scope:

The focus of this document is on analysis, development, and assurance of safety-critical software, including firmware (e.g. software residing in non-volatile memory, such as ROM, EPROM, EEPROM, or flash memory) and programmable logic. This document also discusses issues with contractor-developed software. It provides guidance on how to address creation and assurance of safety-critical software within the overall software development, management, risk management, and assurance activities.

Techniques and analyses are described in varying levels of detail throughout the guidebook, depending on the amount of information available. For techniques or analyses are that are new, the guidebook attempts to give a flavor of the technique or procedure and provides sources for more information. Opinions differ widely concerning the validity of some of the various techniques, and this guidebook attempts to present these opinions without prejudging their validity. In most cases, there are few or no metrics as of yet, to quantitatively evaluate or compare the techniques. This guidebook addresses the value added versus cost of each technique with respect to the overall software development and assurance goals. Without strong metrics, such evaluations are somewhat subjective and should not be taken as the definitive answer. Each technique or analysis should be considered in the context of the specific project.

This guidebook is meant to be more than just a collection of development techniques and analyses. The goal is to encourage the reader to think about software with "an eye for safety." Some familiarity with the NASA methodologies for system safety analysis and software development will assist in following this guidebook, though no experience with either is assumed or required. Acronyms and definitions of terminology used in this guidebook are contained in Appendix B.

Purpose

The purpose of this guidebook is to aid organizations involved in the development and assurance of safety-critical software. Software developers will find information on the creation of safer software, as well as introduction to the NASA process for system (and software) safety. Software safety personnel are given an introduction to the variety of techniques and analyses available for assuring that the software is safer, as well as information on good development practices. Project managers, system safety, software assurance engineers, and systems engineers may also find this guidebook useful. Some knowledge of software development processes is helpful in understanding the material presented in this guidebook.

This guidebook concentrates on software development and acquisition and the associated tasks and analyses. While the focus is on the development of software for safety-critical systems, much of the information and guidance is also appropriate to the creation of mission-critical software. Guidance on the acquisition of software, either commercial off-the-shelf or created under contract, is given in Chapter 12.