ࡱ> nYL_-(ey/1PNG  IHDRըgAMA pHYs+ IDATx[ E?ʺ#?@yk""*n<x7] bcg68mx?mKY -"<fP^  O`J @@ V6xrʀ>Z)j8-A=԰}  %4ua¬%=b# d14q\ '8N'Sk]*Ws 4c LYUc)bGJӷ3m )pF&=O6be ė޽٥u𵡷I¡ qg'Vqg 7kbg ^5,b-x%b;`]0ηh5{q(62x;Wڹج82@WCsTm& A7^iz0 b`.` |`gCzGPxCn~ b(^r[fJ[/)`(R/^n1 Q`Kɸ؍ ZP0 &Mfv;ϟ`d1&MM|9ѕ9o0I6y4eoPE cY 0:88e7EP'4ULa4MI8mc$l`=Fj\.bsl5`ELRr` 9q^qr0j5te2iV[,d[43*@'8 1cjYiD K9K*"iV}(ĠԀ[ jV*eݡ[ f6XylrZP\#-0 Vq(sJɛ>#AL@#U? we+MBNs @Cg)c9ń]GRc oS@bT.qB F{D P  z$2題]{Mxl,vj]*g$wou)rW t-o [gYp)'؈cە}&fT#37x!bZֵ%oh{&4e8Fz!  Y!WΊm:M M wPbgl]hq vɹr9-`]&q-*汩/@M,1aCcr@ʱ[lv2/d]Dd1ox{dmk]հ$dnRn [(@ߣ=ʾU"T2^KEJvrk/WV6 ' ,0 G)?Ë4a{׼|=婖}i<ڂ,*cVKɛyp^ut?(]d1 aKs֥3՜+ 4, y1l$..Ҫ < HY a^Aj F}h^/*,ݫD5pQkzzzNQd1, ư0؄wG c!uGŰ ؊tu9) *j@v04;АOU3EN/ @Fx%⧎שƃ*H[Š4,x0`>#P A|P9Ls)꫽XNyYJ,Y&\]įEOU8Y}fT2;AP01] *my.z}ܤO(LFP3aMJR)~ e(}:5EyU:~vY Z%,":Tki{ǭS*`i%QDU&BEݘ]DOJX d11mrBS[ ¬y;JPdžzn9MlQXǹhk2i"d1dqn]MlS$[z#@bHnNAl6jkt:#?5RUCPS@·j V~G:+JfS *` b(0tmgz&5 dQ~q&wmdV d{kbKs9E92:@-DKb2Iy'N'}*N`$<Y9۰z&WaL׽MP3JYx^$xO0ZB^zRg%xr,S eewV?jEl-\n;`դ#B|m.xQP)Œi^?e@}}z-mhӍ6=H!]isdBwWBw5u5qsϋhMnw`|D6^rL0yX? [R&l;0GÊrmt4KCTThR<\ޕbhn%6l VN1D{c,T>?ő{'Z`?Y؝2X 42 bV,d77:܋%*0݆tN2 c:yK)[phƐ*XT k@֛6,X1U6d^!1;} ښY uq=S{~?trM܅x~IOgo}TuRDAASy 37>%.jj4TAŞ~XY (hZwnpʋbZv㉮] y8~GZo]`5WHP˖J Y ).Ɵ>ӷI(R;1F߳g4īEdy,75nIGK/t]e`ZIoXω,n밭J~ig8y 'h{T]ƔMΠjA T}ݪK]{j-)B^%T2L3(⩈'Vn[[lj[>ׂ|q-7dQy/$dqdp!97@ǶOkm]5z =_^iui&Uw4;zβW_Ho8* }b$WN)8UZ1˵sɬ.dq-] Ҁpa!x&>ekv hmU]~y֢T1ŝNca/x'?8$8\92X{aI$Z]YrcxeJW׬Z]j{U=~WK58h.G}lI+9{\`@ߣ_s=~,j'\3xLX/YTNpO$)d x[ˏZb+g.%^E~ R:|^o٦/VxveٚpA'zey:+ȝl<so"}dcNc& ]o S|!noB.;@΢CU*"%Zg^-Oydq7qeQ';J> ϻ[&*7Z[p 8J06Ntjg͍c') #cZ#Qeѐ^=[6 8Lan7C,$`|IVAجS@4ClM&FOR NQk,AɠdqE!UI1:%"JD ZA]縉 t 9CzOfD7\kciͨmgtrxlʔ c􎲐mڪ$-}n6\i"mCcmWI'Nk}I`'sr`,_\Z}hĊ[rg kɽYvG[Rzmle^/XW C~n7B)`t+AF1`^l«"Rt2Ubq,w+ȐVFYbн4a'F\BӦ1_ϳ)4x.-s {od V@'Wg"Xeل߰iD鞞O,qS/Ԑ;%vM xmc eO,ؘ ċxĒXq8=gDΌȬ"WoŴWPz[Ů|IT wSuY@ tiV^> mAoR6o m:vkJ; mqA䵑H )GHH,do8A׹clǮ)/1!ؼ$r5V 0JxjƋɼe,Gf{ps^&4݆k4LX:mN;]Wq4k[]h \f7_ǫtKRdDŽDY%<~RU^{cwG]=Do;=gّY0<r8m%7]- Ы  {{Vz2t74]C5xu#4))<Yܝ[P9RwpÑ=|ͱnxH&ya <хj!?+4q=7^ [ޮ5fTGIq3'v ]+;kTů̹Ӊn3-Dx`OvmL(O0Lv{-טE0UUbM\5V}cxnqqYwM3Q-Q"3k_0=`K; ;7-tVޥtws DwIJY6{ocB6]=;w[Ӣn3@I?tz ;$=2{0+ & ıػ.Gı+?+Y.6c- q۞?-p)V]iVg^^_@b}[vYuhjz?ЉX77pQj 6J] ^rzc]Xb&BХ z\^%MnP^2%4tHs 3KG654yO@rkA,~pi&ylxǚ?Ik?9egleN["׷W6.<i^/J,՛ۧRcR RЕLk6my4'k0XcL O)c.ip=,؋ٕu7u 1XbbYEsoٮId&w3GU[#\Y5B9®UVLleMD`>[uRܕжk1H[؟kѯe)?^Z+Mb,锽!Ix:#߻c9ȎGleN (~N6vnK(%44g+U'Sfٴk}r>Lt|dnΙ:5W}$_ګv-)lpc 3xBԷm+gǖcRS]/YA=, eA9TNrp+{VO;sې[Dp!}=ѧK#7]Z /k@M(툻2 1P;5qμ+= r-v' 3U J܇Shvji8AG5 /nQ0tk}͆^ z(BcxW5thv.5Oٽ+yI:/APإe;`99?ⶢ-*N}bo;Eh lb٭w&Wcf;uo݅>_r;EIy+wVďxٖMT}>voȦ="2AnrU|3UmI nq&FWi7ڞbeYCMHuPgHو8 ӅhOr]=]/J!ӣ?A{o'vy9Ѓ;1DGJn_I$ĻaIy(O W$3J笌 M|hQl`&3{!=mα_ F*쭆̊Bh|TR4ljg cn.!2v5FDd^ʹcxyzvmт.r[9F~mKAȯ(d 5WIғ/jZl* m|h2uկƋ5 e%lKCM]ޮkcx=삦om5vei!Rx{x1Æҵ;pb,PosJ4 H-. |̷J6qeІo9{Y)6 R<* 8 m^964޴U-ܺZڞM܊Gr6}MH;FzޚeV8 z|󸢘-f{}>%GCC,ERRu*j wV:y4_PL'x6)tl6Imv:*^3x8(((JDd(2Ya3WxmLěE̩4x#mQB9#+$X92VaOtmOVD^1.W^nۅFMdLĔFms$ce\}7~(ؕr}N1Ik3 .IaE!kDWdEUUyX]{ IDATU8V~.x&&W8U+p夭BbW m EmQD^=lY?KcqCVy .b\ jR ,=\n0FGBb(dqc ]mQD'=EYT܉>T3:#],K.v(A>F `9eP_8<t9.nB S4| ~G,DLos?p n%#=5yz}^ܶ<`&3SM6 U^r‹O*̕t{ x@,GfWK]ܔ)_V-AwpZihڒGݷ4${ܘƮ dq_uUr:%<%u܉KRcsG {;䆰ĔnbxBV[r9!c}tR6vʄElKk-h>bkVw7N{s LdONnXe> ` pe R)LH^[pS/j/+f^KC)o0{c@ YܜVm+^Ţ.gB~dNdqK Ykf:Ö ZG-1ᆒפJx!fx3vbΘ{`$O$f(Z2O t E(U2ؐcp|L? kE*`݂ ٜ|o"h!?g`WU \DB:gk)ArODIua$lS譟6&ƒD Ņ̲SX5qCzK d9_p -.^j%lo!5ί©a)[ D`]>a~zcԨ7*?# gR ƒNEx*/_((6>OpPВB5"iP>8S_xcqlxofGo ܣB,΢lbC1 "ҔN?20}N1yyO;TZP {S㼎5'AGѣ+m˖;]^,\+[ؒ&*miMd(Ee6zvmudq~*sŜa>4C/#[Y.Bw<9k޵w+2m . ޽l h.H/l{庮 yN.Xd?vcMlA0jķ:~T8b\ rJH[}|~{0s+ڂ2xoX2~=(e9Tn^cvn~wAjY6M|2~{oϵ1HtUɡXf h̠ny,~&1s HYۓ2IV+Pi^*߬/=~gSQ[Y6/U nkCota b@tT02Hyf5 W>yBs r2\+cǶj}b'bL un1mk{~#aڌ76K3ڲM< B 9$=,CS;d^hUZֈ ҔKCr_d Fm6HٰxcaY& xuͯIY毢a=YMGţJcpYߊIJjX^ $S*uajn  (Pb)y&r*g RڐI"~[-qaj5&pmDn=A,#~P+|h9x gCzecKZsMg YZʝulne׌[yս3@[ 6pK x#y@}~xS2j[T@OІZ=fۆ􄦕s6i.Wzqjx&/$כc+&lMca 6oU (F[&^B C<;2UZx&YXkֲ!PM+zODo9B]K[.9o/>o6\==U$6X ޳vpdn7 JL X{U7A#ҽ%{ք:PRM ›N߹4ژy&(\ʲ%լ&3ѕy:аɿ&#sjx;e1x37Dd̅MW ʔ`D,F[nv1Y0X AltBNЧ~]]Wb^Q'OB,E{m`8D,F6Apm= kLE,}D^=Q Zm"Y̫Aw%vXs+D\cvMۆ.Tհ%ȐU4qALY&q[r٬_E+RٓQxw\3~iDoƳ Y#2leҼ >o).C]$ׂ؆\Y|u-GCN& ] 5#Y,ejZ8J*5u+s"xTXUt^MR{؞%\؝`e%N@Suqd厮G5|^wv-9\N$k#u( &ᮔ |P.3Y )䋳W6oMm/-Ũx1vynoDп+o;AyR=@J:d1(itI7AB%[ *^ Xr]wؽ圾a#F@" Z`K&Mȣ{ cry9f-LnxTLg@#z@&WPޕ6wG&mS7tQ6"Kbͫ VKdaܤ8GL6lrW5hY\&)w@<= 㤿$RjZk-.pF^L$8g"̩y }؉{ԧ &.+^Bǟ$}|lz ; U Xyۺkυki'+Q7/B >ǻ䳣"/W> &v$|\z[/D)w_6g AXdnxfO?v ~ygbY ~ko/zb|‡.wTzj=H)NGI P /A+uk5Qy YPԳ6qlkIIE,Jԡވ);nJ~m@WJblX) gEٚ4jk `Eb9A[pʶ-%Qy7CqTY"+#t4f8tq..sEDF7 _4lkTBűRt0\&O0iqY&fB3ePlq:YZ\" ).j&v{,qܝЛ̓~Nq?5jű̥{tn!?QbrY!ua01Q'` |1NaZ^?kKdUs'x0C$ f1q$rrv:\%ߴX0 0 dqc䷋7~pC>Ω"bx&F($Ukz9hHBMFGĈ}CVv؏P')-ZGJ6)ڝ_)e.,//$hSDSpM-F]$B&K[|-L #4,7"1LЖ)#hq%vXXD/14NЦ3֝B!v?Z5@4[- UhftSѥ?z|+s.Fo$8up6n*Nlc?nyKFiOF@s?,⧻*:1BNF\iGPdtOw1+O&k$F#[,%'"GSj'?q$M.ȕF2BmP0r=cQE Jattw{[c~gms-:L &2t7ԅfs[|ElGf泄#(<R1 9%9Rn '09R'tK\~si$޼H`H=̪9N7`飫f$U <f!`s!q獗vcNLkfz] j&JuUyH\0BǃPĽ,wQZQ:hU A tpǞPF%"W@cU2{o`MaݻSUM;ޗzP1I{v߾-,%ժaɥ kUjry1W. pc7o>vV!>>1 '8N'Gk](^2D':e|T@C|܋CNAo*/d7S'h{/?| *4qu&z𵦟[ bкJ)3Fxr~C Ah8r o]Zv%3(cd114oe:'d1@/M1Y o絚e p,W3EۀcRXPf,fZ,M 8]1n1h&Y /ebHs0,@+k1^2?͉] V׺S6|Ϙ9`wK# p-\8h%m>vT\|8Xd1lNY]Fldxꐈ聭@1 f_Zvwę*ٍCphPRArXD;Ža{; yY .>ϟ_Sqw%[,9`S.IǤceH +"bˮs~`S+y\1qX`s 6Ǖt˄,q) Q1g 7,ħl~pR|}1l^Ja|}X.qw+Bs?v6k@ wt8mb|2m& W6Y 8\K6jb7Xϳ[}7h&|pdGFÞ n&Cx^E2ߜ]0maۭ?{GÆgh@T} )'j>zgupbMp.{d&y?{g2c bh=o kDȵ2ϸG4+xưUnwqVIurқԔ-Ԁ;"rir4gܩ9h Bsoxˮ;#}E{P Cz?5$9kdL*Axbod3IDAT9TqkUlD)'ajbV!4c( G&KHxB%;}2sЗ=B4aPy5ǘ8yF Wp4ҍޭ{[VZ Y &2FH0F١x?emkgiS1,JGY쉛Duɩ/bX&X؏5i+0>Dm2%ؕBЈ$QN $f\7WlS),;*yuS9+xeEݵr/-?QiVfG-Snj`ntL_gf% SKTmfIF,ZW0+?|i=Sa!:o1$'\; ܔʃ.)"8HQ[uf3ߺQ1bf\L/@b 9߰XHQ 4$_r``n ЃV"R?[*Va 3B_ri5*)Ccys?a= %H,{v\i][7•׷;Mjb2W;`.b}O 61$V rid Г% 4S+N?^c;ķK*Ucb'x!OT=$ YkЛK*B/Yzb w  &C:CӖ^9bFNZQH.܎TK8+~= w6/7&jH@{*o-+9hʰhtPHYlJKK"Ut9XP%FU4""ujorS-SNͶ`ɃfLnVxn7T-ᮟQ|6`uJ* @퐻L N,LI Œ8Ƙ?^RR1y߁ؚ$q{ l1;@%JdbԣͣVx- &h* 㚾 ^7ƨ?:6bʼn ij]3[v РUX$xb ف޲+9Fn2)0Wg s->N Y_}[MKӝY*x cs\̴[Z8TUA(rT]"r4sXUx!fu c{ \w xo9oĦkJxk/Em+EΫT=d W kĶxؚ?HPAձ</Fl P0>[z$ 14A j <@!MDGr0q;/`$(YH`HzDI-Ɍ$ FY}j.lA)` bDKOŃ= TP ӽG+WP^<d1, BY m2Vf"^đgcCW 3ٌg?