Software Assurance (SA) practitioners from around the agency came together Aug. 27–29 at the Ohio Aerospace Institute (OAI), just outside Glenn Research Center, for the annual SA Working Group (SAWG) face-to-face meeting.

Many members arrived early to attend an optional, day-long Introduction to Software Safety Cases pilot course taught by Martin Feather and Lawrence Markosian on Monday before the meeting officially kicked off on Tuesday.

Meeting activities included 19 presentations from the Software Assurance Research Program (SARP) on current SA research projects, updates on software working group activities, an OAI overview, State of Software Assurance presentation and work on the SA standard. Throughout the meeting, researchers mingled with the group to get a better idea of what the NASA SA community struggles with day-to-day and see how future research could help meet their needs.

Progress on the Standard for Software Assurance

After a few initial presentations, SAWG members dove into an in-depth conversation on revisions to NASA-STD-8739.8 Standard for Software Assurance. Some of the researchers participated in the discussion, while others used the breakout sessions to collaborate among themselves.

“We wanted to take advantage of the face-to-face meeting and work on it together,” said Guillermo del Carmen, the group’s unofficial co-chair. “This standard is sort of like our bible,” he added.

Group chair Martha Wetherholt has been working on the rewrite with the help of NASA’s Independent Verification and Validation facility, but when it came down to it, she really wanted the group to take ownership of the standard. This ensures that the people doing the work drive the requirements that affect them day-to-day.

The group broke into smaller teams focusing primarily on Section 5, Acquirer Software Assurance — a central part of the standard that outlines the roles and responsibilities of software acquirers, NASA’s typical role. The breakout sessions jump-started the revision process and led to productive discussions on what people wanted to see included. Group members were excited to be involved and many volunteered to continue developing the rewrite.

“What I really wanted from this meeting was to invigorate Software Assurance people so they [would] retake ownership of the standard,” shared Wetherholt. “I needed a small, dedicated group to take it on, and I got that.”

Wetherholt hopes to have an initial draft ready in January and a final, signed copy by this time next year.

“I want to get it out there,” she admits, “but I want it to be the right thing more than anything else.”

Defining Software Certification

Another valuable group discussion centered on software certification and how it’s done at each center.

“Everyone was interested and had a lot to say about how their center does it,” said del Carmen.

The conversation revealed that each center has very different ideas on what software certification is and what it entails. As a result, the group spent time ironing out the definition of software certification.

“It was an eye opener to some of us because we thought we had a better understanding of software certification,” said del Carmen.

Eyes on the Goal

Towards the end of the meeting, the group reviewed a list of objectives outlined at last year’s meeting as a part of the Objectives, Goals, Strategies and Metrics (OGSM) process. OGSM is a framework the group uses to address top SA issues across the agency. SAWG has a five-year plan to meet all the targets, and the group works on many of the strategies on an ongoing basis. The subgroup working on the standard revision will use OGSM to guide the developing changes ensuring the end result supports SA goals.

Although the standard revisions, SA objectives and other projects will keep group members busy, they also hope to develop an electronic SA guidebook full of techniques, tools, analyses, tips on how to do SA, and things to consider including formal inspections and audits.

Wetherholt was pleased with the meeting outcomes and grateful for the working group’s participation.

“It’s a wonderful group of people,” said Wetherholt. “They are hardworking and dedicated. They have a hard job that not a lot of people understand, and doggone it, they are out there every day working hard and making a difference.”

About the SAWG

The SAWG originally started as the Software Management and Assurances Process (SMAP) group. SMAP consisted of software engineers and software assurance specialists. When the group broke apart in the mid-1990s, it continued as an unofficial, ad hoc software group to meet the community’s needs. Eventually, part of this group developed a charter and officially became the Software Working Group (SWG). This group focused heavily on software engineering, so Wetherholt created the SAWG to directly address SA. Although it is unchartered, SAWG is a strong group that unites the SA community. Chaired by Wetherholt, it helps create a greater understanding of SA at NASA, and provides a forum for practitioners to reach out to one another to share ideas, solutions and resources and to work on SA issues that crop up across the agency.