[Jlab_software] [Sw_assurance] Help With Software Assurance Scope

[Kelly Mahoney]

Matt,
The intent of the application to security software was meant to address 
cyber security.  What I was going for was for the SW assurance to 
complement, but not supersede cyber security.  What other software 
security did you have in mind?

Kelly

Matt Bickley wrote:
> Kelly Mahoney wrote:
>    <snipped>
>   
>> This procedure only applies to security software configuration items 
>> insofar as the impact ineffective security software controls may 
>> materially affect operations and safety. 
>>     
>
> Kelly,
>     Did you mean the paragraph above to refer to cybersecurity in
> particular, or do you really want to include all security
> software in the scope?
>
> Graham Heyes wrote:
>   
>> As far as FPGAs are concerned they should be exempt in everything except safety interlocks and systems controlling hardware that would cause damage or injury if the FPGA misbehaved.
>>     
>
> I don't agree with Graham.  A QA process doesn't just try
> to protect us from misbehaving software, it also ensures
> that we can maintain and support our software products.  If we
> have an FPGA critical to data acquisition and programmed with code
> that lives on some person's PC (and not backed up), and that person
> leaves the lab, what does the lab do if it needs to be modified?
> Who knows where the code is, or what it does?  A good QA process will
> ensure we have the documentation and data to continue to provide
> support.  Without the QA process the lab would have to start over.
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/jlab_software/attachments/20090730/9d98ede9/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 240 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/jlab_software/attachments/20090730/9d98ede9/attachment.vcf