The case for maintaining assurance cases

When we build and maintain safety-, mission-, or security-critical systems, we are usually constrained by regulations and acquisition guidelines that requires us to provide a documented body of evidence that the system satisfies specified critical properties. In other words, we must construct an "assurance case" to convince the purchaser or user of the system\´s suitability or quality. However, in building such high-quality software and balancing many objectives, it has become painfully clear that the resulting software is brittle: small changes in the software itself; the hardware and software environment; or in its operational use, can have unexpected and significant (unwanted) effects. Unfortunately, assurance cases for software are often even more brittle than the software itself. This presentation will address the challenges we confront in preserving the quality of the assurance cases as we maintain the quality of the associated software. It is critical that we make progress in addressing these challenges as software continues to become a fundamental enabling technology for 21st-century society.