*9>q_}s>$o3a^0=,^ʣ`e1X\D KcU:/Xy TA0KiU[O7Wcn ;h &Dl=*KıNQd1 [G0㳙q?kw~:հm> Y 8?)Y`6lAq8> զox%j8\gJ/l{p:n1tg YbV]) v"m&V KT]SkbYJ,w.`:БK3u+mJc2|,KfY [ jzr2i[,ʶOYIyyƫPIGd_x~Zˀz*c= =ͅZhbN* e e 11U8t~[0!rioYٶ ޕ^M%gn+S^-XTO UtLXvW䚊1Hps{tל2lg ip Wzk侾bҟbO 71\p [}%H F9x{^q{Z!n1Į=(w5Mo7<)X~p[ 5q)+ Vg!"[kYA,yi9tӇT`E>{HOCsֳۥ}J5>}G72,&\edj"Sәӄwe bNu~xsMޠ_jcs di9wmZȺiW՞I徼HV[_ }0VMrir[gDa>, ~i9/(w,rBH32k{J(UE:#zirG&.сB} |`~hsz2YЕ+miʶ~HZ'ST s|f Ws~Kb0o|[]"MbU HxzjPo8ϿKN1QA&Ωv:\OMz-2B[ؚrlNei SgG%Z1]޻4MP&x2?5(㗀,O'5vKu-/V҃V@3C-1myb{P"ӧw2d1^ +U5E[ _!}PvW kmi>V-7otЧOoېwv`Tusɋ|Q$![@ XWNɏ9NT{NLAV%4=Bx$dK`d1OPxj7(bȘU0}fg;9Y쯹{mƬz'Q!b- 0) Ku:x:ET%)s#FRe!I3Q쌵(mtDKj^M֒)ӵެ޼i)-{'K}kE25b5M]'lbE5 eחIf?oOʊvmg{쩱&?m\TrTG%b+I7+u%*NZ3c]gBu]hm9A tpN'B-EPzB#IƹދZ)ͷ . @R|=v}<4J'tҵS2 F6D&__%؇bJfg P{[ٖJX'Y w*%46}Z5챍8FY )4\}Ӓ't(ǨaXd1 y9`;c)-A&3O!`K pY ,0'sIENDB`(  / 0DTimes New Roman̳0~0DMITRENew Roman̳0~0R DArialNew Roman̳0~0"  @n?" dd@  @@`` ldX*LQq tL .K38$ Y ;H ( > 3>?$$b$5z@u1Il1Y 0AA wwwf@8'g4KdKd~02 ppp@  <4BdBdg44d4d~0p@ ppr0___PPT10 2___PPT9/ 0? -O =U 5Mapping Assurance to the Software Engineering ProcessUAlfred H. Kromholz, Ph.D. The MITRE Corporation kromholz@ mitre.org +1-703.883.7331V2$<   !#$%& Where Does Assurance Fit In?&Two broad customer circumstances Functional expectations but no assurance requirements Expectations may be informal  mass-market,  shrink-wrapped products Expectations may be formal  supplier requirements documents & specificationsZ!6 6     Current Work & Future Directions  7Using Adelard Safety Case Editor to Argue a Safety Case(87$+.Arguing a Safety Case: Basic Supplier ApproachF/8Arguing a Safety Case: Standards-Based Supplier Approach92Arguing a Safety Case: Justified Supplier ApproachF3 2Arguing a Safety Case: Requirements-Based ApproachF3 (Arguing a Safety Case: Consolidated Flow&)( /= ` ̙33` ` ff3333f` 333MMM` f` f` 3>?" dd@,|?" dd@   " @ ` n?" dd@   @@``PX    @ ` `p>> kc(    6$0 P  T Click to edit Master title style! !  00   RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S   00 Pp   (*Copyright 2004 The MITRE CorporationD)       0D1 Pp  ?* H  0޽h ? ̙33 Default Design  B:`( ~@\   6ā p  T Click to edit Master title style! !  0  `    W#Click to edit Master subtitle style$ $*  0 `   (*Copyright 2004 The MITRE Corporationb)       0D `   E* B  s *޽h ? ̙33 0 @l.( X@~@ l l 0D7 P    Y*  l 07     [* d l c $ ?   l 08  @  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S l 6 `P   Y*  l 6D `   [* H l 0޽h ? ̙3380___PPT10.`p 044( #}  4 4 0d5 P    =*  4 05     ?*  4 6$6 `P   =*  4 66 `   ?* H 4 0޽h ? ̙3380___PPT10.e6 Ph-( w hl h C p  ~ h C  h    h 0Ą  0@ 'Copyright 2004 The MITRE CorporationX(     H h 0޽h ? ̙33G   ,`      (  R  s *P  6t$P h,Relation between Waterfall Process & V-Chart -8Z-M T HZ4R,$Dd 0  Plans & RqmtsV8Z   U HZ@,$Dd 0 N Prod. Design& 8Z  V HZ 7,$Dd 0 O Detail Design&8Z  W@ Ht /{,$Dd 0 K Unit Test& 8Z   X@ H4}o,$Dd 0 ] Integ. Test 8Z  Y@ H)O,$Dd  0 f Syst. Test& 8Z  Z@ H$*9 ,$Dd 0 <Code8Z [ HZ*bQ,$D 0 IConcept&8Z  \@ HD+X,$Dd  0 ] Accep. Test 8Z g l 8 8,$D   0lB w <E-^ x 6+A =Concept0ZlB z <E~-  { 6d,+[  NPlans and Requirements8ZlB } <E /  ~ 6$-L x  DProduct Design0Z  6- $l  <Code8Z~2  N~G+B#style.visibility= `B<*D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*[%(D' =%(D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*T%(D' =%(( D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*U%(D' =%( D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*V%(D' =%(D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*Z%(D' =%(0D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*W%(D' =%(D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*X%(D' =%(D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*Y%(D' =%(8D' =A@BBBB0B%(dD' =1:Bvisible*o3>+B#style.visibility<*\%(De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*D' =1:Bvisible*o3>+B#style.visibility<*%(Dz' =%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-o6Bwipe(up)*<3<*D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(left)*<3<*DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(++0+T% ++0+U% ++0+V% ++0+W% ++0+X% ++0+Y% ++0+Z% ++0+[% ++0+\% ++0+% ++0+% ++0+% ++0+% +) 7/#-,( w ,R -, s *pF x  , x  , 0d5x+ @ Conceptual 0Z  , 0_ NPlans and Requirements8Z , 0/ [  DProduct Design0Z , 0   <Code8Z , 0P 0  C Detail Design0Z  , 0   ? Unit Test 0Z  !, 0Dp/ [  FIntegration Test0Z ", 0_ A System Test 0Z  #, 0  EAcceptance Test0Zjl @i %,i@,$D 0  , 0$@ih" =Needs8_  , 0Y KSystem Requirements8_  , 0) a  NSubsystem Requirements8_  , 0dP   >Elements 0_  , 0$  LElement Requirements8_ , 0 / B Element Test 0_  , 0p) a  DSubsystem Test0_^2 , 6T@/^2 , 6T_`^2 , 6T/ 0 ^2 , 6T P ^2 ,@ 6 n^2 ,@ 6  ^2 ,@ 6.?^2  ,@ 6^_^2 , 6$  , 0T FDevelopment V-Chart Starts with a Product Focus to Process Abstraction<G8Z0dl  ,,$D 0`B , 0DA A  , 0Bp  TAnalysis phase (Decomposition)Z , 0 H TSynthesis phase (Verification)Z  ,, s *DT,$D 0 CDevelopment V-Chart Shift from Product Focus to Process Abstraction D8ZDH , 0޽h ? ̙33___PPT10r+[D' = @B D' = @BA?%,( < +O%,( < +D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*,,%(D' =%(D3' =4@BB BB%(D' =1:Bvisible*o3>+B#style.visibility<*%,%(D' =-o6Bdissolve*<3<*%,D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*,%(+8+0+,,% + ww : Nw( L  0 s *!k,$D 0 z #   1  # ,$D 0Z 2 s * q Z 3 s *#  Z 4 s *  Z 5 s *  Fz d *e  6  d*e ,$D 0Z 7 s *d e Z 8 s * *a  9 s *I[I,$D 0 : <XP,$D 0 h2For efficiency, focus on interfaces & interactions3Z3"`R / s *p  0ĬY KSystem Requirements8_  0) a  NSubsystem Requirements8_  0D   LElement Requirements8_  0) pa  DSubsystem Test0_  0įp 'Development V-Chart Process and Product@(8Z B @ s *D)<HH,$D  0z    . ,$D,  0ZB  s *D>ZB  s *D>ZB  s *DԔZB   s *DԔ ZB ! s *DԔ ZB " s *DԔ ZB # s *DԔAA ZB $ s *DԔZB % s *DԔ ZB & s *DԔ ZB ' s *DԔ ZB ( s *DԔcc  z 6   )  6. ,$D,  0ZB * s *Do6  ZB + s *Do< < ZB , s *Do  ZB - s *Do  ZB . s *Do ZB / s *Do 4 ZB 0 s *Do  ZB 1 s *Do: : ZB 2 s *Do  ZB 3 s *DoR R ZB 4 s *Do  ZB 5 s *Do  ZB 6 s *Do  ZB 7 s *Doq q ZB 8 s *Do  ZB 9 s *Do<  ZB : s *Do< < ZB ; s *Do  ZB < s *Do  ZB = s *Do  ZB > s *DԔD D ZB ? s *DԔb b ZB @ s *DԔ  ZB A s *DԔ  ZB B s *Doa a ZB C s *Do ZB D s *Do  ZB E s *Do  ZB F s *DoO O ZB G s *Do  ZB H s *Do+ + ZB I s *Do  z D  J ,$D,  0ZB K s *D>ZB L s *D> ZB M s *D> ZB N s *D> ZB O s *D> ZB PB s *D)HDHNz 1 RC Q q R,$D,  0ZB R s *DjJxCZB S s *DjJGxGCZB T s *DjJxCZB U s *Do2 {ZB V s *Do1 {ZB W s *Do1 {ZB X s *Do2 {ZB Y s *DjJxCZB Z s *DjJ|x|CZB [ s *DjJWxWCZB \ s *DjJxCZB ] s *DjJxCZB ^ s *Do1 {ZB _ s *DjJx\xZB ` s *DjJzxR~ZB a s *Do2 {ZB b s *DoQ2 Q{ZB c s *Do:2 :{ZB d s *DjJxCZB e s *DjJxCZB f s *DjJxCZB g s *DjJ;x;CZB h s *DjJxCZB i s *DjJxCZB j s *DjJsxsCZB k s *DjJ3x3CZB l s *DjJxCZB m s *DjJxxxZB n s *DjJxCZB o s *DjJWxWCZB p s *DjJxCZB q s *DjJ x CZB r s *DjJxCZB s s *DjJOxOCZB t s *DjJxCZB u s *DjJxxZB v s *DjJxCZB w s *DjJsxsCZB x s *DjJ*x*CZB y s *DjJxCZB z s *DjJxCZB { s *DjJMxMCZB | s *DjJ,x,CZB } s *DjJxCZB ~ s *DjJxCZB  s *DjJoxoCZB  s *DjJxCZB  s *DjJxxZB  s *DjJx~ZB  s *DjJ"x"CZB  s *DjJwxwCZB  s *DjJxCZB  s *DjJxCZB  s *DjJJxJCZB  s *DjJBxBCZB  s *DjJxCZB  s *DjJxCZB  s *DjJxCZB  s *DjJxxZB  s *DjJxCZB  s *DjJxCZB  s *DjJ`x`CZB  s *DjJRxRCZB  s *DjJxCZB  s *DjJxCZB  s *DjJxCZB  s *DjJxxZB  s *DjJ.x.CZB  s *DjJxCZB  s *DjJpxpCz    : ,$D  0ZB  s *DԔ} } ZB  s *DԔ  ZB  s *D>t ZB  s *D> ZB  s *D>lZB  s *D>l.z 1e Ό 1e,$D   0ZB ό s *DjJZB Ќ s *DjJeeZB ь s *DjJZB Ҍ s *DjJZB ӌ s *DjJZB Ԍ s *DjJuuZB Ռ s *DjJ55ZB ֌ s *DjJZB ׌ s *DjJZB ، s *DjJ==ZB ٌ s *DjJZB ڌ s *DjJYYZB ی s *DjJZB ܌ s *DjJZB ݌ s *DjJZB ތ s *DjJQQZB ߌ s *DjJZB  s *DjJZB  s *DjJuuZB  s *DjJ,,ZB  s *DjJ**ZB  s *DjJZB  s *DjJmmZB  s *DjJZB  s *DjJZB  s *DjJZB  s *DjJHHZB  s *DjJZB  s *DjJZB  s *DjJkkZB  s *DjJJJZB  s *DjJZB  s *DjJZB  s *DjJZB  s *DjJ  ZB  s *DjJ@@ZB  s *DjJZB  s *DjJ&&ZB  s *DjJZB  s *DjJhhZB  s *DjJ``ZB  s *DjJZB  s *DjJZB  s *DjJ!!ZB  s *DjJ<<ZB  s *DjJZB  s *DjJ~~ZB  s *DjJppZB  s *DjJZB  s *DjJZB  s *DjJ11ZB  s *DjJLLZB  s *DjJZB  s *DjJFz `   (,$D  0ZB  s *D>ZB B s *D)Z`ZB @ s *D)ZZ(,$D  0  0$i@h" =Needs8_  0P  >Elements 0_   0 / B Element Test 0_ ^2  6T@/^2  6T_`^2  6T/ 0 ^2  6T P ^2 @ 6 n^2 @ 6  ^2 @ 6.?^2 ! 6$  & s *d[ A System Test 0_  ' s *$  EAcceptance Test0_^2  @ 6^_ $ 6z \,$ 0 d"Analysis phase (Product Explosion)&ZZ# % 6 l\,$  0 Y#Synthesis phase (Product Implosion)$Z$z W     W ,$D   0ZB  s *DԔ+  ZB  s *DԔ+  ZB  s *DԔ+  ZB  s *DԔ_+ _ ZB  s *DԔ/  ZB  s *DԔ/  ZB   s *DԔ7/ 7 ZB   s *DԔ/  ZB   s *DԔb" b ZB   s *DԔ)  ZB   s *DԔ  ZB  s *DԔ(  `B  0DoW  `B  0Do7  `B  0Do e `B  0Do  z 2 p   2p,$D   0ZB  s *DoZ Zg ZB  s *Do g ZB  s *Do7 7g ZB  s *Do g ZB  s *Do d ZB  s *DoF Fd ZB  s *Do d ZB  s *Dov vd ZB  s *Do l ZB  s *Do l ZB  s *Do l ZB  s *Do l ZB  s *DoZ Zi ZB  s *Do i ZB  s *Do# #i ZB  s *Do i ZB  s *Do g ZB  s *Do g ZB  s *Do b ZB  s *Do9 9b ZB  s *Dom md ZB  s *Do l ZB  s *DoI Il ZB  s *Do g ZB  s *Do ZB  s *Do ZB  s *Do ZB  s *Do ZB Œ s *Do ZB Ì s *Do ZB Č s *Dou uZB Ō s *DoF FZB ƌ s *DjJzZB nj s *DjJpZB Ȍ s *DjJZB Ɍ s *DjJZB ʌ s *DjJ ZB ˌ s *DjJZB ̌ s *DjJ"ZB ͌ s *DjJ2 * <GH P ,$D  0 s?The structure of the decomposition is the product architecture.@@Sz p + l,$D 0`B , 0D   - 0ĵ~  DAnalysis phaseZ . 0 p ESynthesis phaseZH  0޽h ?* ̙33W3O3___PPT10/3+QD32' = @B D1' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*+%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*$%(D/ ' =%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-o6Bwipe(up)*<3<*D' =%(D3' =4@BBBB%(,D' =1:Bvisible*o3>+B#style.visibility<*J%(D' =-o6Bwipe(up)*<3<*JD' =%(D3' =4@BBBB%(,D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-o6Bwipe(up)*<3<*D' =%(4D3' =4@BBBB%(,D' =1:Bvisible*o3>+B#style.visibility<*)%(D' =-o6Bwipe(up)*<3<*)D' =%(T D3' =4@BBBB%(,D' =1:Bvisible*o3>+B#style.visibility<*Q%(D' =-o6Bwipe(up)*<3<*QDe' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<**D' =1:Bvisible*o3>+B#style.visibility<**%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%%(D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*Ό%(D' =-s6Bwipe(down)*<3<*ΌD' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(down)*<3<*D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(down)*<3<*D' =%(lD7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(down)*<3<*D' =%(( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =-s6Bwipe(down)*<3<* D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(down)*<3<*D ' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*:%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*0%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*1%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*6%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*9%(++0+:- ++0+$' ++0+%' ++0+*' +/ &'( 6 R ' s *p  0P0p ;Development V-Chart Typical Generic Products of the Process@<8Z z Z  Z,$D 0f2  6T+f2  6T3[f2  6TS+  f2  6Ts # f2 B 6 jf2  B 6  f2  B 6*f2  B 62Z   0dPu 9Needs 2   0$QU GSystem Requirements 2  0Q% k  JSubsystem Requirements 2  0R 3  <Elements 2 f2  6$ c   0dS 3 1 HElement Requirements 2  H$TS   B Element Test (2   HTO) T5  DSubsystem Test(2  HUO[ A System Test (2   HdV EAcceptance Test(2  H$W̙0,$D 0 > Needs Stmt Z   HW̙  ,$D 0 DSystem Design Spec  HX̙~ 9 ,$D 0 hSub-syst Design Spec   HdY̙p 4 + ,$D 0 DDetail Design Specl  "/ # R/,$D  0 B H$Z̙ "/ ? Test Report Z r"  BH pIn q l T To  $ o ,$D  0 B HZ̙ To  ? Test Report Z r"  BHIT  l  %',$D  0 B H$~̙ ? Test Report Z r" ! BHvIl  &,$D   0 B H~̙ L Test Report +"Pr" " BH Ic-MNH  0޽h ?O !" ̙33___PPT10+(fD' = @B Du' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(Dp' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%( D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*#%(D' =-s6Bwipe(left)*<3<*#D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*$%(D' =-s6Bwipe(left)*<3<*$D' =%(|D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%%(D' =-s6Bwipe(left)*<3<*%D' =%(dD7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*&%(D' =-s6Bwipe(left)*<3<*&++0+' ++0+' ++0+' ++0+' +J ((9= '( h- R / s *p z Z  Z,$D  0f2  6T+f2  6T3[f2  6TS+  f2  6Ts # f2 B 6 