A main source for secondary risks is neglect in the specification of means to detect and alert about faults of the add-ons.
Mistakes are often the result of operating in an exceptional situations. Often, an problems in the coordination between the machine and its human operators, as depicted in the illustration.
The source for many mishaps is that the designers enabled violation of the implicit rules. Typical design mistakes include incomplete or partial rule specification and testing.
Design mistakes are typically associated with exceptional situations. They are due to insufficient resources allocated to these situations.
The guide assumes that there is no practical way to specify the system behavior for all possible situations and events. Therefore, we need to restrict our design to specific expected states and events, comprising the design scopes.
Updated on 25 Mar 2017.