Appendix G: Glossary
This glossary defines key terms used throughout this book. Entries include cross-references to relevant sections and related appendices where applicable.
A
ADR (Architecture Decision Record): Document capturing an architectural decision, its context, and rationale. See Template B.2, SWE.2.
Agile: Software development methodology emphasizing iterative development, collaboration, and adaptability.
AI (Artificial Intelligence): Technology that enables machines to perform tasks typically requiring human intelligence, such as learning, reasoning, and problem-solving.
API (Application Programming Interface): A set of rules and protocols for building and interacting with software applications.
ASIL (Automotive Safety Integrity Level): ISO 26262 risk classification (A, B, C, D) where D is highest. See Safety Mapping E.
ASPICE (Automotive SPICE): Process assessment model for automotive software development. See Process Quick Reference C.
AUTOSAR (AUTomotive Open System ARchitecture): Standardized software architecture for automotive ECUs.
Automated Testing: Use of software tools to execute tests without manual intervention.
B
Base Practice (BP): A specific activity within an ASPICE process that contributes to achieving process outcomes.
Bidirectional Traceability: The ability to trace both forward (requirement → code) and backward (code → requirement).
Black Box Testing: Testing method that examines functionality without knowledge of internal code structure.
C
Capability Level (CL): The ASPICE maturity level (0–5) indicating process capability.
CCB (Change Control Board): Group responsible for evaluating and approving change requests.
CI/CD (Continuous Integration/Continuous Deployment): A software development practice in which code changes are automatically tested and deployed.
Code Review: A systematic examination of source code to identify defects and improve quality.
Configuration Management: The process of tracking and controlling changes to software and documentation.
Coverage Analysis: A technique for measuring how much of the code is exercised by tests.
D
Defect Density: The number of defects per thousand lines of code (defects/KLOC).
DevOps: A cultural and technical movement that combines software development and IT operations practices.
DAL (Design Assurance Level): DO-178C risk classification (A through E) where A is the most stringent. See Safety Mapping E.
DO-178C: Safety standard for airborne software. See DO-178C Integration.
Domain Analysis: The process of understanding and modeling a problem domain to inform software development.
E
ECSS (European Cooperation for Space Standardization): Framework of standards for space systems engineering. See Space Systems.
ECU (Electronic Control Unit): An embedded computer used in automotive and industrial systems.
Embedded System: A specialized computing system that performs dedicated functions within a larger system.
Error Handling: Techniques for detecting, managing, and responding to exceptional conditions in software.
F
FMEA (Failure Mode and Effects Analysis): A systematic method for identifying potential failures and their effects.
FTA (Fault Tree Analysis): A top-down deductive failure analysis technique.
Functional Safety: The part of overall safety that relates to the correct function of electrical/electronic systems.
G
Git: Distributed version control system for tracking changes in source code.
GitHub: Web-based hosting service for Git repositories with collaborative features.
GitHub Copilot: AI-powered code completion tool that suggests code as you type.
H
HARA (Hazard Analysis and Risk Assessment): The ISO 26262 process for identifying hazards and assigning ASILs to safety goals.
HIL (Hardware-in-the-Loop): Testing method using real hardware and simulated environment.
HITL (Human-in-the-Loop): Pattern where human approval is required for AI-generated outputs. Example: AI generates code, engineer reviews before commit.
HMI (Human-Machine Interface): Interface allowing human operators to interact with machines.
I
IEC 61508: Functional safety standard for industrial systems (SIL 1-4).
IEC 62304: Software lifecycle standard for medical devices (Class A/B/C).
Integration Testing: A testing approach that combines individual software modules and tests them as a group.
ISO 26262: Functional safety standard for automotive systems (ASIL A-D).
Issue Tracking: The process of recording, monitoring, and resolving software defects and tasks.
J
Jenkins: Open-source automation server for CI/CD pipelines.
JSON (JavaScript Object Notation): A lightweight data-interchange format that is easy for humans to read and write.
K
Kanban: Agile project management method focusing on visualizing work and limiting work in progress.
KLOC (Kilo Lines of Code): A unit of measurement equal to 1,000 lines of source code.
L
Lean Development: A methodology focused on maximizing value while minimizing waste in software development.
Linting: The process of analyzing source code for potential errors, stylistic issues, and suspicious constructs.
LLM (Large Language Model): An advanced AI model trained on vast amounts of text to understand and generate human-like language.
M
Machine Learning: A subset of AI that enables systems to learn and improve from experience without being explicitly programmed.
MBSE (Model-Based Systems Engineering): An approach to systems engineering that uses models as the primary means of information exchange. See MBSE and Architecture Tools.
MC/DC (Modified Condition/Decision Coverage): Rigorous code coverage metric for safety-critical software. Required for ASIL-D (ISO 26262), SIL 3/4 (IEC 61508), DAL A (DO-178C). See Coverage Requirements E.
MISRA C: Coding standard for safety-critical C software. MISRA C:2012 with Amendment 3 (2024) is the current version. See Tool Config A.1.