jf2 B 6  f2  B 6*f2  B 62Z   0u 9Needs 2   0dU GSystem Requirements 2   0$% k  JSubsystem Requirements 2  0 3  <Elements 2 f2  6$ c   0 3 1 HElement Requirements 2  HdS   B Element Test (2   H$O) T5  DSubsystem Test(2  HO[ A System Test (2   H EAcceptance Test(2  00T 7Development V-Chart When Do We Establish Test Criteria?,88Z7  "/ #  R/,$D  0 B BĆ̙ "/ ? Test Report Z l"  <H zIyn q  T To  #  o ,$D  0 B B̙ To  ? Test Report Z l"  <HmI,T    # ',$D  0 B BD̙ ? Test Report Z l"  <HӔI   # ,$D   0 !B B̙ L Test Report +"Pl" " <H@IeMN $ Hĉ̙Ava,$D 0 > Needs Stmt Z  % HD̙/,$D 0 = Design Spec   & H̙ ,$D 0 G Design Spec   ' H̙ " ,$D 0 G Design Spec   ( H̙ ,$D 0 CAccept CriteriaZ ) HD̙c@ ,$D 0 ; Test Spec   * H̙ ` ? ,$D 0 ; Test Spec   + H̙ ,$D 0 ; Test Spec   , s *$T,$D'   0 GDevelopment V-Chart Typically, We Establish Test Criteria on the Way Up H8ZH - s *h,$D 0 NSame products on this sideZ . s *h(,$D 0 QEarlier products on this sideZ 0 Bd̙5,$D 0 CAccept CriteriaZ 1 B$̙( ,$D 0 ; Test Spec   2 B̙w 0 ,$D  0 ; Test Spec   3 B̙4HT,$D  0 ; Test Spec  B 5 <D) ,$D  0B 6 <D)  ,$D  0B 7 <D) 0 ,$D  0B 8 <D)h ,$D  0/ 9 s *8T,$D@  0 EDevelopment V-Chart We Should Establish Test Criteria on the Way Down@F8Z) : s *`,$D  0 Y%Generally, just barely before we test&Z& ; s * h ,$D 0 = s *$,$D  0 >Z H  0޽h ?O!" ̙33!!___PPT10!+`!D' = @B D' = @BA?%,( < +O%,( < +D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(left)*<3<*D' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*-D' =1:Bvisible*o3>+B#style.visibility<*-%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =-s6Bwipe(left)*<3<*D' =%(D' =%(D@' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*,%(D' =-o6Bwipe(up)*<3<*,DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*.%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*$%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*(%(D' =%(xD' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*)%(D' =%( D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*&%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<**%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*'%(D' =%( D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*+%(+h+0+$' ++0+%) ++0+&) ++0+') ++0+(' ++0+)) ++0+*) ++0++) ++0+,) ++0+-) ++0+.) +) 12(  R 2 s *pl `` .,$D  0xB  HDԔ`{`{  6D >  GValidate / Verify(2l P@O /pO,$D  0xB  HDԔPK@K  6   O 9V&V(2l pG   0G P  ,$D  0xB  HDԔp     6!+ G   9V&V(2l   `  1 ,$D  0xB  HDԔ 0    6d!  `  9V&V(2  0!T y=Development V-Chart Verify and Validate Before Staring Upward >8Z>  B"̙Ava > Needs Stmt Z   BD#̙/ = Design Spec    B$̙  G Design Spec    B$̙ *  G Design Spec    B%̙  CAccept CriteriaZ  BD&̙c@  ; Test Spec    B'̙ ` ?  ; Test Spec    B'̙  ; Test Spec   @ B(̙ L Test Report +"P @ BD)̙' ? Test Report Z  @ B*̙ 4o  ? Test Report Z  @ B*̙ R/ ? Test Report Z d"  <H pIn q d"  <HI 4 d"  <HvId"  <H Ic-MN^2  6TC+^2  6T[c^2  6T+ 3 ^2  6T S ^2  @ 6  j^2 !@ 6"  ^2 "@ 6*B^2 #@ 6Zb $ 0$+##u 9Needs 2 % 0_U# GSystem Requirements 2 & 0_% k  JSubsystem Requirements 2 ' 0`# c  <Elements 2 ^2 ( 6$  ) 0Da 3c 1 HElement Requirements 2 * Hb   B Element Test (2  + Hb) 5  DSubsystem Test(2 , HcO[ A System Test (2  - HDd EAcceptance Test(2H  0޽h ?O ̙33  ___PPT10 +?[D ' = @B Du ' = @BA?%,( < +O%,( < +D ' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*.%(D' =-s6Bwipe(left)*<3<*.D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*/%(D' =-s6Bwipe(left)*<3<*/D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*0%(D' =-s6Bwipe(left)*<3<*0D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*1%(D' =-s6Bwipe(left)*<3<*1+i: ##;= "(  R = s *pl `` 6,$D  0xB  HDԔ`{`{  6de>  GValidate / Verify(2l P@O 7pO,$D  0xB  HDԔPK@K  6e  O 9V&V(2l pG   8G P  ,$D  0xB  HDԔp     6$f+ G   9V&V(2l   `  9 ,$D  0xB  HDԔ 0    6f  `  9V&V(2  0fT y=Development V-Chart Validate, Plan for Verify & DFT/DFM Early >8Z>  Bg̙Ava > Needs Stmt Z   Bdh̙/ = Design Spec    B$i̙  G Design Spec    Bi̙ *  G Design Spec    Bj̙  CAccept CriteriaZ  Bԫ̙c@  ; Test Spec    B̙ ` ?  ; Test Spec    BT̙  ; Test Spec   @ B̙ L Test Report +"P @ BԮ̙' ? Test Report Z  @ B̙ 4o  ? Test Report Z  @ BT̙ R/ ? Test Report Z d"  <H pIn q d"  <HI 4 d"  <HvId"  <H Ic-MN^2  6TC+^2  6T[c^2  6T+ 3 ^2  6T S ^2  @ 6  j^2 !@ 6"  ^2 "@ 6*B^2 #@ 6Zb $ 0##u 9Needs 2 % 0tU# GSystem Requirements 2 & 04% k  JSubsystem Requirements 2 ' 0# c  <Elements 2 ^2 ( 6$  ) 0 3c 1 HElement Requirements 2 * Ht   B Element Test (2  + H4) 5  DSubsystem Test(2 , HO[ A System Test (2  - H EAcceptance Test(2B 2@ HDԔ  R a,$D 0l | :,$D 0xB /B HDԔ| 3 T_ :! FDFT/DFM Feedback(2l rb ;r,$D 0xB 0B HDԔrb 4 TZt " =DFT/DFM(2l  !  < Q ,$D 0xB 1B HDԔ E  5 T'ZT !  =DFT/DFM(2H  0޽h ?O ̙33bZ___PPT10:+D' = @B D' = @BA?%,( < +O%,( < +D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*6%(D' =-s6Bwipe(left)*<3<*6D' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*:%(D' =-u6Bwipe(right)*<3<*:D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*7%(D' =-s6Bwipe(left)*<3<*7D' =%( D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*;%(D' =-u6Bwipe(right)*<3<*;D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*8%(D' =-s6Bwipe(left)*<3<*8D' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*<%(D' =-u6Bwipe(right)*<3<*<D' =%(|D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*9%(D' =-s6Bwipe(left)*<3<*9D' =%(dD9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*2%(D' =-u6Bwipe(right)*<3<*2+@= ##5s$"(  $R n$ s *^2 <$ 6TC+^2 =$ 6T[c^2 >$ 6T+ 3 ^2 ?$ 6T S ^2 @$@ 6  j^2 A$@ 6"  ^2 B$@ 6*B^2 C$@ 6Zb D$ 0K  9Needs 2 E$ 0T GSystem Requirements 2 F$ 0h   JSubsystem Requirements 2 I$ 0. 6 t  HElement Requirements 2 J$ B̙0p > Needs Stmt Z  K$ BT̙  DSystem Design Spec L$ B̙ i  hSub-syst Design Spec  M$ B̙ : [  DDetail Design Spec N$ H   B Element Test (2  O$ HT) 5  DSubsystem Test(2 P$ HO[ A System Test (2  Q$ H EAcceptance Test(2 Z$ 04= bLet s Go Back to the Original Development V-Chart 28Z2l - p$-,$D 0 $ T z- = Rationale Z r $$ BTTl  q$,$D  0  $ T = Rationale Z r %$ BTql m   r$m  ,$D  0 !