Posts Tagged ‘Software Compliance’

  • Software Tool Validation for the FDA

    on Sep 14, 10 • by Brendan Harrison • with No Comments

    Software Tool Validation for the FDA

    We get many questions from medical devices customers on how they should validate the use of Klocwork’s static analysis tools for the FDA. I suspect the situation would be similar for most vendors of software development tools. As we’ve done before, we thought it would be a good idea to ask Bruce Swope from SterlingTech Software to clarify this whole topic for us. [Brendan] First, what is tool validation? [Bruce] Tool validation is the act of demonstrating that a tool will consistently produce expected results. [Brendan] How can a medical device company know whether they

    Read More »
  • The Alphabet Soup of Software Security Guidelines

    on Jun 15, 10 • by Todd Landry • with 5 Comments

    The Alphabet Soup of Software Security Guidelines

    With the recent story that the iPad has inherent security vulnerabilities, I thought it might be an appropriate time to delve into the world of software security guidelines…but I must warn you, this blog will contain an abnormal amount of acronyms, and may not be suitable for all audiences. When talking about software security guidelines, there are really 5 or 6 organizations that are leading the charge, and they include: -          OWASP -          SANS Institute -          MITRE -          PCI Security Standards Council -          SEI Let’s first look at OWASP. OWASP stands for Open Web Application

    Read More »
  • MISRA rules that don’t make sense

    on May 13, 10 • by Alen Zukich • with 3 Comments

    Previously I posted the value of using coding standards, specifically MISRA C and MISRA C++.  This time I wanted to go through some general experiences we had with some of the checkers, specifically the ones that seem to throw a lot of violated rules, to the point that on some code bases MISRA flagged more than one error per LOC! There are still tons of great rules you can apply even if you don’t make an embedded product.  But as I said before, it doesn’t make sense to turn on all the MISRA rules.  After

    Read More »
  • MISRA – More Irrelevant Software Requirements Again

    on Mar 30, 10 • by Alen Zukich • with 4 Comments

    What is MISRA? More Irrelevant Software Requirements Again…uh no but certainly the sentiment of many developers.  MISRA (Motor Industry Software Reliability Association) is a coding standard, which first released MISRA C in 1998 and has since been revised.  Obviously, this came out of the automotive sector with a clear focus on helping software systems to be more reliable and maintainable. MISRA has since grown.  Now you see more and more industries adopting these standards.   In 2008, MISRA released the C++ equivalent standard.  So the obvious question is, should I apply this to my software source

    Read More »
  • Code metrics

    on Feb 23, 10 • by Alen Zukich • with No Comments

    Just came across this post about the 5 code metrics you need to watch.  I thought it was worth mentioning as I just blogged about this below (including something similar a while back).  These are interesting metrics and more high level, but certainly important.  I like labeling duplicated code as something important.  I think we often forget how much we reuse code and have the same mistakes in many places

    Read More »
  • Software metrics for the developer

    on Feb 23, 10 • by Alen Zukich • with No Comments

    In a previous post, I talked about different types of metrics and how they can apply.  These were mostly focused on a system level and provided insight into system complexity from  release to release or build after build.  Now, let’s take a look at some other metrics and how they can be used effectively with the developers. There are literally hundreds of metrics you can measure, so what is really important?  That’s a tough question because it depends on your organization.  Perhaps you have some coding standards in place or simply want to measure some

    Read More »
  • The Joy of… Code Review (part 2)

    on Jan 28, 10 • by Gwyn Fisher • with 1 Comment

    The Joy of… Code Review (part 2)

    Part II – Joy is the word… OK, so Grease is really the word, but it didn’t fit my theme, gimme a break… Anyway, back on topic, since Joy of code review – part one of this series was published last year we’ve seen our new code review product in action in a variety of customer and prospect situations, and much like the eponymous hair product in the musical mentioned above, what we thought of as an interesting twist on an existing paradigm has turned into a bit of a barn burner. I refer, in

    Read More »
  • Software metrics for measuring quality

    on Jan 26, 10 • by Alen Zukich • with 2 Comments

    How do you measure your software?  There are simple metrics that help with quality, such as keeping track of the number of bugs or security vulnerabilities in your system.  Trending these metrics is a no-brainer. When trending is in place, action can be taken because everyone knows 6 security vulnerabilities is worse than 5.  But what about other types of software metrics (and there are many)?  Have you ever heard of a maintainability metric? Halstead program volume? McCabe cyclomatic complexity?  Coupling/Cohesion?  The question becomes what do you do with these metrics and are they valuable

    Read More »
  • Compiler warnings, Coding standards, Code quality…oh my! (Part 3)

    on Jan 12, 10 • by Alen Zukich • with No Comments

    In my previous blog post, we talked about the value of compiler warnings and reasons to have source code analysis. Now, I’d like to get into the value of coding standards and touch on how you can fit this altogether. Coding standards are a set of rules or guidelines usually created as part of an industry. The goal is simple, provide guidelines, so you can create better code and increase your code quality. Probably the most common coding standard I run into is called MISRA C. This is a standard created for C code in

    Read More »
  • Developing Software for Medical Devices – Interview with SterlingTech

    on Jan 5, 10 • by Brendan Harrison • with 8 Comments

    Developing Software for Medical Devices – Interview with SterlingTech

    I had a chance to speak with Bruce Swope, the VP of Engineering at SterlingTech, an ISO13485 Registered full-service medical device software organization offering software development and validation services. SterlingTech has developed software for an array of medical products including implantable devices as well as external support and monitoring equipment. Their team has worked on Class I, II, and III devices that resulted in successful FDA 510(k)s, PMAs, and CE submissions. Bruce has extensive experience in medical device software development and he is an expert in leading Class III medical software products to commercial release. His depth

    Read More »
Scroll to top