NSC Hosts SMA Discussion Forum on Risk-Based Tailoring for Software Assurance
For NASA projects, Software Assurance (SA) is not “one size fits all.”
Every NASA project is different, and in order to address a project’s SA needs, efficiently manage resources and mitigate risk, it is usually necessary to tailor SA to fit the project or types of project.
On Aug. 6, the NASA Safety Center hosted an SMA Discussion Forum on Risk-Based Tailoring for Software Assurance. The forum featured four panelists from different areas of the agency who shared their perspectives on tailoring SA to meet project needs and promote mission success.
Martha Wetherholt, the NASA technical fellow for SA, led the forum and discussed the importance of understanding and assessing each project’s risks to ensure the SA tasks target the known vulnerabilities and can assure the project maintains its intended functionality. Wetherholt also explained the necessity of documenting the identified risks, the SA mitigation strategies and recommended tailoring for each project. Having firm risks and defined SA approaches improves communication and budgeting of SA efforts when negotiating with the project.
Tim Crumbley, program executive for Software Engineering at NASA Headquarters, discussed NASA safety classification and how it relates to risk-based tailoring principles. Crumbley stressed the importance of reassessing any SA tailoring decisions through an engineering perspective.
Joel Wilf, SA engineer and researcher at NASA’s Jet Propulsion Laboratory, described how projects could evolve their tailoring strategy from general tailoring by project category or software classification to a detailed tailoring that considers the risk mitigated by each assurance activity. Wilf explained how assurance activities reduce uncertainty about software quality factors, and thus reduce the project’s risk when decisions are made that depend on software quality, reliability, safety or security.
Mitchell Ai-Chang, SA engineer at NASA’s Ames Research Center (ARC), rounded out the panel. He shared some of the tailoring strategies employed at ARC. The ARC perspective is particularly notable because most of its projects are risk class D payloads, requiring minimal SA.
Following their presentations, the panel fielded questions from participants.
The presentation slides and full video are available on the NASA Safety Center website (NASA Only).
SMA Discussion Forum is an interactive knowledge-sharing event hosted by the NASA Safety Center. The program gives NASA’s Safety and Mission Assurance (SMA) personnel an opportunity to listen to a presentation and participate in a facilitated discussion. The purpose of the event is to engage NASA SMA professionals in a meaningful dialogue of key SMA elements and concepts.