Software Fault Pattern Metamodel Avatar
  1. OMG Specification

Software Fault Pattern Metamodel — Open Issues

  • Acronym: SFPM
  • Issues Count: 19
  • Description: Issues not resolved
Open Closed All
Issues not resolved

Issues Descriptions

Update examples of SFP xmi

  • Key: SFPM_-12
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivet, March 17, 2020:
    "Example 1 uses XMI 2.0 (even older than the metamodel XMI) and kdmanalytics.com.
    The elements have no xmi:types which is mandatory for any XMI element. In some cases they instead have xsi:types."
    Comments by NM: see page 43.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:54 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Sharing common section among multiple SFP

  • Key: SFPM_-25
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020

    9.1.1.1 also refers to common sections shared amongst multiple SFPs – however the metamodel does not seem to allow that.

  • Reported: SFPM 1.0b1 — Wed, 16 Feb 2022 14:38 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Fix SFP XSD schema

  • Key: SFPM_-16
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:

    The XSD has a bad URI for spmf and XMI; and a proprieraty location for the XMI namespace import.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:59 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Fix machine-readable files

  • Key: SFPM_-15
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    The clean UML file provided sysa/20-02-06 is an appropriate file for MOF 2.4+ so should be the normative file for the metamodel. As such it validates well apart from the following issues:

    • the top level element should be uml:Package (not uml:Model) and the URI root www.omg.org not www.kdmanalytics.com
    • there are over a hundred unnamed properties and associations (strictly speaking required for EMOF)
    • many visibilities of “private”
  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:58 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the use of "taxonomy of injuries"

  • Key: SFPM_-14
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    9.1.3.2 describes a taxonomy of Injuries but the metamodel provides for no structure at all

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:56 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Fix owner of Cluster

  • Key: SFPM_-23
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett on March 17, 2020
    Figure 2: the metamodel requires each Cluster to be owned by exactly 1 Cluster, which would never allow a root – the composite end should be 0..1.

  • Reported: SFPM 1.0b1 — Wed, 16 Feb 2022 14:36 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Fix owners of CWESection

  • Key: SFPM_-24
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:

    And each CWESection to owned both by a Cluster and a SFP which breaks the rule of having only one composite owner. Again the composite ends should both be 0..1.

  • Reported: SFPM 1.0b1 — Wed, 16 Feb 2022 14:37 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify preface text

  • Key: SFPM_-10
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    The preface has several assertions that should be justified by references: “the community”, “it has been observed” “all existing classifications resist automation”.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:46 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Make elements of variation tree ordered

  • Key: SFPM_-13
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    9.1.2.3 says that “Variations in the variation tree are considered ordered” but this is not represented in the metamodel using an ordered property.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:55 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Introduce enumeration literal for CWE::status

  • Key: SFPM_-11
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, Mach 17, 2020:
    Would be better for CWE::status should be an enumeration rather than a string.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:48 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the distinction between "DNA" and "signature"

  • Key: SFPM_-6
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    The similar analogs “DNA” and “signature” are used to describe quite different things.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:36 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the use of SBVR for defining SFPs

  • Key: SFPM_-9
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB Review by Pete Rivett, March 17, 2020:
    I don’t understand the purpose of replicating chunks of SBVR (in 9.4, 9.5), or even why vocabularies would be needed for Software Patterns. If they’re structural in nature why the need to link them to a conceptual model? It should at most be an optional compliance point.

    The use of SBVR seems an odd choice for something that is intended to be first order logic and executable (mentioned elsewhere), since SBVR is neither of those, and it would be necessary to define a subset. Why not use ODM?

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:43 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the use of term "Canonical" vs "Exemplary"

  • Key: SFPM_-8
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    The spec uses “Canonical” as a synonym for “Exemplary” or as a sample which is the opposite of its normal use which is for something authoritative or official.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:42 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Provide justification for the non-normative "readable" notation for SFPs

  • Key: SFPM_-7
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    The spec in Appendix A seems to introduce its own Human Usable Textual Notation, ignoring the (admittedly dated) OMG standard. And with no description or justification.
    Reference should be made to the CFG syntax used.
    Though the readable text spec is non-normative it is made use of extensively in the normative sections.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:40 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the value of generating sample code from SFP

  • Key: SFPM_-5
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    I don’t see the value of being able to generate sample code from the Catalog – why not just insert existing code?

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:35 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify conformance statement

  • Key: SFPM_-4
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17, 2020:
    Conformance is very unclear. A few times the spec documents “three supporting capabilities” (e.g. in 9.3.1) but these don’t appear under Conformance. That section 9.3.1 also describes 2 purposes: certification (of software) and synthesis. And 3 further capabilities.
    And then the end of 9.3.3. refers to another “interface to the external capabilities”

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:34 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify relationship between SFP and CWE catalog

  • Key: SFPM_-3
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17 2020:
    9.1.1.4 states that the objective of SFP is to resolve problems with the CWE catalog maintained by Mitre. This does not seem a community way of working: why not report problems and get them fixed at source?

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:31 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify the relationship between the SFP metamodel and the SFP catalog

  • Key: SFPM_-2
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett on March 17, 2020:
    The spec several times mentions “Software Fault Pattern Catalog” and seems to commit OMG to maintaining one. Indeed 9.1.1.1 refers to delivering content related to a single SFP “to the OMG for it to be validated and added to the OMG SFP Catalog”. Who would be responsible for this? How is it reviewed and “validated”? More generally how is the catalog accessed (by human and/or machine) and searched?

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:29 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT

Clarify terminology between "weakness"/"vulnerability" and "fault"

  • Key: SFPM_-1
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett March 17 2020:
    there is a further confusion between “weakness”/”vulnerability” and “fault”.
    It seems to me they are different – a plain fault (aka bug) resulting in the software not acting according to its spec is not necessarily an exploitable weakness.
    It seems to me the spec is all about weaknesses, not faults (bugs). That also ties in with the language around CWE which this spec is based on. Use of “fault” should be avoided.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:26 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT