Weapon System Explosives Safety Review Board Software Systems
Weapon System Explosives Safety Review Board Software Systems Safety Technical Review Panel Douglas J. Bower NAVSEA Dahlgren Chairman
Topics • • SSSTRP Background Review Criteria Areas of Particular Concern Summary 2
SSSTRP Background • Established by WSESRB in Aug 1991 to review safety programs for software only or software intensive systems – Provide more thorough review than possible in regular WSESRB format – Assemble technical experts to review the software safety program and products – Reduces burden on WSESRB – Focus needed attention on software 3
Review Criteria • Types of Review – Meeting Review • Data Package and Presentation • Minimum of 3 government panel members – Letter Review • Data Package Only • Requires 3 government reviewers (except action item closure) • When are SSSTRP reviews required? – Functional/Design modification to software – Changes to safety related software (STR fix) • When are SSSTRP reviews NOT required? – Changes to non-safety related software (STR fix) • SSSTRP should be informed of changes, change scope, and new build number 4
Areas of Particular Interest • Interaction between safety program and system and software development – Systems Engineering – Software CM • SCCB • Change Review Board – SQA – Software Testing at all levels • Code & Unit Test • FQT • System Integration 5
Areas of Particular Interest • Safety Organization – Who and What – Relationship with program office • Generic Requirements – STANAG 4404 – Ada MITRE Guidelines – Safer “C” – Standards and Directives – Joint Software Systems Safety Handbook 6
Areas of Particular Interest • Operating Systems and Environments, Middleware – Which are being used? – Accessible by user? – Sufficient isolation of safety critical components? – Analysis and Test program • Original Development • Upgrades to O/S and O/E – Configuration Management 7
Areas of Particular Interest • COTS and NDI – What products are used – Safety Criticality – Analysis and test program – Isolation from safety critical applications – Configuration Management • How are upgrades and changes evaluated – Address throughout lifecycle 8
Summary • The SSSTRP provides a valuable resource and service to the WSESRB – Not relied upon to extent possible • Focuses needed attention on the potential risk of software in the system context • Serves as a valuable resource to other services and countries 9
Summary • SSSTRP review process has resulted in: – Development of new, innovative processes and techniques – Higher quality and safer software in Navy applications • Reviews have shown many areas requiring safety program guidance: – – – Operating system and environment selection COTS/GOTS/NDI guidelines Language selection criteria Open Systems Architecture Firmware, FPGAs, … 10
- Slides: 10