bannerd

A. Introduction

B. Institutional Requirements

C. Project Software Requirements

D. Topics

E. Tools, References, and Terms

F. SPAN
(NASA Only)

Versions Compared

Old Version 3

changes.mady.by.user Haigh, Fred

Saved on

compared with

New Version Current

changes.mady.by.user Haigh, Fred

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tabsetup
01. Risk
12. Mitigation Strategies
23. Resources
Div
idtabs-1

1. Risk

Code peer review is a critical quality assurance process that ensures the correctness, reliability, maintainability, and compliance of software to engineering and safety standards. In NASA's software projects, peer review plays an integral role in identifying and resolving issues related to coding practices, logic errors, adherence to requirements, and compliance with standards such as NASA-STD-8739.8NPR 7150.2 

Swerefn
refnum083
, and other coding guidelines.

When more than 20% of the code is not subjected to peer review, the likelihood of undetected software defects increases, posing significant risks to mission success. This is especially critical for safety-critical, real-time, or embedded software, where defects can have catastrophic consequences. Peer review is one of the most cost-effective ways to identify issues early in the software development process. Skipping or inadequately performing this step escalates the risk of downstream defects, rework, delays, and potential mission failures.


1.2 Key Risks

1. Increased Defect Density

  • Issue: Without peer review, defects such as logic errors, algorithm inefficiencies, or non-compliance with coding standards remain undetected.
  • Risk to Program:
    • Defects manifest in testing or operations, leading to rework, schedule slips, or mission-critical faults.
    • Hidden defects propagate and increase cost as they emerge later in the development lifecycle.

2. Non-Compliance with Standards

  • Issue: Code that bypasses peer review may not adhere to NASA-required standards like NASA-STD-8739.8MISRA, or other mission-specific guidelines.
  • Risk to Program:
    • Non-compliance is flagged during audits or milestone reviews, forcing late-stage fixes and potentially delaying the program.
    • System safety and reliability are jeopardized because of inconsistencies in safety-critical software components.

3. Logical and Design Flaws

  • Issue: Without a second set of eyes, logical flaws or architectural issues in code can go unnoticed.
  • Risk to Program:
    • Critical algorithms or interfaces fail, causing unpredictable or unsafe system behavior.
    • Late discovery of architectural flaws triggers costly redesigns and integration issues in downstream phases.

4. Inconsistencies in Implementation

  • Issue: Developers may unknowingly duplicate functionality or use inconsistent approaches without peer feedback.
  • Risk to Program:
    • Code becomes harder to maintain and increases the risk of introducing unintended side effects during updates.
    • Poorly structured code leads to technical debt, decreasing long-term code scalability.

5. Low Code Quality

  • Issue: Code developed without peer review may become bloated, inefficient, or difficult to understand.
  • Risk to Program:
    • Poor documentation, naming conventions, and coding styles reduce maintainability.
    • Long-term supportability becomes challenging, especially for multi-year missions or follow-on projects.

6. Missed Errors in Interfaces or Critical Logic

  • Issue: Boundary conditions, edge cases, or hardware-software interfaces are prone to errors without proper review.
  • Risk to Program:
    • Failures in subsystems responsible for communications, avionics, or control logic propagate systemic errors.
    • Integration failures during testing phases increase costs and delay deployments.

7. Reduced Safety and Reliability

  • Issue: Unverified code in safety-critical software can lead to unsafe operational conditions.
  • Risk to Program:
    • Defects that remain undetected may result in catastrophic mission failures.
    • Systems may not behave predictably under operational anomalies or nominal conditions.

8. Low Team Confidence in Code

  • Issue: If a significant portion of code bypasses peer review, other team members may lack confidence in the overall quality and functionality.
  • Risk to Program:
    • Trust among team members is eroded, and integration tasks require additional caution, slowing progress.
    • Additional resources are spent manually verifying or rewriting unreviewed code.

9. Increased Costs in Later Phases

  • Issue: Skipping the peer review process early amplifies defects that must be addressed during testing, validation, or post-deployment.
  • Risk to Program:
    • Defects become more expensive to fix as they are discovered later in the project lifecycle.
    • Additional unplanned testing or debugging efforts derail budgets and schedules.

10. Undetected Security and Safety Vulnerabilities

  • Issue: Without review, vulnerabilities such as insecure coding practices (e.g., buffer overflows, race conditions) may remain in the code.
  • Risk to Program:
    • Systems become vulnerable to software failures, hacking, or unforeseen operational anomalies.
    • Compromised data integrity, system reliability, or safety-critical functions threatens mission success.
Root Causes

1.2 Root Causes

  1. Insufficient Resources:

    • Peer reviews are skipped due to a lack of personnel, time, or prioritization.

  2. Schedule Pressures:

    • Aggressive milestones or deadlines lead teams to cut back on essential peer review processes.

  3. Undefined or Poorly Enforced Peer Review Processes:

    • Projects fail to establish or mandate peer reviews as part of their software development plan.

  4. Inadequate Tool Support:

    • Lack of automated code review tools or manual constraints prevents peer reviews for larger codebases.

