Software Quality Assurance consists of three parts: Quality Control, which ensures software follows specific processes and includes the correct specifications; Quality Assurance, which verifies the software processes are correct and advises on the best procedures and processes; and Quality Engineering, which performs analyses of the software products.
Software reliability helps software systems be robust and dependable and builds in fault and failure tolerance. It also analyzes the software and systems to find areas of weakness and predicts problem areas via metrics, tools and analyses. Software reliability works with software quality to address workmanship problem areas, finding and removing defects that may affect the operational software.
Software safety is a systematic approach to identifying, analyzing, tracking, mitigating and controlling software contributions to hazards and hazardous functions software performs (data and commands) to ensure safer operation within a system.
The Software Assurance (SA) role in Verification and Validation (V&V) is as broad as V&V itself. SA provides software safety, reliability and quality insights at formal and informal project and software reviews as well as analyses of test plans, procedures and results.
Independent Verification and Validation provides in-depth, targeted analyses of NASA’s most critical software systems.
Cyber security is a growing area for SA, and its full role is not yet established. Currently, SA assures software protections that flow from the Project Protection Plan are incorporated and work. It also assures good engineering practices are in place and secure coding standards are used and tested against. SA’s role in the future could be to work with the software engineering and cyber security branches of the Chief Information Officer to assist with missions by examining the security of their development environments, securing the supply chain of software and its tools, testing for vulnerabilities in the software, developing new secure coding standards and thinking of impact to operations from a security perspective.