bannera

Book A.
Introduction

Book B.
7150 Requirements Guidance

Book C.
Topics

Tools,
References, & Terms

SPAN
(NASA Only)

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Error formatting macro: alias: java.lang.NullPointerException
SWE-041 - Open Source Software Notification
Unknown macro: {div3}

1. Requirements

2.6.1.3 The project shall require the software supplier(s) to notify the project, in the response to the solicitation, as to whether open source software will be included in code developed for the project.

1.1 Notes">1.1 Notes

NPR 7150.2A does not include any notes for this requirement.

1.2 Applicability Across Classes

Classes C through E and Safety Critical are labeled with "SO if D-E". This means that for Classes D through E, this requirement applies only to the safety-critical aspects of the software.

Class G is labeled with "P (Center). This means that an approved center-defined process which meets a non-empty subset of the full requirement can be used to achieve this requirement.

Class

  A_SC 

A_NSC

  B_SC 

B_NSC

  C_SC 

C_NSC

  D_SC 

D_NSC

  E_SC 

E_NSC

     F      

     G      

     H      

Applicable?

   

   

   

   

    X

   

    X

   

    X

   

   

    P(C)

   

Key:    A_SC = Class A Software, Safety Critical | A_NSC = Class A Software, Not Safety Critical | ... | - Applicable | - Not Applicable
X - Applicable with details, read above for more | P(C) - P(Center), follow center requirements or procedures

Unknown macro: {div3}

2. Rationale

Open source software (OSS) comes with a collection of advantages and risks. OSS can shorten software system development times. Unit and component testing may have been detailed. These work products may have been subjected to multiple instances of regression testing. On the other hand, OSS may require the use of other software or systems for proper operation. The value of widespread availability of OSS may be offset by licensing restrictions.

Because this software often can be embedded within an otherwise newly developed software product, it is important for bidders and suppliers to notify NASA and all interested stakeholders so the appropriate measures of control and verification can be developed and applied to the project. Without notification by the supplier, the existence of OSS and its licensing ramifications may not be otherwise recognized by the NASA software team.

Early notification of the intent to use OSS is important because its inclusion in the software development product may have negative impacts on NASA's intended use of the software. It will also require legal analysis to resolve ownership, registration and licensing issues.

Unknown macro: {div3}

3. Guidance

     a. Include this requirement in the RFP for all systems which include software to be delivered to NASA.
     b. Include a clause in contracts and agreements which requires immediate notification to NASA of any change in status in the agreed to use of OSS by the supplier.

OSS is often considered for use in the early lifecycle phases of a software product development activity because of its availability and its seemingly inexpensive cost (relative to newly developed software). A software engineer often finds it more expedient to use widely available and well tested code developed in the software community for common functions than to "reinvent the wheel". Even if most of the software on a NASA project is developed by an in-house supplier, it is possible to find embedded OSS within the code.

[SWE-027] contains extensive information on open source software, including embedded OSS. Advantages, disadvantages and other lessons learned over the use of OSS are extensively discussed in [SWE-027].

The software development team must assure the inclusion of this requirement in all appropriate software acquisition activities. See [SWE-038] for additional guidance on software acquisition planning.

While SWE-041 doesn't address OSS released by NASA, there are related requirements in NPR 2210.1 and an associated NASA Open Source Agreement which covers this situation.

Unknown macro: {div3}

4. Small Projects

SWE-041 is equally applicable to small projects and has legal ramifications that can't be ignored.

Unknown macro: {div3}

5. Resources

  1. Release of NASA Software, NPR 2210.1C, 2010
  2. NASA Engineering and Program/Project Management Policy, NPD 7120.4D, 2010
  3. NASA Space Flight Program and Project Management Requirements, NPR 7120.5D (NM-7120.81), 2009.
  4. "Mission -Critical Development with Open Source Software: Lessons Learned", Norris, J.S.; IEEE Software, 2004
  5. "Running Open Technology Development Projects", John Scott, Dr. David A. Wheeler, Mark Lucas, and J.C. Herz; Software Tech News, Feb., 2011

5.1 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN).

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

Unknown macro: {div3}

6. Lessons Learned

  1. Norris 4 indicates that it might seem counterintuitive, but (his) experience indicates that using open source can often make a project more nimble because its resources are concentrated on the system's core architecture instead of specific features.

However, the problem he discusses below indicates the need for knowing whether open source software is included in the project.

"This posed a problem for the use of two components that were released under the restrictive General Public License, which requires all applications linked to the code to also be open source. Fortunately, in both cases the open source suppliers let (him) purchase a less restrictive license for a small fee, and tossed in priority technical support as part of the deal" 4.

  1. Scott 5 et.al," indicate another lessons learned when they discuss the fact that many government programs have existing technology that was originally funded by the government. If the intellectual rights over those technologies are inadequate or cannot be determined, the government should consider negotiating with the appropriate integrators/vendors to release the source code under less restrictive data rights sufficient for an Open GOTS (OGOTS) or OSS project. An easy way to do this is to simply fund the conversion process for the contractor(s)."
  • No labels