nus-se-bot
commented
3 years ago Team's Response
Security and encryption of the user's data is not within the intended scope of the application as of v1.4 of VirusTracker.
By v1.4, it is not feasible for the team to implement a secure encryption for storing and protecting these personal data. Which is why it is not written inside as an NFR.
Items for the Tester to Verify
:question: Issue response
Team chose [response.NotInScope]
- [x] I disagree
Reason for disagreement: It may not be something I expect VirusTracker to implement now of course, but it should be something that is implemented in a future iteration. Something that handles "large amounts of data due to the pandemic" is indeed a matter of public concern, and no one would want their data to noe be stored securely, as the information is indeed private.
:question: Issue severity
Team chose [severity.Low]
Originally [severity.High]
- [x] I disagree
Reason for disagreement: While it was not in the scope, I believe it has to be. If healthcare officials want to use this system for potentially thousands of patients, there has to be a mechanism in place to safeguard this information. Again, I do no expect it to be implemented in this phase due to limited resources, but I fully expect it to be in a future iteration as security of health data should be paramount in this type of system.
Given that this is a healthcare system that has people's personal data, a missing NFR is for the data to be encrypted or stored securely.