Creating Safety Requirements Traceability for Assuring and Recertifying Legacy Safety-Critical Systems

The assurance, reuse, and recertification of legacy safety-critical computer systems are problems affecting government and industry. The assurance and recertification processes involve gathering existing data from such systems, and evaluating how the data aids in meeting the intent of software safety requirements imposed on the systems after the fact. A Software Safety Risk Taxonomy and Software Safety Risk Evaluation (SSRE) process was used in four projects at three NASA Centers for the identification, analysis, consolidation and mitigation of software safety risks associated with meeting only a subset of the requirements of the NASA-STD-8719.13B Software Safety Standard. A Legacy Systems Risk Database was built to manage the projects data and create the traceability between a safety process improvement model (+SAFE), the NASA software safety requirements, the safety taxonomy and software safety risks. This paper describes the steps to perform the SSRE, the initial design of the database showing how the requirements traceability is maintained and some select research study results.