  5. Lack of Review Culture:

    • Teams fail to understand the importance of peer review or devalue the insights it provides in the development process.

  6. Outdated or Incomplete Guidelines:

    • Standards for peer reviews are unclear, resulting in inconsistent or insufficient attention to critical code elements.

  7. High Percentage of Legacy Code:

    • Older, pre-existing code is not reviewed, especially when repurposed for newer missions.
tabs-2
Div
idtabs-2

Mitigation Strategies

1. Define and Enforce Peer Review Policies

  • Make peer code reviews mandatory for all software projects, specifically targeting safety-critical and mission-critical components.
  • Establish a threshold ensuring 100% peer review for critical modules and at least 80% review for all other code.
  • Document compliance requirements in the Software Development Plan (SDP) as part of the project lifecycle process.

2. Assign Dedicated Resources

  • Allocate sufficient time in the schedule specifically for code reviews, ensuring developers and reviewers have the bandwidth to complete the process.
  • Select reviewers with expertise in the areas of code being reviewed, ensuring valuable and actionable feedback.

3. Use Structured Peer Review Processes

  • Employ formal review processes such as Fagan Inspections or checklist-based approaches to ensure thorough review:
    • Review requirements adherencelogical correctnessboundary testingerror handling, and standards compliance.
  • Standardize peer review templates to reduce ambiguity and maintain comprehensive coverage.

4. Implement Automated Code Review Tools

  • Use tools like SonarQubeCoverityLint, or similar static analysis tools to automatically enforce code quality standards:
    • Automate the identification of common coding errors, complexity, and higher-risk patterns (e.g., resource leaks, race conditions).
  • Combine automated tools with manual peer reviews to address both mechanical and creative/problem-solving errors.

5. Train Team Members in Peer Review Practices

  • Conduct training sessions for team members to understand best practices for conducting effective and productive peer reviews.
  • Highlight the importance of reviews in detecting and fixing issues early to save time and resources.

6. Prioritize Critical Code for Review

  • Assign priority to reviewing safety-critical software or modules with high complexity, significant hardware interfaces, or critical mission roles.
  • Ensure real-time, embedded, and flight-related code blocks undergo 100% peer review.

7. Make Peer Review Metrics Visible

  • Monitor and report on peer review coverage as part of development metrics:
    • Track the percentage of code reviewed and defects detected during those reviews.
  • Highlight projects or teams that fall below the defined 80% review threshold and take corrective measures.

8. Include Peer Reviews in Agile/Scrum Workflows

  • Incorporate peer reviews as part of every sprint or increment deliverable:
    • Use tools like GitGitHubBitbucket, or others for pull-request-based peer reviews.
  • Make sure small, iterative code changes are consistently reviewed.

9. Establish Continuous Improvement Practices

  • Encourage the review process to evolve:
    • Incorporate lessons learned to improve future reviews.
    • Gather team feedback on how reviews can be made more efficient and impactful.

10. Conduct Independent Verification and Validation (IV&V)

  • Partner with NASA’s IV&V Facilities to validate the thoroughness of peer reviews:
    • Use IV&V findings to identify gaps in peer review practices.
  • Have IV&V teams complement peer reviews, especially for high-risk, safety-critical systems.

Consequences of Ignoring Risks

  1. High Defect Introduction:
    • Code defects propagate through testing and into operational systems, resulting in catastrophic failures or rework costs.
  2. Non-Compliance with Standards:
    • The program is flagged during audits for not meeting peer review thresholds, delaying certification processes.
  3. Increased Cost of Fixes:
    • Defects identified later in the development lifecycle are exponentially more expensive to fix.
  4. Erosion of Confidence:
    • Stakeholder confidence in software quality diminishes due to poorly reviewed and unreliable software.
  5. Mission Failures:
    • Defects in critical systems (e.g., avionics, fault tolerance) lead to degraded mission performance or failure, with safety and reliability risks.

Conclusion:

Code peer reviews are a cornerstone of software quality in NASA projects, ensuring early defect detection, adherence to standards, and maintainability. Failing to peer-review at least 80% of the code introduces unnecessary risks to system reliability, safety, and mission success. By defining clear policies, leveraging tools and training, and fostering a peer review culture, projects can address this risk, ensuring that software meets the stringent demands of NASA missions. Ensuring that all safety-critical and real-time systems are thoroughly reviewed is non-negotiable for success.

Div
id


Div
idtabs-3

3. Resources

3.1 References

refstable-topic


Show If
groupconfluence-users
Panel
titleColorred
titleInstructions for Editors
Expand

For references to be used in the Risk pages they must be coded as "Topic R999" in the SWEREF page. See SWEREF-083 for an example. 

Enter the necessary modifications to be made in the table below:

SWEREFs to be addedSWEREFS to be deleted


SWEREFs called out in text: 083, 

SWEREFs NOT called out in text but listed as germane: 


...

Page Editor: Tim Crumbley
NASA Official: Tim Crumbley
Accessibility
NASA Software Engineering Handbook - A service of the NASA Office of the Chief Engineer
NASA Privacy Statement
______________________________________________________________________________