Including "verifiable" with "constraint" is necessary to ensure that one who makes a requirement that cannot be verified has in effect created an option. My argument is that if you can't verify the implementation meets the constraint then you aren't concerned with failure. This may beg the need for the idea of "weak requirement" that allows for the possibility that the experiment which proves the constraint is met does so in a statistical manner and not an exhaustive check of all possibilities. For example, the requirement
- The vaccine shall be safe for all children
cannot be tested exhaustively by experiment for every child now and forever. However, the requirement statement is still valid as it is unacceptable if the vaccine is unsafe.
Aspenlogic 23:11, 2 May 2008 (UTC)