Documenting and Reporting of Analysis Results.
When the design is analyzed, the Software Design Analysis work product is generated to document results capturing the findings and corrective actions that need to be addressed to improve the overall design. It should include a detailed report of the design analysis results. Analysis results should also be reported in a high-level summary and conveyed as part of weekly or monthly SA Status Reports. The high-level summary should provide an overall evaluation of the analysis, any issues/concerns, and any associated risks. If a time-critical issue is uncovered, it should be reported to management immediately so that the affected organization may begin addressing it at once.
When a project has safety-critical software, analysis results should be shared with the Software Safety personnel. The results of analysis conducted by Software Assurance personnel and those done by Software Safety personnel may be combined into one analysis report, if desired.
4.1 High-Level Analysis Content for SA Status Report
New or updated design analysis results Any design analysis since the last SA Status Report or project management meeting should be reported to project management and the rest of the Software Assurance team. When a project has safety-critical software, any analysis done by Software Assurance should be shared with the Software Safety personnel.
When reporting the results of an analysis in a SA Status Report, the following defines the minimum recommended contents:
- Identification of what was analyzed: Mission/Project/Application
- Period/Timeframe/Phase analysis performed during
- Summary of analysis techniques used
- Overall assessment of design, based on analysis
- Major findings and associated risk
- Current status of findings: open/closed; projection for closure timeframe
4.2 Detailed Content for Analysis Product:
The Software Design Analysis product captures and documents all the detailed results of the analysis and descriptions of the techniques/methods used. The analysis techniques/methods that produced the most useful results should be highlighted for future use. The Software Design Analysis product is placed under configuration management and delivered to the project management team as the Software Assurance record for the activity. When a project has safety-critical software, this product should be shared with the Software Safety personnel.
When reporting the detailed results of the software design analysis, the following defines the minimum recommended content:
- Identification of what was analyzed: Mission/Project/Application
- Person(s) or group performing the analysis
- Period/Timeframe/Phase analysis performed
- Documents used in analysis (e.g., versions of the system and software requirements, interfaces document, architectural and detailed design)
- Description or identification of analysis techniques used. Include an evaluation of the techniques used.
- Overall assessment of design, based on analysis results
- Major findings and associated risk – The detailed reporting should include where the finding, issue, or concern was discovered and an assessment of the amount of risk involved with the finding.
- Minor findings
- Current status of findings: open/closed; projection for closure timeframe
- Include counts for those discovered by SA and Software Safety
- Include overall counts from the Project’s problem/issue tracking system.