Assessment 4: Intro to software engineering ID.

a1886750

Part 1: Software Evolution

1. Because user needs and expectations are constantly changing, software changes are
inevitable. Software must adapt to satisfy these new requirements as technology develops
and user needs shift. If you don't, your program can be out-of-date and ineffective.

2. A) In terms of system maintenance, Situation 1 falls within the "Enhancement" category. This
is because it entails enhancing the functioning of the current system by introducing a new
feature (the Bitcoin payment mechanism).

In terms of system maintenance, situation 2 falls under the "Corrective" subcategory. This is
so that a flaw in the behaviour of the existing system can be fixed by addressing a specific
problem (inaccurate credit card charge).

B) In case 1 (the addition of the Bitcoin payment option): Consequence: Adding the Bitcoin
payment option might have a positive impact on the user base and sales by introducing a
cutting-edge payment choice. However, processing cryptocurrency necessitates strong
security procedures to avoid fraud and guarantee the protection of user payments, which
could provide security issues.

Correcting the issue with the improper charge in Situation 2: Consequence: For reliable
financial transactions, it's crucial to fix the issue with inaccurate charging. Customers'
unhappiness, financial losses for the business, and harm to the reputation of the mobile
shopping application could all arise from failing to address this issue. On the plus side, fixing
this problem can raise consumer happiness and trust, which might result in more usage and
income. To prevent adding new bugs or problems throughout the update process, the
development effort needed for this fix must be carefully handled.

Part 2: Software Security

1. The following three assets were found in the mobile shopping app for the initial risk
assessment:

- Customer data comprises personally identifiable information like names, addresses, phone
numbers, and email addresses as well as potentially sensitive financial data like credit card
numbers.

- Payment Processing System: The system in charge of managing sensitive financial data and
processing payment transactions.

- Product Inventory and Pricing Information: A database or system providing information on

the products that are offered for sale, their costs, and their state of availability.

2. Safety Risk 1: Data Breach Potential Consequence: Identity theft, fraud, and harm to the
reputation of the mobile shopping application can result from unauthorized access to
client data, including personal and financial information.

Implement strong data encryption and access control measures to protect client data, as
per the proposed system's need. Credit card numbers and other sensitive information
 Assessment 4: Intro to software engineering ID. a1886750

should be encrypted both in transit and at rest. Only authorized personnel should have
access to sensitive data, and rigorous authentication procedures, such as multi-factor
authentication, should be implemented.

Security Risk 2: Payment Fraud Potential Impact: Fraudulent transactions could be

carried out by malicious actors who take advantage of holes in the payment processing
system, costing both customers and the company money.

Implement transaction monitoring and anomaly detection systems to quickly identify

and flag possibly fraudulent transactions. This is a proposed system requirement. These
systems can examine transaction patterns and check for odd behaviour, such as a high
volume of transactions coming from several locations quickly. Demand secure and
modern payment methods from clients, and update and patch the payment processing
software regularly to fix any known security holes.

The mobile shopping application can greatly lower the risks connected with data
breaches and payment fraud by putting these system requirements into place, improving
its overall security posture.

Part 3: Learning Experience

1. I discovered the fundamental ideas behind software evolution and security in this tutorial. I
specifically learned the necessity of effect analysis, the reasons why software change is
inevitable, and how to classify system maintenance activities. Moreover, I gained knowledge
of the preliminary procedures in a security risk assessment, such as asset identification,
security risk identification, and the related system needs to minimize such risks.

2. Educational Resources:
- The tutorial itself, which covered security and software evolution through scenarios and
quizzes.
-Knowledge and data from the past that are now available as of my last training data in
September 2021.
- Refer to the tutorial's reference links for more context and details.

3. Learning Strategies & Techniques:

- Applying critical analysis and reasoning to concerns and issues regarding software evolution
and security.
- Doing research and citing outside sources, like Wikipedia, to find out more details about
Bitcoin and other subjects.
- Making use of already-known security and software development techniques.

4. Based on the data available as of my last training data in September 2021, I showed in this
lesson that I can comprehend and deliver information on software evolution and security
concepts. My understanding is constrained, though, because I am unable to access data after
that time. Therefore, I may not be aware of more current discoveries or changes in the field
because my comments are based on the knowledge that was accessible at the time.
Assessment 4: Intro to software engineering ID. a1886750

The difficulties I encountered included the necessity to rely on outside sources for
specialized knowledge on subjects like Bitcoin and the difficulty of delivering the most recent
information. It would be advantageous for students to look for and confirm knowledge from
up-to-date and trustworthy sources, especially when working with quickly growing
technologies or areas like cryptocurrencies, to better for the next session. Additionally,
participating in debates and requesting clarification on particular subjects helps improve
learning.