Invalid license: Your evaluation license of Refined expired.
bannerd

A. Introduction

B. Institutional Requirements

C. Project Software Requirements

D. Topics

E. Tools, References, and Terms

F. SPAN
(NASA Only)


Renew your license to continue

Your evaluation license of Visibility for Confluence expired. Please use the Buy button to purchase a new license.

6.1 Documenting and Reporting of Analysis Results

When the design is analyzed, the Source Code Quality Analysis work product is generated to document the results. It should include a detailed report of the source code analysis results. Analysis results should also be reported in a high-level summary and conveyed as part of weekly or monthly SA Status Reports. The high-level summary should provide an overall evaluation of the analysis, any issues/concerns, and any associated risks. If a time-critical issue is uncovered, it should be reported to management immediately so that the affected organization may begin addressing it at once.

When a project has safety-critical software, analysis results should be shared with the Software Safety personnel. The results of an analysis conducted by Software Assurance personnel and those done by Software Safety personnel may be combined into one analysis report if desired.

6.2 High-Level Analysis Content for SA Status Report

Any source code quality analysis performed since the last SA Status Report or project management meeting should be reported to project management and the rest of the Software Assurance team. When a project has safety-critical software, any analysis done by Software Assurance should be shared with the Software Safety personnel.

When reporting the results of an analysis in a SA Status Report, the following defines the minimum recommended contents:

  • Identification of what was analyzed: Mission/Project/Application

  • Period/Timeframe/Phase analysis performed during

  • Summary of analysis techniques used

  • Overall assessment of design, based on analysis

  • Major findings and associated risk

  • Current status of findings: open/closed; projection for closure timeframe

6.3 Detailed Content for Analysis Product

The detailed results of all source code quality analysis activities are captured in the Source Code Quality Analysis product. This document is placed under configuration management and delivered to the project management team as the Software Assurance record for the activity. When a project has safety-critical software, this product should be shared with the Software Safety personnel.

When reporting the detailed results of the software design analysis, the following defines the minimum recommended content:

  • Identification of what was analyzed: Mission/Project/Application

  • Person(s) or group performing the analysis

  • Period/Timeframe/Phase analysis performed

  • Documents and Tools used in the analysis (e.g., architectural and detailed design, Klocwork)

  • Description or identification of analysis techniques used. Include an evaluation of the techniques used.

  • Overall assessment of source code quality, based on analysis results

  • Major findings and associated risk – Detailed reporting should include where the finding, issue, or concern was discovered and an assessment of the amount of risk involved with the finding.

  • Minor findings

  • Current status of findings: open/closed; projection for closure timeframe

  • Include counts for those discovered by SA and Software Safety

  • Include overall counts from the Project’s problem/issue tracking system.

  • No labels
Page Editor: Tim Crumbley
NASA Official: Tim Crumbley
Accessibility
NASA Software Engineering Handbook - A service of the NASA Office of the Chief Engineer
NASA Privacy Statement
______________________________________________________________________________