There is a system, could be a robot, for example a submarine, with computerized systems.
There are simulators.
Imagine there is a suite of test cases for the robot.
Imagine that those test cases are not run in the simulator.
That leaves a gateway for bugs to be introduced into the tests cases.
(A rogue programmer might doctor the tests cases. If there was a "daily systems operability test" that ran the test cases in the simulator, someone would pick up that the test cases had been doctored)
If the test cases can be doctored, then the software of the robot, submarine or whatever, can be doctored. Because the normal check that all is well, that the test cases run successfully, will actually mean that not all is well, that the submarine software has been doctored thereby matching the doctored testcases.
Tags: