If you've made it this far, you'll probably survive SOUP, too.
SOUP stands for Software of Unknown Provenance. In human language, those are your libraries. Nowadays, these are open-source libraries which you include in your package.json or Gemfile.
But how do you document it?
It depends on your 62304 software safety class again. For class A, it's pretty uncomplicated.
For class B and C, it gets more tricky, so we'll see what needs to be done.
- What to document for each library.
- What to use as "anomaly list" and how to evaluate it.
- How to introduce a risk classification of SOUP
- How to specify SOUP requirements
- How to verify SOUP without doing tests (i.e. writing code) yourself
Finally, I'll explain the point of SOUP documentation while reducing my ranting to a local minimum.