Guide
Software release at NASA is governed by NPR 2210.1C. This document establishes roles, responsibilities, and procedure for reporting and evaluating software for various release scenarios, including release as open source software. Every center has a Software Release Authority (SRA). This individual processes requests for software release and coordinates legal, export control, IT security, and software engineering standards compliance reivew. Projects considering software release should contact their SRA early to discuss their goals and begin the reporting and review process. The SRAs at each center are as follows:
| Center | Name | Title | Phone | |
|---|---|---|---|---|
| ARC | Martha Del Alto | SRA | 650.604.4865 | martha.e.delalto@nasa.gov |
| ARC | Kim Chrestenson | SRA Alternate | 650.604.5063 | kim.l.chrestenson@nasa.gov |
| DFRC | Stephanie Allison | SRA | 661.276.3321 | stephanie.n.allison@nasa.gov |
| DFRC | Elizabeth Newcamp | SRA Alternate | 661.276.3368 | elizabeth.d.newcamp@nasa.gov |
| GRC | Laurie Stauber | SRA | 216.433.2820 | laurel.j.stauber@nasa.gov |
| GRC | Jason Hanna | SRA Alterante | 216.433.6731 | jason.m.hanna@nasa.gov |
| GSFC | Nona K. Cheeks | SRA | 301.286.5810 | nona.k.cheeks@nasa.gov |
| GSFC | Dale Hithon Clarke | SRA Alternate | 301.286.2691 | dale.l.clarke@nasa.gov |
| HQ | Leslie Cahoon | Co-SRA | 202.358.1653 | leslie.a.cahoon@nasa.gov |
| HQ | Liteshia Dennis | Co-SRA | 202.358.4778 | liteshia.b.dennis@nasa.gov |
| JPL | Mark James | SRA | 818.354.8488 | mark.james-1@nasa.gov |
| JSC | Jane Fox | SRA | 281.483.4815 | jane.i.fox@nasa.gov |
| JSC | Kathy Acuna | SRA Alternate | 281.483.2066 | kathryn.y.acuna@nasa.gov |
| KSC | Roger Liang | SRA | 321.861.2224 | roger.h.liang@nasa.gov |
| KSC | Lew Parrish | SRA Alternate | 321.867.5033 | lewis.m.parrish@nasa.gov |
| LaRC | Stuart Pendleton | SRA | 757.864.2943 | stuart.e.pendleton@nasa.gov |
| MSFC | Evelyn Hill | SRA | 256.544.7117 | evelyn.hill@nasa.gov |
| SSC | Joseph Grant | SRA | 228.688.2103 | joseph.grant-1@nasa.gov |
| SSC | John Lansaw | SRA Alternate | 228.688.1962 | john.lansaw-1@nasa.gov |
The initiation of a software release is marked by capturing and submitting a description of the software to be released, the individuals involved in its creation, development timeline, available documentation, and related topics. Depending on center procedures, this information may be captured via electronic form, standard paper form, or other local supplementary forms. Contact your SRA for the specific procedure at your center.
Every software release is unique and must be addressed specifically. Generally speaking, however, the following considerations follow every release:
- Licensing. Software is rarely developed in isolation. If your project makes use of external dependencies, such packages or sources must be characterized, their associated licensing identified, and the manner in which the software is used determined. The terms and conditions governing external software impact NASA’s rights to use and release software, and must be well understood before release. Additionally, the license under which the software sought to be released will be made available must be determined. Per NASA policy, the NASA Open Source Agreement is used unless another license is necessary, such as to conform with prevailing community norms, to encourage external collaborator participation, reduce cost, license term compatibility, and related concerns. Such determinations are made by your local center intellectual property counsel. Export Control. The International Traffic in Arms Regulations, among other laws and policies, restrict which NASA technology may be publicly disclosed. Software falling within the scope of these laws or policies may not be releasable, or may be subject to release restrictions. Your local export control staff can help you determine whether export control laws apply to your technology.
- Export Control. The International Traffic in Arms Regulations, among other laws and policies, restrict which NASA technology may be publicly disclosed. Software falling within the scope of these laws or policies may not be releasable, or may be subject to release restrictions. Your local export control staff can help you determine whether export control laws apply to your technology.
- IT Security. Generally speaking, released software should not contain any information peculiar to NASA, such as user names, passwords, database credentials, IP addresses, host names, firewall and network information, or any other data which would expose or create vulnerabilities. Your SRA and IT Security staff will help you understand the types of risks occasioned by software release, and will work with you to remove elements of your software which may give rise to a vulnerability prior to release.
- Software Engineering Requirements. NASA has established formal software engineering requirements in NPR 7150.2A. These requirements govern all software development activities and must be adhered to through a project’s development life cycle. As part of the software release process, your SRA and local Chief Engineer’s Office will work with you to verify (or establish) your software classification and ensure compliance with the corresponding engineering requirements prior to release. For this area of inquiry in particular it is best to front load compliance by adhering to the software engineering requirements with a documented compliance matrix from the outset. Otherwise, you may incur significant delay and expense in obtaining compliance prior to release.
Depending on the number of projects being assessed for release at any given time general workloads and backlogs, traversing the release process can take anywhere from 3 to 6 months. The process may take longer for complex or novel release requests. Be sure to factor these time tables (on consultation with your SRA) into your project schedules.