Transcript of "Parasoft fda software compliance part2"
Parasoft Quality SystemsAutomated Processes for FDA Software Compliance 2011
FDA Verification & Validation “Software validation is accomplished through a series of activities and tasks that are planned and executed at various stages of the software development life cycle” “Developers should use a mixture of methods and techniques to prevent software errors and to detect software errors” Software Testing Static Analysis Dynamic Analysis Code Inspections Walkthroughs Others…Parasoft Proprietary and Confidential
Parasoft Test A Broad set of integrated defect prevention and detection technologies for C, C++, Java, .NET and SOA Automates the validation practices named in the FDAs General Principles of Software Validation, including: Static code analysis - coding standards, data flow, metrics. Dynamic analysis - unit/component testing, integration testing, functional testing, memory error detection, continuous regression testing. Coverage analysis - Multiple coverage metrics Peer review (and document review) process automationParasoft Proprietary and Confidential
Parasoft Test – Static Analysis Pattern-Based Static Analysis Increases productivity by preventing errors Extensive breadth of rules Over 1,700 for C/C++ Over 1,000 for Java Over 700 for .NET Parasoft Test rule quality based on over 20 years of research Graphical interface for custom rule creation and customization Extensive security Ruleset for (PCI, OWASP, Sun Java Security… Flow-Based Static Analysis Find bugs Deep, multi-file path analysis Very low false positives Metrics Analysis Finds complex code prone to errors Directly pinpoints areas of code/application prone to errors Large breadth of metrics availableParasoft Proprietary and Confidential
Implementation of Static Analysis 1 Chose Rulesets and workflow 3 Cross-reference with source 2 Scan Code 4 Deliver ResultsParasoft Proprietary and Confidential
Results within IDE 2 Directly access line of code to fix 3 Check-in 1 Results delivered as uniform view within IDEParasoft Proprietary and Confidential
Parasoft Test – Code Review Automated infrastructure for peer code review Language independent, works in all development environments Ada, Fortan, Perl, SQL, etc… Pre check-in code review Code reviewed prior to check into source Post check-in code review Automatic creation of a code review session for the code checked into source but not reviewed Guarantees 100% code review for new or modified code Full traceability of code review sessions Prioritization and categorization of issues foundParasoft Proprietary and Confidential
Implementation Code Review – Post Check Author1 Check in code 2 Scan and analyze code Reviewer 3 Review code within IDE 4 Review/Suggest changesParasoft Proprietary and Confidential
Parasoft Test – Unit Testing Maintenance of test suites Assertions in unit test suites maintained on a daily basis to keep test suites in-sync Workflow to achieve this is fundamental Automatic creation of unit test cases from code Out of the box coverage 50-60% Ideal for the creation of baseline test suites Support for stubs and mock objects Ability to capture or create repositories of initialized objects ready to be used in unit test cases For embedded systems, execution on target (C/C++)Parasoft Proprietary and Confidential
Parasoft Test – Coverage Analysis Full application analysis Reports combined coverage of executed code as test suites are executed Unit testing coverage analysis Reports combined coverage of entire unit test suite Target execution coverage Reports on both target and host coverage Combined coverage of both unit test suites and functional test suites Multiple types of coverage analysis Line Path Branch Statement More…Parasoft Proprietary and Confidential
Implementation of Unit Testing 1 Creation of unit test cases in IDE (auto or manual) 5 Deliver results within IDE 4 Cross reference 2 Check into Source 3 Execute nightlyParasoft Proprietary and Confidential
Policy Driven Compliance Productivity Verification Traceability More V&V Policies in Part2!Parasoft Proprietary and Confidential
Parasoft Concerto = FDA Compliance A closed-loop process to manage and improve the software development lifecycle Manage By Exception 3 Control the Process Analyze and Improve Manage the Process 1 2 4Parasoft Proprietary and Confidential
FDA ReportsParasoft Proprietary and Confidential
Questions? For More Information… Web: http://www.parasoft.com (Look for FDA Validation) Contact: email@example.comParasoft Proprietary and Confidential
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.