Software Engineering Institute

It is difficult to assure the safety, security, reliability or other nonfunctional properties of software-based systems because of their size, complexity, and continuing evolution. Traditional software and systems engineering techniques, including conventional test and evaluation approaches, cannot provide the justified confidence needed. The SEI is exploring the use of the assurance case is a means of providing such confidence, starting as early as when the system is designed and continuing through deployment. We are also creating a theory of assurance case confidence that will help acquirers, developers, and evaluators understand how much confidence they should have in the resulting system.

The concept of an assurance case has been derived from the safety case, a construct that has been used successfully in Europe for over a decade to document safety for nuclear power plants, transportation systems, automotive systems, and avionics systems.

The assurance case provides a means to structure the reasoning that engineers use implicitly to gain confidence that systems will work as expected. It also becomes a key element in the documentation of the system and provides a map to more detailed information.

The following figure is a fragment of an assurance case for a keypad. It makes the claim (C1.1) that entry errors caused by the design of the keypad are mitigated. It bases this claim on an argument (only partially developed) showing how several possible hazards to proper data are mitigated (C3.1, C3.2, and C.3). C3.2 makes the claim that keypad markings are unambiguous, and this claim is supported by evidence Ev4.1 and Ev4.2 (design review and log of observed errors).

Learn more about assurance cases and their use with the resources in this collection.