MLE (Machine Learning Engineering): ASPICE 4.0 process group (MLE.1-MLE.5) covering ML requirements, architecture, training, testing, and deployment. See MLE Processes.
Mock Object: A simulated object used in testing to mimic the behavior of real objects.
N
NIST Cybersecurity Framework: A framework providing guidelines for managing and reducing cybersecurity risks.
NTP (Network Time Protocol): Protocol for synchronizing clocks of computers over a network.
O
Object-Oriented Programming (OOP): Programming paradigm based on the concept of objects containing data and code.
OODA Loop (Observe, Orient, Decide, Act): Decision-making process used in military and business applications.
P
Pair Programming: An Agile practice in which two programmers work together at one workstation.
PAM (Process Assessment Model): The ASPICE component that defines how to assess process capability, including base practices, work products, and capability indicators. See PAM.
PDLC (Product Development Lifecycle): The complete lifecycle of a product from concept through development, production, and retirement.
PFDavg (Average Probability of Failure on Demand): IEC 61508 metric for safety function reliability.
PRM (Process Reference Model): The ASPICE component that defines what processes exist, their purposes, and expected outcomes. See PRM.
Pull Request: A feature in version control systems for proposing and discussing code changes before merging.
Python: High-level programming language known for its simplicity and readability.
Q
Quality Assurance (QA): The process of ensuring that developed software meets specified requirements.
Quality Gate: A checkpoint in a development process that must be passed before proceeding to the next phase.
R
RAG (Retrieval-Augmented Generation): An AI technique that combines information retrieval with text generation, allowing models to access external knowledge bases for more accurate and grounded responses.
Refactoring: The process of restructuring existing code without changing its external behavior.
Regression Testing: Testing performed to ensure that new code changes do not negatively affect existing functionality.
Requirements Traceability: Documentation of the relationships between requirements and other development artifacts.
Risk Assessment: The process of identifying, analyzing, and evaluating potential risks.
RMS (Requirements Management System): A tool or process for managing requirements throughout the development lifecycle.
S
Scrum: Agile framework for managing complex projects with iterative and incremental practices.
SIL (Safety Integrity Level): IEC 61508 risk classification (1, 2, 3, 4) where 4 is highest. See Safety Mapping E.
SLOC (Source Lines of Code): A measure of software size based on the number of lines in source code.
SOUP (Software of Unknown Provenance): Off-the-shelf software not developed per IEC 62304.
SOTIF (Safety of the Intended Functionality): ISO 21448 standard for ML/AI safety.
Software Architecture: The high-level structure of a software system and the discipline of creating such structures.
Software Verification: The process of evaluating software to determine whether it satisfies specified requirements.
Software Validation: The process of evaluating software during or at the end of development to determine whether it satisfies stakeholder needs and intended use.
Sprint: Time-boxed iteration in Scrum methodology, typically lasting 1-4 weeks.
Static Analysis: A method of examining code without executing it to find potential defects.
System Integration: The process of combining different subsystems into a single working system.
T
TDD (Test-Driven Development): Development practice where tests are written before code. Example: Write failing test -> Write minimal code to pass -> Refactor.
Technical Debt: The implicit cost of additional rework caused by choosing an easy solution now instead of a better long-term approach.
Test Case: A set of conditions or variables under which a tester determines whether an application works correctly.
Test Coverage: A measure of how much source code is exercised by a test suite.
Traceability: The documented relationship between work products (requirements → code → tests).
Triage: The process of determining the priority of issues based on severity.
TQL (Tool Qualification Level): Aviation standard (DO-330) classification for tool qualification requirements.
TCL (Tool Confidence Level): Automotive standard (ISO 26262) classification for tool qualification requirements.
U
Unit Testing: The testing of individual components or modules of a software application in isolation.
Unit Under Test (UUT): The component or module being tested in a specific test.
UML (Unified Modeling Language): General-purpose modeling language in software engineering.
V
V-Model: A development model showing the verification and validation relationships between development phases and their corresponding testing phases.
Verification: The process of evaluating work products to determine whether the outputs of a given development phase satisfy the conditions imposed by the previous phase.
Version Control: A system that records changes to files over time, allowing specific versions to be recalled later.
Virtualization: Technology that creates virtual versions of physical resources such as servers, networks, or storage.
Vulnerability Assessment: A systematic review of security weaknesses in an information system.
V&V (Verification and Validation): Combined process of ensuring software meets specifications and user needs.
W
Waterfall Model: A sequential software development process in which progress flows downward through defined phases.
WCET (Worst-Case Execution Time): The maximum time a function can take to execute under any input and execution conditions.
White Box Testing: A testing method that examines internal code structure and logic.
Work Product: Any artifact produced during the software development process.
X
XML (eXtensible Markup Language): A markup language that defines rules for encoding documents in a format that is both human-readable and machine-readable.
Y
YAML (YAML Ain't Markup Language): A human-readable data serialization language commonly used for configuration files.
Z
Zero-Trust Security: A security model that assumes no implicit trust and continuously validates every access request.