used during requirements engineering to analyze and formally specify requirements.
For example Object Constraint Language (OCL).
stage
a formally identified period or point in time that provides organization to the work units of a delivery process.
See also build, cycle, phase, and milestone.
stakeholder
a role that has a legitimate material or vested interest in an application or reusable component sometime during its lifecycle and thus should be allowed to influence it (e.g., by providing requirements). The following roles are typically stakeholders:
standard
a convention that specifies the required content and format for a work product.
Contrast with checklist, example, guideline, procedure, and template.
star network
a network in which each computer is connected to a central hub.
Contrast with bus network, mesh network, and ring network.
state model
a part of the object model that documents the states and transitions of objects of a given type.
state modeling guidelines
guidelines used during state modeling to produce quality state models.
statement coverage
a test coverage technique for ensuring that an adequate number of statements are executed by a unit test suite.
Contrast with path coverage.
statement of work (SOW)
is the management work product that models a narrative description of the work products and services to be delivered by the development organization to the customer organization under the contract.
statement testing
a testing technique that uses a test suite designed to achieve a certain level of statement coverage.
Contrast with path testing.
static analysis
a a technique that analyzes an executable work product without executing it.
for example, compiling a program to identify compilation defects or running an HTML validator to identify syntax defects.
status report
a management work product that regularly documents the status of the endeavor.
stereotype
a characterization of an object or its behavior.
strategy
1) the activity
2) the work product that is produced during the strategy activity.
strategy document
the document that formally captures the customer's e-strategy including (but not limited to) customer analysis, user analysis, market analysis, business case, and recommended applications.
strategy inspection team
the team that inspects the strategy work products.
stress testing
testing that attempts to cause failures involving how the system behaves under extreme but valid conditions (e.g., extreme utilization, insufficient memory inadequate hardware, and dependency on over-utilized shared resources).
Note that a stress test determines how the system degrades and eventually fails as conditions become extreme (e.g., the number of simultaneous users increases, queries that return the entire contents of a database, queries with an extreme number of restrictions, and an entry at the maximum amount of data in a field).
Contrast with load testing and robustness testing
subcontractor organization
an organization works for the development organization during the development of an application or the reengineering of a business.
subcontractor representative
the role that is played when a person formally represents a subcontractor organization in interactions with members of other organizations.
subject matter expert
the role that is played by a person who acts as an expert in a given subject matter.
Synonym for domain expert.
support hardware
a hardware component that is used to support a data center.
See also air conditioner, fire suppression, physical security device, and power supply.
switch
a kind of hub that only sends each signal only to the port for which it is destined.
system
an application consisting of data components, hardware components, software components, human role components (i.e., wetware or personnel), and document components (i.e., paperware).
system architect
the role that is played when a person produces a system architecture.
Contrast with business architect database architect, hardware architect, information architect, security architect, and software architect.
system architecting
the architecture subactivity during which a system architecture is produced.
system architecture
the architecture of a system in terms of its logical (e.g., functional) and physical (component) architecture.
Contrast with business architecture and software architecture.
system architecture document (SYSAD)
the architecture document that formally formally documents the architecture of the system in terms of its major blackbox components, their responsibilities, and the relationships between them. The system architecture document also documents how these system components collaborate to implement the architecturally significant requirements.
Contrast with software architecture document.
system integration testing
the testing of integrated system components. Specifically, system integration testing is the testing of software components that have been distributed across multiple platforms (e.g., client, web server, application server, and database server) to produce failures caused by system integration defects (i.e., defects involving distribution and back-office integration).
system maintenance security
(1) a user-oriented security quality requirement specifying the degree to which an application or component shall prevent authorized modifications from accidentally defeating its security mechanisms.
(2) a quality factor measuring the degree to which an application or component actually prevents authorized modifications from accidentally defeating its security mechanisms.
system requirement
a requirement for a system application including data, hardware, and software components.
system requirements specification (SRS)
the requirements work product that formally specifies the operational, data, and quality requirements of a system as well as any major design constraints on the system.
Contrast with application vision statement.
systems administration
the operations task of administering a data center and its associated production environments.
systems administrator
the role that is played when a person administers a data center and its associated production environments.
system testing
the validation testing subactivity of testing of an integrated, blackbox application against its requirements during the construction phase.
system usability testing
the system testing of an application against its usability requirements to determine if it contains any usability defects.