NASA uses thousands of unique software products from hundreds of vendors in its efforts to advance science, technology, aeronautics, earth studies, and space exploration. Each software application and program comes with a license—a contract between the entity creating or supplying the software and the end user. Managing software licensing is deceptively complex due to the sheer volume of software vendors and applications, yet crucial to effectively securing NASA operations.
In this report, the Inpector General assesses whether NASA is managing its software assets in an effective and efficient manner while maintaining compliance with applicable requirements and security best practices. This included analyzing documentation relevant to NASA’s software management activities, assessing NASA’s centralized software asset management program, and discussing internal software development activities with responsible officials.