Software Lifecycle Integrated Compliance Keeper (SLICK)
The Missile Defense Agency (MDA) mission uses software to defend friends and allies from missile attacks. To ensure that software works as it should and that designs are as secure as possible, the agency publishes an extensive set of guidelines—the MDA Assurance Provisions (MAP)—for developers to follow.
The process of ensuring that software meets MAP guidelines can be complex. To overcome these challenges, Charles River developed a Software Lifecycle Integrated Compliance Keeper (SLICK), which integrates with the software development environment, automatically verifying whether source code is MAP compliant.
SLICK has three components:
- A rules definition framework that includes machine-readable MAP compliance rules
- A compliance monitor that ensures these rules are followed
- A context-aware compliance recommender that makes recommendations for corrections with minimum workflow disruption
SLICK demonstrated its capabilities by making compliance rules machine readable and developing a plug-in tool for Eclipse, a Java development platform, for real-time monitoring of MAP compliance.
“By reducing some of the tedious work related to manual code inspection, SLICK cuts time spent on software quality assurance and decreases errors. At the same time, it keeps quality assurance engineers in the loop. We’re not replacing the developmental operations engineer or code reviewers but making them more productive and empowering them with this tool.”
Scientist and Principal Investigator on SLICK
SLICK is well suited to the blistering pace of today’s agile software development cycles. “By shifting code-reviewing to the left and also semiautomating the process, it maintains the spirit of agile development in that you can push out features as quickly and with as good quality as possible,” Lu says.
SLICK stands apart from its competitors by including a human cognitive model in its recommender engine. Instead of highlighting every single compliance violation, which can frustrate developers and interrupt their process, SLICK takes developer behavior into consideration. It highlights only those errors that are missed within the context of the current workflow. “Over time, developers who fix the same noncompliance errors over and over again might also learn to make fewer of those mistakes,” Lu says.
Commercialization possibilities extend to verticals like cybersecurity and to turning SLICK into a general-purpose plug-in for additional integrated development environments (IDEs) like PyCharm (for Python programming) and Visual Studio.
Lu says that the move toward expanding program analysis capabilities has been gaining traction at Charles River. “Better tools for building better software are going to be critical,” Lu says. “They will be essential for building better artificial intelligence and machine learning tools in the future.”
This material is based upon work supported by the Missile Defense Agency under Contract No. HQ0860-22-C-7005. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Missile Defense Agency.