Tagline: When the original developers are retired and the documentation is wrong, the runtime behavior is the specification.

Abstract:
Across NAVSEA, NAVAIR, AFMC, and AFLCMC, there are dozens of programs running COBOL, FORTRAN, C, and Assembly systems where the subject matter experts are retired, the documentation predates modern standards, and the cost of failure is measured in lives and national security. The standard answer, modernize aggressively, adopt commercial tooling, and move fast, is precisely wrong for this class of problem.

This talk presents a case-based decision framework for legacy modernization of mission-critical defense software, one where knowledge recovery precedes coding at every stage. The framework runs in 4 stages: Direct Engineering with operators and maintainers to understand how the system is actually used; Knowledge Recovery Interviews with original developers while they're still accessible; AI-accelerated refactoring with mandatory human validation of every changed behavior; and Incremental Outside-In Delivery that preserves certified behavior at every step.

The framework rests on a principle that distinguishes safety-critical modernization from commercial software replacement: when author interviews aren't feasible, the code's runtime behavior becomes the specification that must be captured, documented, and protected with higher rigor than any requirements document. This reframing changes what pre-work must happen before a single line of production code is modified, and changes what "done" means for a modernization increment.

Attendees will leave with a structured decision tree for assessing whether a legacy modernization program is following an approach proportionate to the risk, and a set of contract oversight questions that expose whether a contractor's modernization methodology is actually safe or merely commercially familiar.

Learning Objectives:
• Identify the 3 most common failure modes in legacy defense software modernization and trace each to a specific process or oversight gap
• Apply the Knowledge Recovery framework to structure pre-work before any code changes are authorized on a mission-critical system
• Understand the role of characterization testing as a safety net, and how to evaluate whether a contractor's test coverage is adequate to protect certified behavior
• Distinguish between modernization approaches appropriate for commercially-derived systems versus those required for safety-certified, operationally-constrained military systems
• Use repository forensic analysis, including change frequency, ownership history, and abandonment indicators, to identify high-risk modules before work begins

Target Audience:
Program managers and systems engineers at NAVSEA, NAVAIR, Space Systems Command, and AFMC managing legacy weapon system software upgrades. Also relevant to DCMA software quality assurance representatives and contracting officers overseeing legacy modernization contracts.

Format:
50-minute talk with 10-minute Q&A. Case study format with decision framework artifacts provided as handout material.