6.2 Existing Structure in SWEs with Tab 7 Software Assurance
The tab 7 information defines a structure for providing guidance on satisfying a SWE for a the Software Assurance team members on the development project. SWEs that are from Chapters 3 - 5 of NPR 7150.2 have a Tab 7 for Software Assurance content. This tab brings into focus the parallel nature of Software Assurance and Software Development work. For every set of requirements in NPR 7150.2 for Software Development, there are some tasks for Software Assurance to accomplish:
- Tasking for Software Assurance - one or more tasks derived from the NPR 7150.2 Requirement and specifically included in NASA-STD-8739.8.
- Software Assurance Products - one or more work products created as a result of accomplishing the tasking.
- Metrics - example metrics that could be collected (including some that must be collected) as a result of accomplishing the tasking.
- Guidance - Additional information regarding how the tasks could be accomplished. In some cases, the guidance includes step by step instructions on accomplishing the tasks.
Looking at SWE-058 - Detailed Design as an example. We see 5 tasks assigned to SA for this SWE.
1. Assess the software design against the hardware and software requirements and identify any gaps.
2. Assess the software design to verify that the design is consistent with the software architectural design concepts and that the software design describes the lower-level units to be coded, compiled, and tested.
3. Assess that the design does not introduce undesirable behaviors or unnecessary capabilities.
4. Confirm that the software design implements all of the required safety-critical functions and requirements.
5. Perform a software assurance design analysis.
6.3 Expanding the Notion of Tasking into the SWE Structure
If we consider expanding the notion of Tasks into the current SWEs, we would have to look for a place to put them. Without a major restructuring of the tabs, we could consider putting them into tab 4. This would require renaming this tab from "Small Projects" to something like "Project Tasks". The preamble for this tab might be:
"Project Tasks are recommended for projects where this SWE is applicable. They are derived from the requirement. Suggestions for completing the tasks and producing the recommended work products are based on the guidance in tab 3."
The Guidance for SWE-058 contains information which could be interpreted as tasks for Software Development team members.
- 3.1 Design Readiness - including suggested checklist items for preparing for a Preliminary Design Review (PDR)
- 3.2 Coding Standards and Processes
- 3.3 Design Considerations
- 3.4 Detailed Design Documentation and Progress Reviews
- 3.5 Design Maintenance
For the new tab 4 content we might consider the following:
4.1 Tasking for Software Development
Guidance for each task is available in tab 3.
- Assess Design Readiness
- Establish Coding Standards and Processes
- Establish Project Specific Design Considerations
- Establish Detailed Design Documentation and Progress Reviews
- Establish Design Maintenance Processes and Mechanisms
4.2 Software Development Work Products
- Software Development Process - which includes details on the Design Process to be followed.
- List of design components including when they are expected to be available - as input to Development Schedule
- List of methods, tools, standards, and guidelines for your project.
- List of training and experience required by team members to perform the design and development work.
4.3 Metrics
Suggested metrics are listed below. Items in bold are strongly recommended for implementation in order to provide benefit for tracking and assessing completion of the work.
- # of architectural issues identified vs. number closed.
- # of design issues found versus the number of design issues resolved.
- # of requirement issues (Open, Closed) over time.
- # of non-conformances identified by life cycle phase over time.
- # of software work product Non-Conformances identified by life cycle phase over time
This tasking was derived using
- The headings from the guidance in tab 3 for the tasks
- Some of the work products found in tab 3 (not an exhaustive list here, just enough to represent the concept)
- Metrics are taken from 7.3 (SA Metrics) and reworded slightly (again, not an exhaustive list here, just enough to represent the concept)
6.4 Assembling the Combined Activity from Tasks
Looking at the Development Tasks above, it is clear that there is not a one to one correspondence between Development Tasks and Assurance Tasks. The table below demonstrates this:
| Development Task | Assurance Task |
|---|---|
| 1. Assess the software design against the hardware and software requirements and identify any gaps. 2. Assess the software design to verify that the design is consistent with the software architectural design concepts and that the software design describes the lower-level units to be coded, compiled, and tested. 3. Assess that the design does not introduce undesirable behaviors or unnecessary capabilities. 4. Confirm that the software design implements all of the required safety-critical functions and requirements. 5. Perform a software assurance design analysis. |
