The paper uses the design of a lottery security system as its example.
From the paper:
"Linux and Apache prove that software maintenance can be done in parallel; the experiment reported in this paper shows that requirements engineering can too.
There has been collaborative specification development before, as with the `set-discuss' mailing list used to gather feedback during the development of the SET protocol for electronic payments. However, such mechanisms tend to have been rather ad-hoc, and limited to debugging a specification that was substantially completed in advance by a single team. The contribution of this paper is twofold: to show that it is possible to parallelise right from the start of the exercise, and to illustrate how much value one can add in a remarkably short period of time. Our approach is a kind of structured brainstorming, and where a complete specification is required for a new kind of system to a very tight deadline, it looks unbeatable: it produced high quality input at every level from policy through threat analysis to technical design detail.
The bottleneck is the labour required to edit the contributions into shape. In the case of this paper, the time I spent marking scripts, then rereading them, thinking about them and drafting the paper was about five working days. A system specification would usually need less polishing than a paper aimed at publication, but the time saved would have been spent on other activities such as doing a formal matrix analysis of threats and protection mechanisms, and finalising the functional design. "
This archive was generated by hypermail 2b29 : Tue May 16 2000 - 10:54:29 PDT