1. Introduction

The software assurance and software safety activities provide a level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, that the software functions in an intended manner, and that the software does not function in an unintended manner. The software assurance process is the planned and systematic set of activities that ensure the conformance of software life cycle processes and products to requirements, standards, and procedures.  Software assurance assures that the software and its related products meet their specified requirements, conform to standards and regulations, are consistent, complete, correct, safe, secure, and reliable as warranted for the system and operating environment, and satisfy customer needs. The objectives of software assurance and software safety activities include the following:

1. Ensuring that the processes, procedures, and products used to produce and sustain the software conform to all specified requirements and standards that govern those processes, procedures, and products.
   • A set of activities that assess adherence to, and the adequacy of the software processes used to develop and modify software products.
   • A set of activities that define and assess the adequacy of software processes to provide evidence that establishes confidence that the software processes are appropriate for and produce software products of suitable quality for their intended purposes.
2. Determining the degree of software quality obtained by the software products.
3. Ensuring that the software systems are safe and that the software safety-critical requirements are followed.
4. Ensuring that the software systems are secure.

1.1 Related Activities

• SE-Initiation and Planning - Assurance activities are planned. They are dependent on a whole host of other project activities.  
• SE-Estimation - Estimates are made and tracked for assurance activities. Assurance must be measured and controlled. 
• SE-Schedules - Assurance Activities are scheduled and tracked to completion.  
• SE-Training - Assurance tam members are trained in Assurance methods, the use of Assurance tools, and related subjects. 
• SE-Scope Management - Requirements, defect management, change management, Non-conformance and Defect Management. 
• SE-Testing - including V&V
• SE-Operations, Maintenance and Retirement
• SE-Configuration Mgmt - including code repository, builds, and releases 
• Peer Reviews - including Assurance reviews
• Measurements - related to Assurance

1.2 Related NPR 7150.2 SWEs

• SWE-022 - Software Assurance

Note
Typically starts with a quote from the NPR that helps define the activity. Additional descriptive material is meant to help define the activity but not be so detailed that it pulls in all of the guidance from the SWEs in the activity.

Panel
borderColor blue title NPR 7150.2B para 5.3.1
Software peer reviews and inspections are the in-process technical examination of work products by peers to find and eliminate defects early in the life cycle. Software peer reviews and inspections are performed following defined procedures covering the preparation for the review, the review itself is conducted, results are recorded, results are reported, and completion criteria is certified. When planning the composition of a software peer review or inspection team, consider including software testing, system testing, software assurance, software safety, software cybersecurity, and software IV&V personnel.

Examples of Some Documents Going Through Peer Review 

Image Added

1.1 Inputs

• Planning - Peer Reviews are planned activities. They appear in the plans and schedules for the project
• Requirements - These are the things that are Peer Reviewed
• Architecture Items - These are the things that are Peer Reviewed
• Design items - These are the things that are Peer Reviewed
• Test Plans and Procedures - These are the things that are Peer Reviewed

1.2 Predecessor Activities

Predecessor Activities are performed before Peer Reviews. These activities produce the work products that will be reviewed. 

• Life Cycle Planning - Peer Reviews are planned activities. They are also used to review and improve all types of plans. 
• Requirements -  Creating the things that are Peer Reviewed
• Architecture Items - Creating the things that are Peer Reviewed
• Design items - Creating the things that are Peer Reviewed
• Test Plans and Procedures - Creating the things that are Peer Reviewed

1.3 Outputs

In the case of Peer Reviews, outputs cycle back to the activity that provided the inputs so that improvements to the work products can be made. The activities that initiated the Peer Review, receive the findings from Peer Reviews, Those activities then use those findings to to fix defects and implement improvements uncovered in the reviews. The improved work products are then used by downstream activities as the project proceeds. 

1.4 Successor Activities

• Life Cycle Planning
• Software Architecture 
• Software Design
• Software Testing
• Configuration Management
• Coding

1.5 Repetition

Peer Reviews are planned activities and may be repeated as needed throughout the life cycle.

• As Software Requirements, budgets, schedules, and technology changes are factored into the project, additional Peer Reviews of affected work products may be desirable.  

1.6 Center Resources From SPAN

Several Centers Process Asset Libraries have materials related to this activity. Related Processes, templates, and other resources may be found in the following Activities in SPAN (available to NASA only). 

• Peer Review