Comment:
Migration of unmigrated content due to installation of a new plugin
Tabsetup
0
1. The Requirement
1
2. Rationale
2
3. Guidance
3
4. Small Projects
4
5. Resources
5
6. Lessons Learned
6
7. Software Assurance
Div
id
tabs-1
1. Requirements
Excerpt
4.4.7 The project manager shall provide a software version description for each software release.
1.1 Notes
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
1.2 History
Expand
title
Click here to view the history of this requirement: SWE-063 History
Include Page
SITE:SWE-063 History
SITE:SWE-063 History
1.3 Applicability Across Classes
Applicable c
a
1
b
1
csc
1
c
1
d
1
dsc
1
e
0
f
1
g
0
h
0
Div
id
tabs-2
2. Rationale
A software version description document (VDD) is used to identify and record the exact version of software to be delivered to a user, support, or other sites.
Div
id
tabs-3
3. Guidance
Software systems and work products undergo multiple builds, reviews, and rebuild cycles before reaching a fully operational state. Even then, modifications, error corrections, expanded requirements sets, and even code reuse on other projects result in newer versions of the coded product. The configuration control of these versions, many of which may be used simultaneously on different projects, requires detailed descriptions to assure the correct work is being performed on the released version of interest.
According to ISO/IEC/IEEE 24765:2010 Systems and software engineering--Vocabulary, a version description document is “a document that accompanies and identifies a given version of a system or component ... Typical contents include an inventory of system or parts, identification of changes incorporated into this version, and installation and operating information unique to the version described.”
The Version Description Document (VDD) document is the definitive record of all components of a released software work product, whether it is for internal or external release. The VDD defines a set of dependencies among work products that are part of the complete software release. It describes the contents of a specific software work product release, the methods, and resources needed to re-create the software work product, known changes, uncorrected problems, as well as differences from the prior software release(s). The use of a template for developing the VDD can ease the initial workload required to develop the baseline VDD. The recommendation for the content of a Software Version Description document is defined in the VDD section of 7.18 - Documentation Guidance in this Handbook.
The VDD includes the scheme for the identification and classification of software item records and information items and their versions, how to establish baselines, and version identification and control. The release record identifies, tracks, and controls a configuration item at the time a version (including the baseline version) is released. A VDD document for each release lists the items being delivered, including system and software item versions, traceability to specifications or previous releases, what has been changed, known problems, and workarounds. It may include installation or delivery instructions unique to the version described. Version information may come from the software architecture, the software detailed design, and/or the source code. Problem information may come from inspections, bug tracking, or the results of static analysis. If a version control system is used, to be effective, it will include the date, time, and size of each software work product. The resulting information from running a checksum algorithm may be included for additional identification and control of the software work product.
Each software release version must have a version number associated with it. A "release" consists of all the components and their associated version numbers.
Swerefn
refnum
276
Versioning keeps the changes straight and allows "rollback" to previous versions if a bug is found later in the software life cycle. Versioning is part of software configuration management. It involves archiving the source code and keeping previous versions when a new version is entered into the configuration management system. Because an updated VDD document is released with each version of the software, there may be several VDD documents in circulation if different team members are working on different versions of the software work product. Configuration management and control are necessary for all versions to maintain control and to avoid misinformation.
NASA-specific planning information and resources for the development of the software version description document are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
Additional guidance related to the releasing of the VDD may be found in the work products generated by the following related requirement in this Handbook:
No additional guidance is available for small projects.
Div
id
tabs-5
5. Resources
5.1 References
refstable
Show If
group
confluence-users
Panel
titleColor
red
title
Visible to editors only
Enter the necessary modifications to be made in the table below:
SWEREFs to be added
SWEREFS to be deleted
SWEREFs called out in the text: 276, 573
SWEREFs NOT called out in text but listed as germane: 082, 273, 370
5.2 Tools
Include Page
Tools Table Statement
Tools Table Statement
Div
id
tabs-6
6. Lessons Learned
6.1 NASA Lessons Learned
A documented lesson from the NASA Lessons Learned database notes the following:
Aquarius Reflector Over-Test Incident. Lesson Number 2419
Swerefn
refnum
573
: "The Aquarius reflector was damaged by over-testing during a 2007 test in the JPL acoustic test chamber. The root cause was attributed to a procedural deviation, and the proximate cause was identified as a test control system safing feature that did not activate. This may have been affected by the procedural deviation, but more likely resulted from test control software that had not been updated to the current version. The Aquarius Special Review Board issued a set of recommendations that may help to avoid future over-test incidents ."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
Div
id
tabs-7
7. Software Assurance
Excerpt Include
SWE-063 - Release Version Description
SWE-063 - Release Version Description
7.1 Tasking for Software Assurance
Confirm that the project creates a correct software version description for each software release.
For each software release, confirm that the software has been scanned for security defects and coding standard compliance and confirm the results.
7.2 Software Assurance Products
List of any non-conformances (version description corrections, security defects, coding standard non-conformances) added to a tracking system.
Note
title
Objective Evidence
Software version description data for each software release.
Expand
title
Definition of objective evidence
Include Page
SITE:Definition of Objective Evidence
SITE:Definition of Objective Evidence
7.3 Metrics
# of Cybersecurity vulnerabilities and weaknesses identified
# of Cybersecurity vulnerabilities and weaknesses (Open, Closed, Severity)
Trending of Open vs. Closed Cybersecurity Non-Conformances over time
# and type of vulnerabilities and weaknesses identified by the project
# of Cybersecurity vulnerabilities and weaknesses identified by life-cycle phase
# of Cybersecurity vulnerabilities and weaknesses identified vs. # resolved during Implementation
# of Non-Conformances identified in Cybersecurity coding standard compliance (Open, Closed)
# of planned software requirements implemented in each build vs. # of actual software requirements implemented in each build
# of software units planned vs. # built
The number of open non-conformances identified in release documentation, and security/coding standard compliance scans versus # closed non-conformances.
# of Non-Conformances identified in release documentation (Open, Closed)
7.4 Guidance
Software assurance will confirm that the project maintains a software version description for each software release. Software assurance will check the software version description for correctness and completeness. Topic 7.18 - Documentation Guidance contains a list of what needs to be in a software version description document (VDD). Check to make sure all the items listed are in the release or delivery and that they have the correct version and release numbers. All other materials in the software version description should be present in the release and match the version of the software being released. Typically, if the release is being delivered to an outside group, a physical configuration audit will be done to verify that the documentation and the physical items (software, tools, build instructions, test suites, scripts, etc., and all supporting documentation) match. Software assurance may either perform this audit or participate in it.
Software Assurance also needs to confirm that the software has been scanned for viruses and confirm that no viruses exist in any of the software being released/delivered.
See the software guidance in this requirement for more information on a software version description document VDD - Version Description Document.