$ TB    = Rationale Z r &$ BTm  l (  s$(  ,$D  0 "$ TtC `  = Rationale Z r '$ BT( W ^2 [$ 6$  \$@ B4D ̙ L Test Report +"P ]$@ BD ̙' ? Test Report Z  ^$@ BE ̙ 4o  ? Test Report Z  _$@ BtF ̙ R/ ? Test Report Z d" `$ <H pIn q d" a$ <HI 4 d" b$ <HvId" c$ <H Ic-MN d$ 04G # c  <Elements 2  g$ 0G (,$D 0 h.The  Missing Rationale8Z h$ <H G rH! P`,$D 0 ZHow did we get from here&Z i$ <tI GtHZO P,$D 0 U!How did we get from here to here?"Z" j$ <4J GAH 0 @@ ,$D  0 <Or here? Z  k$ <J GAH   ,$D  0 <Or here? Z  l$ <K GAH ,$D  0 <Or here? Z  m$ <tL Gj6H ` ,$D  0 PDoes it need to be captured?Z  o$ <L GrH ` ,$D  0 i5Recording the rationale for decomposition can help us6Z6H $ 0޽h ? _$`$ ^$a$ ]$b$ \$c$h$i$j$k$l$m$o$ ̙33aY___PPT109+R9'iD' = @B DP' = @BA?%,( < +O%,( < +D' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*h$D' =1:Bvisible*o3>+B#style.visibility<*h$%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*i$D' =1:Bvisible*o3>+B#style.visibility<*i$%(D ' =%(D' =A@BBBB0B%( E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*j$D' =1:Bvisible*o3>+B#style.visibility<*j$%(D ' =%( D' =A@BBBB0B%( E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*k$D' =1:Bvisible*o3>+B#style.visibility<*k$%(D ' =%(D' =A@BBBB0B%( E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*l$D' =1:Bvisible*o3>+B#style.visibility<*l$%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*g$%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*e$%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*m$%(++0+g$+ ++0+h$+ ++0+i$+ ++0+j$+ ++0+k$+ ++0+l$+ ++0+m$+ +  @8 ( w R  s *l  C 30     C 3 H<$ 0    0D4 H,$ 0 BCustomer says,  Convince me that the product meets expectations. Customer may say,  Why should I have confidence in your claims? "  L  04 ( ,$ 0 VBoth functional requirements and assurance requirements Customer tells supplier what it takes to convince Assurance requirements may be direct  i.e., included in the specifications Assurance requirements may be indirect  i.e, specifications identify product and/or process standards to be followedF8 #  H  0޽h ? ̙33___PPT10.+} <Dw' = @B D2' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*!%(D' =%(DM' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*!W%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*W%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*&%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*&g%(Ds' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*g%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*a%(+8+0++ +lN ""5  ( w  l 0`  `,$D 0 ~  B C DEF  @`0`  <M p O ECustomer Activitiesl  ` |@`,$D 0 z B C DEFA  @` ` { <D GSupplier Activities 2R u s *l   r ,$D 0`2 aB 0 S `2 bB 0 , s `2 cB 0 \`2 dB 0,l   e ,$D 0`2 B 0 [ `2 B 0 , { `2 B 0 \ `2  B 0 ,5  s *?<,$D 0 YThese activities take place during the a posteriori phase after the product is produced2Z(2<l 8   fu 8 ,$D  0  NdS    JSub-claim evaluation(2x  HGnDHInD8 )l 8 W 1 gw8 1,$D  0  N$W 1  KSub-claim evaluation (2x  HG6H%I68 c l 8  h8 ,$D  0  Ng FClaim evaluation(2x  HG-HI-8 l 8  i8 ,$D  0  Nb > Acceptance 2 x  HGXHIX8 m` 5 0d xX7 MAssurance V-Chart 8Z N H$ / ,$D 0 CAssurance Claiml n  pn ,$D  0 O H̙M   <Evidence Z x" P HZH&I M  Q H̙N E  <Evidence Z x" R HZHrI+jM  S Hd̙ e <Evidence Z x" T HZHiI3   W H$̙nM6  <Evidence Z x" X HZHI('R 5M   6O ,$D  0 FBody of Evidence(2l Re  qeR ,$D   0~R ]B NZG٫H&I٫R  ~R ^B NZGZH_SIZ ~R _B NZGH aIjE ~R `B NZGYHAIY e  L N I ,$D  0 > Sub-Claims   M Nd ,$D 0 > Sub-Claims   V N$ p ,$D  0 > Sub-Claims   k 0hH f,No customer-specified assurance requirements-8Z- s s * p P ,$D 0 ^*Two groups of assurance-related activities+Z+H  0޽h ?    LOPMQRNSTVWXW ]O ^Q _S ` ̙33:+2+___PPT10++D(' = @B D(' = @BA?%,( < +O%,( < +D%' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*r%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(DI' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*sD' =1:Bvisible*o3>+B#style.visibility<*s%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*e%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*n%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*o%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*N%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*M%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*L%(D' =%( D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*V%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*q%(D' =-o6Bwipe(up)*<3<*qD' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D ' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*f%(D' =-s6Bwipe(down)*<3<*fD' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*g%(D' =-s6Bwipe(down)*<3<*gD' =%(xD7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*h%(D' =-s6Bwipe(down)*<3<*hD' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*i%(D' =-s6Bwipe(down)*<3<*i++0+o- ++0+n- ++0+- ++0+N- ++0+ - ++0+L- ++0+M- ++0+V- ++0+s- +v m*e*9X@)(  R W s *l dt  -dt ,$Dd  0`2  0Td]`2  0T4- `2  0T] T `2  0T- t   H$ >YJ,$D 0 Y#Expectations, standards, desiderata$(2$  H z(,$D,  0 LClaims re Expectations(2  H j 6 ,$DX  0 PSub-claims re Expectations(2  Hd  ] ,$DX  0 PSub-claims re Expectations(2  s *$ z; ,$D 0 Da priori phase(2  0  ,$D 0 Ha posteriori phase(2B  6D0z z O,$D 0 l   O ,$D  0f2 B 6# f2 B 6C ,  f2 B 6c\f2  B 63,f2  6$ "uT   J#    B  X  FBody of Evidence(2  Nd S  ) JSub-claim evaluation(2  N$ W 1c  KSub-claim evaluation (2  N  FClaim evaluation(2  N m > Acceptance 2 x  HG(UHRI(UX )x  HG ?HEI ?X c x  HGHIX x  HG9 H}I9 X m`l q Iq,$D 0  Td Oq <Argument Z r ! BTwCl >  F> ,$D 0  T$ >  <Argument Z r " BTl    G  ,$DX 0  T    <Argument Z r # BT  l  l   HY  ,$DX 0   T    <Argument Z r $ BTl  & % s *' 00,$D 0 bThe specific problem domain implies both the applicable standards and the Assurance Level requiredc(2c ' 0' xX, YAssurance V-Chart (Augmented) 8Z ( 0$( hH c)Customer-specified assurance requirements*8Z*i 0 <( GH;f G,$D 0 YBut how do we know these are necessary and sufficient with respect to the previous level?TZZ 3 ; <D)  1 ,$DX  0 IEvidence-Item Classes 2a L s *) gp9,$D 0 aWe add an a priori phase that sets up an assurance case before a product is designed and producedVb(2 &# M <d* G}H2f J,$D 0 LAs in the previous chartZ' P <* G]H4f P 0`,$D 0 STells the supplier what evidence is expected (and maybe in what form to present it)TZT Q 0$+ f  ,$D 0 >Z  R s *+ @,$D  0 Iare decomposed into(2 S <D, GHw>f 0 ,$D 0 (We add an  argument that justifies how sub-claims support a claim and evidence supports the subclaims  jZj]  T s *- 0,$D  0 Iare decomposed into(2 U s *- Z P ,$D   0 Iare decomposed into(2 V s *. Z 0 ,$D   0 Iare decomposed into(2 X 0D/ f i ,$D 0 ifor each decomposition activity. ZH  0޽h ?0MP S ̙33L L___PPT10K+;ADG' = @B DG' = @BA?