SoftwareAssurance_Fundamentals

Benefits of Software Assurance (Quality)

Software Assurance provides the following benefits:

 

  • Adds the life-cycle discipline to Software.
  • Ensures reliability, safety, proper V&V (Verification & Validation), IV&V (Independent Verification and Validation), and quality of delivered software.
  • Provides the procedures and discipline of applying, operating and maintaining assurance/quality in software.
  • Provides specific requirements for integrating specialty engineering into software.

 

Tools Employed in Software Quality

Quality in Software takes a similar approach to quality in hardware. Common tools are employed such as:

 

  • Change Requests
  • Baselines
  • Test Incident Reports
  • Non-Conformances
  • Bug tracking
  • Testing (including regression)
  • Verification and Validation (V&V)
  • Audits
  • Operational Support

 

It is up to you: Try to match the definitions with the names of some tools employed in software quality. Then check the answers in order to review the definitions. The content below was created by using the definitions provided in the references 5,6,7,8 and 9.

 

The Life-Cycle Approach to SW

As stated previously, SW Assurance allows SW to follow the life-cycle approach. The life-cycles as defined by NASA are shown below3.  If you want to learn more about the System Life Cycle as defined by NASA, you can take a look on the AAQ content about this subject here.

 

Pre-Phase A – Concept Studies (finding a concept)

In this phase, an evaluation is completed to determine if software is necessary. If necessary, classify the software, analyze the safety criticality, determine the scope of IV&V, and determine the scope of software assurance.

 

Phase A –  Concept & Technology Development (assessment of concept)

In this phase, the software assurance manager will:

 

  • Verify that all software assurance requirements have been captured in the request for proposal (RFP).
  • Play a role in contract negotiation to ensure that all software development requirements have been captured.
  • Perform an updated software classification assessment.
  • Update the software assurance requirements with the updated software classification assessment as necessary.
  • Maintain the software classification report.

 

Phase B – Preliminary Design & Technology Completion (define and establish preliminary design)

The software assurance manager will:

 

  • Verify the contractual requirements against the software assurance plan.
  • Verify that the software assurance plan is baselined.
  • Ensure that the appropriate personnel is trained in all software assurance responsibilities.

 

Phase C – Final Design & Fabrication and Phase D – System Assembly, Integration & Test, Launch

Software assurance shall perform the following tasks:
 

  • Ensure that the acquirer expectations are being met in accordance with the software assurance plan.
  • Ensure assurance processes have been developed for COTS, MOTS, and GOTS software.
  • Provide oversight to the software development team to ensure all plans and procedures are adhered to.
  • Ensure that the acquirer is providing adequate insight to the software provider.
  • Ensure proper configuration management of deliverable software.
  • Ensure any discrepancies are documented and tracked to resolution.
  • Assurance software products are reviewed and quality metrics are collected, analyzed, and documented.
  • Ensure that an audit is performed prior to delivery.
  • Ensure that the acquirer is prepared to receive the software product.
  • Ensure a proper acceptance data package (ADP).
  • Ensure lessons learned are captured.

 

Phase E – Operations & Sustainment

In this phase, Software assurance shall perform the following tasks:

 

  • Ensure proper processes are in place to support operations.
  • Ensure any operational workarounds have been reviewed and approved.
  • “Perform periodic assessments to ensure baseline management of software requirements, design, code, and documentation and to ensure review and approval of software changes or software induced operational workaround.”
  • Ensure plans are in place for maintenance.
  • Transfer any supporting software and/or licenses to the acquirer.
  • Ensure metrics are collected for reliability purposes.
  • Ensure a software retirement plan is in place.

 

This is consistent with the Department of Defense (DoD) life-cycle approach (MIL-STD-499B)2.

Requirements of Software Assurance

There are certain requirements that should be levied on software assurance for each build of all computer software configuration items (CSCIs) for the entire system. These requirements are:

 

  • Software assurance shall be planned for in the software development plan.
  • Software assurance shall conduct on going evaluations of SW during development including:
    • Ensuring software meets all contractual requirements
    • Ensuring each CSCI is required and has been properly evaluated and tested
    • Ensuring proper corrective actions are taken (Corrective action varies depending on the life-cycle phase which also dictates the amount of configuration control and baseline the SW is classified under)
  • Software assurance shall maintain proper records throughout the life of the contract.
  • Software assurance shall be conducted independently of the persons developing the software.

 

It is up to you: Play with the interactive content below to review what you just learned.

 

Critical Software

If the software is deemed critical, there are other requirements that the SW shall conform to. Critical SW is any software that can have adverse affects to safety, security, privacy and/or system reliability.

 

  • Safety: The developer shall identify safety critical CSCIs, develop a safety assurance strategy, implement a SW safety program and properly document execution of the strategy in the SW development plan
  • Security: The developer shall identify security critical CSCIs, develop a security assurance strategy, implement a SW security program and properly document execution of the strategy in the SW development plan
  • Privacy: The developer shall identify Privacy critical CSCIs, develop a Privacy assurance strategy, implement a SW Privacy program and properly document execution of the strategy in the SW development plan
  • Reliability: The developer shall identify reliability critical CSCIs, develop a reliability assurance strategy, implement a SW reliability program and properly document execution of the strategy in the SW development plan.

 

Take a look on the presentation below. It was based on the article "An introduction to safety-critical software" 10 and it illustrates the importance of meeting all the requirements when it comes to critical software.