Sept 2007 1

Software Research and Technology Infusion

2007 Software Assurance Symposium

Sept 2007 2

Software Research and Technology Infusion

Goal: Transfer mature Software Engineering and Software Assurance technologies into practice– Provide a reduced risk approach to evaluating:

Technologies derived from NASA-sponsored research Other new and innovative SE/SA tools and technologies

Approach– Present selected SW technologies to the

NASA software development/assurance community

– Encourage and support collaborationsbetween the technology providers andNASA software developers and assurance personnel.

Sept 2007 3

Motivation

Encourage the uptake of new research results and technologies within the NASA missions

Facilitate the transfer of technology through collaborations between technology providers and end-users who have a need for the technology

Establish and monitor infusion projects and use lessons learned to improve the uptake of new technologies within NASA

Sept 2007 4

Obstacles to Research Infusion

“gap” between interpretations of adequate maturity; Risk-aversion of most NASA developers and most

NASA projects; Lack of evidence to demonstrate benefits (analyses,

ROI, etc.); Practitioners are not always aware of new and

relevant technologies available to them; Fragmented practitioner community.

Sept 2007 5

Overcoming Obstacles

Information Gathering; Information Dissemination; Brokering Collaborations.

Sept 2007 6

Information Gathering

Focus on research/technologies that:1. Have particular relevance to software assurance.

2. Can be incorporated into existing software development practices with a minimum of disruption.

3. Are mid- to high-TRL (or PF) research, demonstrating success on a real project, and ready for use more or less “as-is”.

4. Are either NASA-funded research results or technologies that address needs identified by NASA software developers.

5. Robust and mature with good user documentation

6. Not currently in widespread use within the agency

Sept 2007 7

Information Dissemination

Via the Research Infusion team’s website; Via direct contact with developers and assurance

personnel; Via direct “marketing” (email, telephone); Via NASA-wide WebEx(s).

Sept 2007 8

Brokering Collaborations

Annual NASA-wide proposal solicitation; A small number (+/- 10) of technologies are

presented via NASA-wide announcements; Interested parties are encouraged to submit a

proposal, and offered guidance in writing their proposal;

Introductions are made between the proposal writers (the NASA developers or QA) and the technology provider, and they are encouraged to work closely in writing the proposal.

Sept 2007 9

Proposal Selection Process Follow a defined and repeatable process

– Solicitation announced and promoted– Collaborations brokered and proposals submitted– Each RI team member reviews & evaluates all proposals

Numerical Qualitative

– Evaluations were combined, questions and concerns noted– Communicated concerns and got feedback from proposal

teams– Subsequent evaluation meetings held: rankings finalized– Ranking summarized and provided to OSMA and OCE for

endorsement Duration ~4 months

– Idea is to address the need while it still exists

Sept 2007 10

Impact across NASA

Sept 2007 11

Completed ProjectsTechnology Technology Provider Technology Description Customer Sites and Target

ApplicationsOutcome/Benefits

Perspective-based Inspections Fraunhofer Maryland, SARP Software Manual Inspection Technique

GSFC (Spacecraft FSW)

USA (ISS power analyzer)

Defects found in legacy code and that escaped previous inspections. Adopted.

Software Cost Reduction (SCR)

Naval Research Laboratory Requirements Analysis Tools ARC (ISS Payload) Personnel trained. Reqts validated.

SpecTRM Safeware Engineering Corp. & MIT

Requirements Capture and Analysis

JPL (Capture of Mission Design Rationale)

Personnel trained. MIT student hired.

Orthogonal-Defect Classification

JPL, SARP Process Improvement Methodology

JPL (Ground SW) SQA and project personnel trained.

CodeSurfer/CodeSonar Grammatech, Inc. Reverse Engineering/defect detection

JSC (ISS, Shuttle),

IVVF (Spacecraft FSW)

Found defects that escaped previous inspections.

C Global Surveyor (CGS) ARC – Intelligent Systems Program

Software defect detection tool ARC (ISS science payload)

MSFC (ISS payload)

Found defects. Good feedback to provider.

Coverity SWAT/Prevent Coverity, Inc. Software defect detection tool MSFC (ISS, Shuttle FSW) Found defects that escaped testing. Will be adopted.

Klockwork Inspect Klockwork, Inc. Static code analysis tool JPL (Mission Planning SW) Found defects. Expressed interest in using again.

Sept 2007 12

New FY07 Research Infusion Projects

Project Technology Customer Sites

Infusion of Perspective-Based Inspection in NASA IV&V

Perspective Based Inspection NASA IV&V Facility

Supporting Model-Based Systems and Software Engineering with SpecTRM

SpecTRM JPL

Technology Infusion of CodeSonar into the Space Network Ground Segment at Goddard Space Flight Center’s White Sands Complex

CodeSonar GSFC White Sands

Technology Infusion of SDA into the MOD Software Development Process

Software Developers Assistant (SDA)

JSC

Technology Infusion of SAVE into STRS Architecture Compliance Verification at GRC

Software Architecture and Evaluation Toolset (SAVE)

GRC

Infusion of Requirements Assistance into CEV IV&V Validation Activities

Requirements Assistant (RA) NASA IV&V Facility

Sept 2007 13

FY08 Research Infusion

Emphasize the needs based approach to infusion– Will work with the NASA projects to better understand their needs

Needs will serve as the basis for offering up both research and commercial technologies

Continue to learn from previous experiences– Understand successes and failures of previously offered

technologies If the infusion wasn’t successful what needs to be improved (either in

the process or the technology)? If the project was successful what did we do right?

Sept 2007 14

FY08 Research Infusion

Communicate opportunities– Promote new technologies to be offered

Challenge the center reps to broadly disseminate technology offerings

– Conduct F2F discussions– Promote early discussions between the project personnel and the

technology developers

Communicate results– Promote the results of the infusion projects inside and outside of

NASA Many infusion projects were successful on a single project Need to promote results using this empirical data

– Need to disseminate these successes to other projects to help support the idea that the technology is “proven”

– Understand there is still risk associated with the technology

Sept 2007 15

Conclusions and Future Direction

We consider the Research Infusion activity to have been a success, and it will continue with increased funding

A modest approach has achieved significant results with only small budgetary requirements

We anticipate keeping largely the same procedure for soliciting projects, selecting projects, and evaluating progress

We will place a greater emphasis on identifying needs and increasing communication