%,( < +O%,( < +De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*LD' =1:Bvisible*o3>+B#style.visibility<*L%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D3' =4@BBBB%(dD' =1:Bvisible*o3>+B#style.visibility<*-%(D' =-o6Bwipe(up)*<3<*-DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*%D' =1:Bvisible*o3>+B#style.visibility<*%%(D' =%(D' =%(Dd' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*RD' =1:Bvisible*o3>+B#style.visibility<*R%(D' =-o6Bwipe(up)*<3<*RD' =%(D@' =A@BBBB0B%(,D' =1:Bvisible*o3>+B#style.visibility<* %(D' =-o6Bwipe(up)*<3<* D' =%(D' =%(Dd' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*TD' =1:Bvisible*o3>+B#style.visibility<*T%(D' =-o6Bwipe(up)*<3<*TD' =%(D' =A@BBBB0B%(XD' =1:Bvisible*o3>+B#style.visibility<* %(D' =%(D' =%(Dd' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*UD' =1:Bvisible*o3>+B#style.visibility<*U%(D' =-o6Bwipe(up)*<3<*UD' =%(D' =A@BBBB0B%(XD' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =%(Dd' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*VD' =1:Bvisible*o3>+B#style.visibility<*V%(D' =-o6Bwipe(up)*<3<*VD' =%(D' =A@BBBB0B%(XD' =1:Bvisible*o3>+B#style.visibility<*;%(De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*PD' =1:Bvisible*o3>+B#style.visibility<*P%(De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*0D' =1:Bvisible*o3>+B#style.visibility<*0%(DI' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*I%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*SD' =1:Bvisible*o3>+B#style.visibility<*S%(D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*F%(D' =%(D' =4@BBBB%(XD' =1:Bvisible*o3>+B#style.visibility<*G%(D' =%(@D' =4@BBBB%(XD' =1:Bvisible*o3>+B#style.visibility<*H%(D' =%(D7' =%(D' =K@BBBBPB0B%(/%(SE' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*QD' =1:Bvisible*o3>+B#style.visibility<*Q%(D:' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*MD' =1:Bvisible*o3>+B#style.visibility<*M%(D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*O%(D' =-s6Bwipe(down)*<3<*O++0+ - ++0+ - ++0+ - ++0+- ++0+- ++0+0 ++0+%- ++0+0- ++0+;- ++0+L- ++0+M0 ++0+P- ++0+Q0 ++0+R- ++0+S- ++0+T- ++0+U- ++0+V- +n == Zpp::( w R k s *^2 @ 6 P ^2 @ 6  B P@ HDԔ " e ,$D 0"l | [|,$D  0xB MB HDԔ| Q T_d0  >! DDFT/DFM Feedback(2 W H$1 ̙   HEvidence$ Z~" XB NZG)HڜIl! _ 'z vb _ vb,$D 0xB NB HDԔvb R TZ1  " ;DFT/DFM(2 Y HD2 ̙   HEvidence$ Z~" ZB NZG)HڜIl!   l $ !1  `$ !1 ,$D 0xB OB HDԔ$ E  S T'ZT2  !$  ;DFT/DFM(2 ] B$ ̙ q 1  HEvidence$ Zx" ^B HZG)HڜIl! q ^2  6TqA^2  6TAa^2  6T1 ^2  6T Q ^2 @ 6@^2  @ 6@`   H !A! CNeeds" 2   HD ;G GSystem Requirements(2   H 8 D  JSubsystem Requirements(2   HĂ ! a W HElements$ (2^2  6$   H    HElement Requirements(2 + HD    @ Element Test (2  , H  }  BSubsystem Test(2 - Hą 5A ? System Test (2 l g!/ a!g/,$D  0  H ̙g/ HEvidence$ Zx"  HZHIҤK!l G bG,$D  0  HD ̙ HEvidence$ Zx"  HZHLINcGcl D   cD  ,$D  0  H ̙   HEvidence$ Zx"  HZHVInD 9 l  Y d Y,$D  0  HĈ ̙ Y HEvidence$ Zx"  HZH1I  l  i,$D   0  H ̙Z HEvidence$ Zx" #B HZH\IBZl cA hAc,$D   0   HD ̙ HEvidence$ Zx" $B HZHFI"cAl    g  ,$D   0 ! H ̙   HEvidence$ Z~" %B NZG)HI  l O \ f O\,$D  0 " H ̙ \ HEvidence$ Z~" &B NZG)HIۭO  l W W  eWW  ,$D  0 ) H ̙W   HEvidence$ Z~" * NZG)HH(I; WA  . NT  CAcceptance Test(2& / 0  PDevelopment V-Chart Evidence for Assurance Comes from All Development ActivitiesZ8Z=8Z #l 6 D6,$D   0xB 1 HDԔ 5 6t 6  CValidate&Verify(2 9 H4 ̙U  HEvidence$ Z~" :B NZG)HڜIl!aq l p E,$D  0rB 2 BDԔ`p` 6 6 T d 7V&V(2 ; HT ̙  HEvidence$ Z~" <B NZG)HڜIl!1 l \P T  F\p T ,$D  0~" >B NZG)HڜIl!  xB 3 HDԔ P   7 6 \   7V&V(2 = Ht ̙ T  >Evidence Z l   `   G h  ,$D  0xB 4 HDԔ `  8 6   %  7V&V(2 ? H ̙V X    HEvidence$ Z~" @B NZG)HڜIl!H : X : j s * pX,$D 0 ^Evidence is gathered in accordance with the evidence classes identified in the a priori phase.2_(2Odl   p ,$D 0t l <T GnMHJf  ,$D 0 Remember the  rationale for decomposition? This is where it comes in handy.MZMt m < GuNH/f  ,$D 0 Remember the  rationale for decomposition? This is where it comes in handy.MZMt n < GdHUf  ,$D 0 Remember the  rationale for decomposition? This is where it comes in handy.MZMt o <t G:HCf  ,$D 0 Remember the  rationale for decomposition? This is where it comes in handy.MZMH  0޽h ?O@   #- $,!% +"& )* 9: ;<=>?@WXYZ]^lmno ̙3311___PPT10b1+D1' = @B D0' = @BA?%,( < +O%,( < +De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*jD' =1:Bvisible*o3>+B#style.visibility<*j%(D{' =%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*a%(D' =-o6Bwipe(up)*<3<*aD' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*b%(D' =-o6Bwipe(up)*<3<*bD' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*c%(D' =-o6Bwipe(up)*<3<*cD' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*d%(D' =-o6Bwipe(up)*<3<*dD' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*e%(D' =-o6Bwipe(up)*<3<*eD' =%( D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*f%(D' =-o6Bwipe(up)*<3<*fD' =%( D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*g%(D' =-o6Bwipe(up)*<3<*gD' =%( D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*h%(D' =-o6Bwipe(up)*<3<*hD' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*i%(D' =-o6Bwipe(up)*<3<*iD' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*D%(D' =-s6Bwipe(left)*<3<*DD' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*[%(D' =-u6Bwipe(right)*<3<*[D' =%(xD7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*E%(D' =-s6Bwipe(left)*<3<*ED' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*_%(D' =-u6Bwipe(right)*<3<*_D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*F%(D' =-s6Bwipe(left)*<3<*FD' =%(D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*`%(D' =-u6Bwipe(right)*<3<*`D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*G%(D' =-s6Bwipe(left)*<3<*GD' =%( D9' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*P%(D' =-u6Bwipe(right)*<3<*P+8+0+j0 +1 0*K( ( O (R K( s *P^2 =(@ 6   ^2 <( 6T 0 ^2 ;(@ 6P^2 :(@ 6p l , ?