• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Question on part 2 - Risks

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have a question on risk list for part 2.

I've identified some risks and have mitigation plans too.
Do i need to specify how my design is mitigating these risks ? or is it enough to give the mitigation plan ?

Eg. I've identified some security risks, can i just put in my assumptions that these will be taken care of ? as my use case doesnt talk about these.

Thanks
 
Krishna Jonnalagadda
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can any one please post some experiences on this ..?
 
Ranch Hand
Posts: 218
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to detail out the mitigations for the identified risks. The mitigations should be part of the solution proposed by you. Putting assumptions might not be sufficent.
I feel that all three risks should not be related to security. You could have a single risk related to security which covers different type of security risks & the proposed the mitigations.
 
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your risks should cover functional as well as non-functional part. Its better if you could add mitigation of it.
 
Krishna Jonnalagadda
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Should we add mitigation in words/sentences across each risk or show it in design (in class and sequence diagrams) ?

I saw in this forum that many people have put items as out of scope or put them in assumptions that are good to have and just concentrate on the given usecases.
For many security ristks we have to introduce many design patterns which will increase the scope ...and ofcourse takes more time/effort. ..

For non functional part , (to improve performance, xxxlities etc ..) i guess we could cover that in the design and atleast mention how the design will cover achieve them ..

Any comments ?? Any one who have passed part 2 and 3 ...please respond ??

Thanks


 
Ranch Hand
Posts: 32
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a question as well.

Suppose the SuD depends on a single external payment gateway provider, is it not a risk that we don't yet know its availability and reliability and that we should have a standby/alternative provider to minimize the risk. But this risk mitigation will not be part of technical design.

So I guess for non-technical risks, mitigation may be non-technical as well. However in here design should be capable of configurable providers.
 
Ranch Hand
Posts: 462
Scala jQuery Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Suppose the SuD depends on a single external payment gateway provider, is it not a risk that we don't yet know its availability and reliability and that we should have a standby/alternative provider to minimize the risk. But this risk mitigation will not be part of technical design.

So I guess for non-technical risks, mitigation may be non-technical as well. However in here design should be capable of configurable providers.



It clearly states in chapter 9 of the Cade and Sheil book that you should concentrate on the greatest risks. I would argue that because there is no information on this external provider you should assume it is production quality and concentrate on the more obvious risks such as security, scalability, reliablity, maitainability, etc as these are more likely to be issues.
 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Should we add mitigation in words/sentences across each risk or show it in design (in class and sequence diagrams) ?



I have the same question. Anyone?

@ Krishna, what have you decided?

Thanks.
 
reply
    Bookmark Topic Watch Topic
  • New Topic