bannerd

A. Introduction

B. Institutional Requirements

C. Project Software Requirements

D. Topics

E. Tools, References, and Terms

F. SPAN
(NASA Only)

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

R005 - Use of a non-secure coding standard

1. Risk

The failure of software development teams to follow established processes detected through significant findings during software assurance audits poses a critical risk to the project. This risk includes the increased likelihood of undiscovered software defects, poor code quality, missed schedule milestones, and elevated software operational costs. Established software engineering processes are designed to provide structured and repeatable practices that ensure quality, predictability, and control in software development endeavors. Deviating from these processes undermines their purpose and introduces systemic risks that can compromise both the software and the project's overall success.

Adherence to software processes is particularly crucial for managing the increased complexity, size, and interdependencies of modern software systems. These processes enable development teams to:

  1. Ensure Consistency: Consistent application of processes reduces variability in development outcomes, supports predictable delivery, and facilitates better communication across teams. Without this, the project faces an increased likelihood of defects, quality gaps, and mismatched expectations.
  2. Achieve Traceability and Accountability: Formal processes ensure that every software artifact (requirements, designs, code, and test results) is traceable to its source and all changes are systematically tracked. This is essential for defect prevention, root cause analysis, and maintaining alignment with project goals.
  3. Mitigate Risks: Processes are specifically crafted to identify and address risks early in development cycles, reducing the potential for high-cost corrective actions late in the lifecycle.
  4. Validate Quality at Every Stage: Formal reviews, inspections, and quality gates are integral to most processes. These checkpoints are opportunities to discover defects early and prevent them from cascading downstream, when fixes become more expensive and disruptive.

Evidence of process noncompliance highlights systemic weaknesses in the development approach and increases the risk of substandard deliverables. Common results of not following processes include:

  • Increased Defects: Without a structured development lifecycle, teams are more likely to introduce and miss defects, some of which may not surface until late in testing or even operations, jeopardizing mission objectives.
  • Wasted Resources and Cost Overruns: Noncompliant processes lead to inefficiencies, repeated efforts, and rework. These can significantly inflate both development and operational costs.
  • Schedule Delays: Deviations from established processes often manifest in missed milestones or schedule slippage as teams scramble to resolve defects or misalignments introduced earlier in the development lifecycle.
  • Reduced Team Collaboration: Lack of process adherence can create an environment of ambiguity, where teams operate inconsistently, leading to delays, misunderstandings, and decreased productivity.

2. Mitigation Strategies

For a NASA project, noncompliance with defined software processes is particularly concerning given the organization's stringent requirements for quality, safety, and mission-critical software reliability. Software development organizations supporting NASA projects must demonstrate the skills and discipline necessary to follow the processes laid out for producing high-reliability software within the defined cost and schedule constraints. Process compliance is also vital to meeting NASA standards such as NPR 7150.2, which itself is predicated on years of accumulated industry best practices aimed at minimizing software development risks.

The significance of multiple findings from software assurance audits cannot be overstated. These findings serve as indicators of deeper systemic issues within a software development organization, suggesting gaps in training, oversight, or culture that must be immediately addressed. Failure to correct these deficiencies will perpetuate quality and schedule risks that jeopardize the project's success.

To mitigate this risk, it is essential that:

  1. Noncompliance is Addressed: Findings from audits must be treated as high-priority actions, with corrective measures implemented promptly and monitored for sustained improvement.
  2. Processes are Enforced and Monitored: Development teams must be reminded of the importance of adherence to structured processes and held accountable for compliance through regular monitoring.
  3. Training is Provided: Development and assurance teams should be provided ongoing training on proper process adherence to ensure alignment with NASA's exacting standards.

Ignoring these findings and continuing without correcting process noncompliance would undermine the project’s ability to meet its goals for quality, safety, and sustainability, putting the mission at serious risk.


3. Resources

3.1 References

[Click here to view master references table.]

No references have been currently identified for this Topic. If you wish to suggest a reference, please leave a comment below.





  • No labels

0 Comments

Page Editor: Tim Crumbley
NASA Official: Tim Crumbley
Accessibility
NASA Software Engineering Handbook - A service of the NASA Office of the Chief Engineer
NASA Privacy Statement
______________________________________________________________________________