Posts Tagged ‘Software Compliance’

  • Klocwork 2016 receives ISO 26262 / IEC 61508 certification

    on May 3, 16 • by Shashank Bommaganti • with No Comments

    FDA Tool Validation

    Details on the ISO 26262/IEC 61508 certification for the Klocwork 2016 release

    Read More »
  • Upcoming webinar: How to reduce automotive software development risk

    on Sep 18, 14 • by Roy Sarkar • with No Comments

    Security testing essential for automotive app development

    Avoiding hacks, wrecks, and recalls is the job of every automotive software development team out there … yet few know how to do it. Organizations are under increasing pressure to deliver code that’s compliant to standards, protected from security threats, and free of defects that could result in expensive recalls or loss of consumer trust. To keep pace, traditional testing methods are falling by the wayside in favor of leaner, more effective techniques that get your software verified and validated faster. Join us on Tuesday, September 30th for our “How to reduce automotive software development

    Read More »
  • Software Tool Validation for the FDA

    on Sep 14, 10 • by Brendan Harrison • with No Comments

    Open source and medical devices

    We get many questions from medical devices customers on how they should validate the use of Klocwork’s static analysis tools for the FDA. I suspect the situation would be similar for most vendors of software development tools. As we’ve done before, we thought it would be a good idea to ask Bruce Swope from SterlingTech Software to clarify this whole topic for us. [Brendan] First, what is tool validation? [Bruce] Tool validation is the act of demonstrating that a tool will consistently produce expected results. [Brendan] How can a medical device company know whether they

    Read More »
  • The Alphabet Soup of Software Security Guidelines

    on Jun 15, 10 • by Todd Landry • with 5 Comments


    With the recent story that the iPad has inherent security vulnerabilities, I thought it might be an appropriate time to delve into the world of software security guidelines…but I must warn you, this blog will contain an abnormal amount of acronyms, and may not be suitable for all audiences. When talking about software security guidelines, there are really 5 or 6 organizations that are leading the charge, and they include: –          OWASP –          SANS Institute –          MITRE –          PCI Security Standards Council –          SEI Let’s first look at OWASP. OWASP stands for Open Web Application

    Read More »
  • MISRA rules that don’t make sense

    on May 13, 10 • by Alen Zukich • with 7 Comments

    Previously I posted the value of using coding standards, specifically MISRA C and MISRA C++.  This time I wanted to go through some general experiences we had with some of the checkers, specifically the ones that seem to throw a lot of violated rules, to the point that on some code bases MISRA flagged more than one error per LOC! There are still tons of great rules you can apply even if you don’t make an embedded product.  But as I said before, it doesn’t make sense to turn on all the MISRA rules.  After

    Read More »
  • MISRA – More Irrelevant Software Requirements Again

    on Mar 30, 10 • by Alen Zukich • with 4 Comments

    What is MISRA? More Irrelevant Software Requirements Again…uh no but certainly the sentiment of many developers.  MISRA (Motor Industry Software Reliability Association) is a coding standard, which first released MISRA C in 1998 and has since been revised.  Obviously, this came out of the automotive sector with a clear focus on helping software systems to be more reliable and maintainable. MISRA has since grown.  Now you see more and more industries adopting these standards.   In 2008, MISRA released the C++ equivalent standard.  So the obvious question is, should I apply this to my software source

    Read More »
  • Code metrics

    on Feb 23, 10 • by Alen Zukich • with No Comments

    Just came across this post about the 5 code metrics you need to watch.  I thought it was worth mentioning as I just blogged about this below (including something similar a while back).  These are interesting metrics and more high level, but certainly important.  I like labeling duplicated code as something important.  I think we often forget how much we reuse code and have the same mistakes in many places

    Read More »
  • Software metrics for the developer

    on Feb 23, 10 • by Alen Zukich • with No Comments

    In a previous post, I talked about different types of metrics and how they can apply.  These were mostly focused on a system level and provided insight into system complexity from  release to release or build after build.  Now, let’s take a look at some other metrics and how they can be used effectively with the developers. There are literally hundreds of metrics you can measure, so what is really important?  That’s a tough question because it depends on your organization.  Perhaps you have some coding standards in place or simply want to measure some

    Read More »
  • The Joy of… Code Review (part 2)

    on Jan 28, 10 • by Gwyn Fisher • with 1 Comment

    10-24-2012 2-16-09 PM

    Part II – Joy is the word… OK, so Grease is really the word, but it didn’t fit my theme, gimme a break… Anyway, back on topic, since Joy of code review – part one of this series was published last year we’ve seen our new code review product in action in a variety of customer and prospect situations, and much like the eponymous hair product in the musical mentioned above, what we thought of as an interesting twist on an existing paradigm has turned into a bit of a barn burner. I refer, in

    Read More »
  • Software metrics for measuring quality

    on Jan 26, 10 • by Alen Zukich • with 2 Comments

    How do you measure your software?  There are simple metrics that help with quality, such as keeping track of the number of bugs or security vulnerabilities in your system.  Trending these metrics is a no-brainer. When trending is in place, action can be taken because everyone knows 6 security vulnerabilities is worse than 5.  But what about other types of software metrics (and there are many)?  Have you ever heard of a maintainability metric? Halstead program volume? McCabe cyclomatic complexity?  Coupling/Cohesion?  The question becomes what do you do with these metrics and are they valuable

    Read More »
Scroll to top