In today’s connected economy, more and more systems are controlled by software-based systems. These systems provide functions ranging from basic to highly sophisticated, from applications such as basic servo actuation in a public water delivery system to crash avoidance systems in the latest generation of automobiles to robotic surgery systems.
Given these increased needs, demands, and their associated safety and security requirements, many industry vertical applications have created development best practices, guidelines, and certification processes. Today, several secure coding standards have been adopted by various industries, including the following: DO-178B/C (Aerospace), IEC 61508 and IEC 62443 (Industry / Energy), ISO 26262 (Automotive), and IEC 62304 (Medical).
Central to each of these secure coding standards is the security, risk, and safety of software. The risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity. The risk is reduced to a tolerable level by applying secure coding best practices, the elimination of defects/warnings that can increase likelihood, and safety functions which may consist of E/E/PES and/or other technologies.
Static analysis is a crucial capability in supporting all standards. Static analysis simplifies the enforcement of coding standards across teams, improving the overall compliance for a required certification standard and quality of the code. CodeSecure helps teams:
- Build the necessary skills and understanding of the certification process through training and coaching.
- Implement automated enforcement through the deployment of CodeSonar.
- Support the documentation requirements of code analysis, supporting standards that include
CodeSecure’s Software Certification solution helps your team meet the most rigorous safety and security requirements.