This question was asked in one of LinkedIn Groups:
DAL-D requires High level requirements to be verified, but does not require code review. If a Project requires to integrate code from an open source project for a codec or a real time system like linux. How shall this code be considered? DO-178C does not have Objectives on source code, coding standards, or where it comes from. The developer is free to use it.
Shall it be reversed engineered in High level requirements and design? It is best to create corresponding High Level Requirements. DO-178C does not imposes creating design for code, however, it is best engineering practice.
Shall it be stated in the PSAC that some open source code exists as an uncertified COTS? Absolutely, It is highly recommended to document the source of this code, but this is not considered “uncertified” for DAL-D. DO-178C DAL-D executable will have to go through complete testing against all high level tests, therefore, the open source code will be tested; but with no measurable way (e.g. DO-178C structural coverage).
For more information, read some of ConsuNova DO-178C White Papers at: https://www.consunova.com/do178-whitepapers