(>0,,$D  0`2 ( 0TP`2 ( 0T `2 ( 0TP `2 ( 0T  `2 (B 0. `2 (B 0.`  `2 (B 0.@O`2  (B 0. `2 ( 0$ e , -( H pp SAssurance process&(2d2 #( <T d2 $( <TP p d2 %( <T 0 d2 &(@ <  d2 '(@ <  d2 ((@ <Od2 )(@ <pd2 +( <$  d2 ,( <T P .( NT ppi UDevelopment process&(2\l `@@ A(@,$D 0lB /( <DjJ``@lB 0( <DjJ@@@D 3( H  ,$D  0 TMinimum Separation Development starts after 1 or 2 levels of Assurance decomposition(U8ZC< 4( H 0 ,$D 0 LIdeal Separation All necessary evidence identified before Development starts(M8Z=l H @(pPH,$D 0' 5( Ht PH KAssurance Completion Occurs after all evidence from Development is received@L8Z'lB 6( <DjJ` 7( H" p,$D 0 pAssurance Synthesis Starts as early as evidence classes are identified and evidence instantiations are available(q8Z^ 8( 0#, q5Time Relationship of Assurance & Development V-Charts 68Z6R C( 0#\ ,$D 0 @How much time?B G( BDjJ ,$D 0[l @ \  J(@ \ ,$D 0R H( 0$$\ ,$D 0 <  I( <$G Huf p@  OClearly, assurance requirements should be identified before development begins. PZOH ( 0޽h ?I( ̙33___PPT10+D' = @B D\' = @BA?%,( < +O%,( < +D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*?(%(D' =-s6Bwipe(left)*<3<*?(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*@(%(D%' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*7(%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*G(%(D<' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*A(%(D' =%(D' =4@BBBB%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*J(D' =1:Bvisible*o3>+B#style.visibility<*J(%(De' =%(D ' =%(D' =A@BBBB0B%(E' =1B B`BPB1:Bhidden*3>+B#style.visibility= `B<*C(D' =1:Bvisible*o3>+B#style.visibility<*C(%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*4(%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*3(%(++0+3(! ++0+4(! ++0+7(! ++0+C(! +d  @H(  Hl H C D%   H H 0޽h ? ̙33a   P@(  @R @ s *b @ C :A"Adelard excerpt2p l @ C %0   1 @ 6& x This illustrates the idea of a supplier making a claim to a purchaser that a product is safe. Thus the arrows go upward from evidence to argument to claim.H @ 0޽h ? ̙33  /'`P(  PR P s * P 0d&Xpp :  P B&    2 P 6'o @( PCLAIM Architecture is safe" P 6D(op0  UARGUMENT Partitioning is proper  " P 6(o `  r<ARGUMENT Multi-versioning Dissimilarity is properly provided==" P 6d)o  \&ARGUMENT Safety Monitoring is provided''^ P 6o1P $^  P 6o1 $^  P 6o1$  P 6$*3o@ p0  Y#EVIDENCE Partitioning Documentation$$  P 6*3o@ @   ]'EVIDENCE Multi-versioning Documentation((  P 6D+3o@   ^(EVIDENCE Safety-Monitoring Documentation))^ P 63o P P 7 ^ P 63o  7 ^ P 63o 7 W P N+?? ,$D 0 qNote that there is no justification provided to support the assertion that the given arguments support the claim.rZr P N,??P ,$D 0 c/Argument is made on the basis of the evidence.0Z0 P Nd,??p  ,$D 0 c/Evidence is produced prior to making the claim.0Z0 P Z,??0p,$D 0 5Collection of arguments is used to support the claim.6ZH P 0޽h ?oPPPPP PPP P PPP PPP PPP ̙33N F ___PPT10& +TD* ' = @B D ' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*P%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*P%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*P%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*P%(++0+P4 ++0+P4 ++0+P4 ++0+P0 +  <4pX(  XR X s * X B- 0   a l X`p Xapy,$D 0Z X s *X`p2 X 6D.o ' VCLAIM 2.3 Architecture is safeZ" X 6Do  ]%ARGUMENT 2.3.1 Partitioning is proper&Z&" X 6oX   zBARGUMENT 2.3.2 Multi-versioning Dissimilarity is properly providedCZC" X 6o8  d,ARGUMENT 2.3.3 Safety Monitoring is provided-Z-f X 6o0 f  X 6o 0 f  X 6o 0`  X 6d3o?  a)EVIDENCE 2.3.1 Partitioning Documentation*Z*  X 6ı3o ? x  e-EVIDENCE 2.3.2 Multi-versioning Documentation.Z.  X 6$3oP? p  f.EVIDENCE 2.3.3 Safety-Monitoring Documentation/Z/f X 63o 6 f X 63o 6 f X 63o` `6  X N??P ,$D 0 However, there is still no justification provided. Indeed, many standards documents not only omit but deliberately exclude rationale., ^ X N??0i ,$D 0 2The supplier can include references to governing documents as part of the assurance package to help support assertions. (Numbering here is adapted from DO-178B, Software Considerations in Airborne Systems and Equipment Certification),ZyqH X 0޽h ?oXXXXX XXX X XXX XXX XXX ̙33___PPT10`+AD' = @B D' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*X%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*X%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*X%(+p+0+X4 ++0+X4 +  2T (  TR 2T s * ,T 0` : 2 T 6do`  VCLAIM 2.3 Architecture is safeZ2 T 6$op h(  Z"CLAIM 2.3.1 Partitioning is proper#Z#2 T 6op P  w?CLAIM 2.3.2 Multi-versioning Dissimilarity is properly provided@Z@2  T 6op h  a)CLAIM 2.3.3 Safety Monitoring is provided*Z*^ !T 6oH g ^ "T 6o g ^ #T 6o g  $T 6D3oH h( a)EVIDENCE 2.3.1 Partitioning Documentation*Z* %T 63oH d  e-EVIDENCE 2.3.2 Multi-versioning Documentation.Z. &T 63oH  f.EVIDENCE 2.3.3 Safety-Monitoring Documentation/Z/^ 'T 63o HH? ^ (T 63o ? ^ )T 63o ? " *T 6doH  sARGUMENT Partitioning, multi-versioning, and safety monitoring are necessary and sufficient for a safe architecturetZt^ +T 6o|  /T Bķ     0T 6$,$D 0 xFJustification can be provided by the supplier to support the claim ...GG  1T 6,$D 0 p>but there is no guarantee that this will satisfy the customer.??H T 0޽h ? T*T!TT*T"T T*T#T$TT'T%TT(T&T T)T*TT+T ̙33LD___PPT10$+ [kD' = @B DS' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*0T%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*1T%(+p+0+0T4 ++0+1T4 +!!  \\(  \R \ s * z p` \ 0X`,$D 0 \ 0p`,$D 02 \ <o@`  k% REQUIREMENT 2.3 Architecture is safe*&Z%2 \ <o  `(REQUIREMENT 2.3.1 Partitioning is proper)Z)2 \ <doX  }EREQUIREMENT 2.3.2 Multi-versioning Dissimilarity is properly providedFZF2 \ <ĺo   0 REQUIREMENT 2.3.3 Safety Monitoring is provided6Z0Z0l \ <o\) l \ <o ) l  \ <o )|  \ <$3oT t g/EVIDENCE class 2.3.1 Partitioning Documentation0Z0  \ <3o  k3EVIDENCE class 2.3.2 Multi-versioning Documentation4Z4  \ </3oh   l4EVIDENCE class 2.3.3 Safety-Monitoring Documentation5Z5l  \ <o\ dv l \ <o v l \ <ox |v #" \ </o@P  wARGUMENT 2.3 Partitioning, multi-versioning, and safety monitoring are necessary and sufficient for a safe architecturexZxl \ <o  7 \ BT0      \ 60X`,$D 0 o;In the Requirements-Based approach, the arrows are top-down<Z< \ 618p,$D 0 Customer defines what  safe architecture means (at least internally to the acquiring organization)"dZ04  \ 6t1h 80,$D 0 KCustomer identifies expectations regarding proof that architecture is safeLZLF \ N1??@p,$D 0 LNote:The bottom level calls for classes of evidence, not specific documents.,M & \ 6420,$D 0 c/Customer defines that architecture must be safe0Z0 \ 62H80 ,$D 0 ~@Customer establishes requirements based on decomposed definition"AZ@H \ 0޽h ?\\\\\\\\ \ \\ \ \\\ \\\\\\ ̙33  ___PPT10 +XCD ' = @B D ' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*\%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*\%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*\%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*\%(++0+\4 ++0+\4 ++0+\4 +}C  ,#$#.7` (  `R 5` s *R ` s *8.2 ` 63opZ,$D 0 BREQ MENT 2.3 Architecture is safe"Z" z  (  .`  ,$D  02 ` Bt4o (  JREQ MENT 2.3.1 Partitioning is proper&Z& P2 ` B4o (  REQ MENT 2.3.2 Multi-versioning Dissimilarity is properly providedCZC ;$2 ` B45o (  XREQ MENT 2.3.3 Safety Monitoring is provided-Z- %l ` <o( l ` <o l  ` <o8 z 1 H /`  ,$D  0  ` <53o H g/EVIDENCE Class 2.3.1 Partitioning Documentation0Z0   ` <53o< )H k3EVIDENCE Class 2.3.2 Multi-versioning Documentation4Z4   ` <T63o H l4EVIDENCE Class 2.3.3 Safety-Monitoring Documentation5Z5 l  ` <o'1 ( l ` <o1  l ` <o8 1 > I" ` 66o@ x,$D  0 wARGUMENT 2.3 Partitioning, multi-versioning, and safety monitoring are necessary and sufficient for a safe architecturexZx  ` 6o,$D  0 ` B7    2 ` 67opg,$D   0 VCLAIM 2.3 Architecture is safeZ "z  H 0`  ,$D 0 ` <483o H a)EVIDENCE 2.3.1 Partitioning Documentation*Z*  ` <83oL 9H e-EVIDENCE 2.3.2 Multi-versioning Documentation.Z.  ` <83o H f.EVIDENCE 2.3.3 Safety-Monitoring Documentation/Z/ z    3` H  ,$D  02 ` B9o (  Z"CLAIM 2.3.1 Partitioning is proper#Z# 2 ` <:o (  w?CLAIM 2.3.2 Multi-versioning Dissimilarity is properly provided@Z@ 2 ` Bt:o (  a)CLAIM 2.3.3 Safety Monitoring is provided*Z* l  ` <3o 1 ( l !` <3o1  l "` <3oP1 V  z ( P  2` ( P? ,$D   0l ` <o(  l ` <o l ` <oP #" #` <:oL, wARGUMENT 2.3 Partitioning, multi-versioning, and safety monitoring are necessary and sufficient for a safe architecturexZx  $` 6o,$D   0l 'Q^R *`'^,$D  0b %`B TZG~,H(vI`eJ3o'Q Rb &`B TZG~,H'uI3oQRb '`B TZG~,HtI3oN Q^R 4` 6P,$D  0 n"Customer specifications (a priori)0#  6` 6PP,$D  0 l Supplier evidence (a posteriori)0!& 7` 6H x ,$D  0 XWorks remarkably like a V-Chart, doesn t it?--H ` 0޽h ? ```````` ` `` ` ``` ```````#`` `#`` `#`` `` ` ``!` ``"`#``$` ``%` ``&` ``'` ̙33___PPT10+8MD' = @B D' = @BA?%,( < +O%,( < +D~' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*`%(D' =%(D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*`%(D' =-o6Bwipe(up)*<3<*`D' =%(D@' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*`%(D' =-o6Bwipe(up)*<3<*`D' =%( D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*.`%(D' =-o6Bwipe(up)*<3<*.`D' =%( D3' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*/`%(D' =-o6Bwipe(up)*<3<*/`D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<**`%(D' =-s6Bwipe(left)*<3<**`D' =%(dD' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*0`%(D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*3`%(D' =-s6Bwipe(down)*<3<*3`D' =%( D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*2`%(D' =-s6Bwipe(down)*<3<*2`D' =%(#D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*$`%(D' =-s6Bwipe(down)*<3<*$`D' =%('DD' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*`%(D' =-s6Bwipe(down)*<3<*`DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*4`%(++0+`6 ++0+`6 ++0+`6 ++0+4`6 + 0( X* H  0޽h ? ̙33 0 xpp(  pR p 3 l   ~ p C l @    H p 0޽h ? ̙33r0+Pr 8 r # JPG'pH (@-Y@#P<lt2'Oh+'0x hp   No Slide Title kromholzTit kromholzTit86mMicrosoft PowerPointP@ l%Z@@`miP@'nN@@})9uGZ oM  %1& &&#TNPP0D & TNPP &&TNPP    33--- !-----iyH--w@ m[wdw0- Times New Roman[wdw0- .+2 Mapping Assurance to the7 !!*!!!. .12 ejSoftware Engineering Process!*( !!#.---- Times New Roman[wdw0- .-2 'Alfred H. Kromholz, Ph.D.  . .'2 1The MITRE Corporation  .Times New Roman[wdw0- .2  kromholz@   . .2  mitre.org   . .2 +1-703.883.7331    .---- Times New Roman[wdw0- .(2 Copyright 2004 The   .RMITREw@ [wdw0- .2 >MITRE ."Arialw@ p[wdw0- . 2 m .Times New Roman[wdw0- .2 r Corporation .--"System 0-&TNPP &՜.+,0    !On-screen ShowThe MITRE CorporationNo71 Times New RomanMITREArialDefault Design6Mapping Assurance to the Software Engineering ProcessNo Slide TitleNo Slide TitleNo Slide TitleNo Slide TitleNo Slide TitleNo Slide TitleNo Slide TitleNo Slide TitleWhere Does Assurance Fit In?No Slide TitleNo Slide TitleNo Slide TitleNo Slide Title!Current Work & Future Directions8Using Adelard Safety Case Editor to Argue a Safety Case/Arguing a Safety Case: Basic Supplier Approach9Arguing a Safety Case: Standards-Based Supplier Approach3Arguing a Safety Case: Justified Supplier Approach3Arguing a Safety Case: Requirements-Based Approach)Arguing a Safety Case: Consolidated FlowNo Slide Title  Fonts UsedDesign Template Slide Titles _Qkromholz  !"#$%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstvwxyz{|~Root EntrydO)PicturesYCurrent UserSummaryInformation(uPowerPoint Document(-uDocumentSummaryInformation8}