Parasoft solutions for medical device software development feature the following technologies:
- Code analysis configurations that enforce coding best practices according to CWE, OWASP, MISRA and other sources
- Integrated defect prevention, validation and verification
- A continuous, policy-driven compliance process with real-time visibility
- Correlation of all key artifacts, including tests, code and test coverage, requirements, source code, analysis violations, metrics analysis, project tasks, etc. for comprehensive requirements traceability
Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. However, quality software can’t be delivered by testing alone. Quality software is delivered consistently via a solid, repeatable process, which requires an integrated system that assists with defining requirements, ensuring good coding practices and testing effectively. This process needs to be visible, measurable, and — most importantly — repeatable.
The following table matches several FDA principles with Parasoft features and functionalities that help organizations achieve compliance. For the complete index, download the white paper.
A documented software requirements specification provides a baseline for both validation and verification.
The software validation process cannot be completed without an established software requirements specification.
• A system for mapping requirements to development tasks and monitoring the implementation and validation of each requirement.
• An open API and out-of-the-box configurations for the most popular resource management and bug management systems and tools like Excel, Word and MS Project.
• Requirements testing--highlights which requirements need to be tested.
• Requirements traceability correlates requirements to iterations, tasks, code, tests, builds, and artifacts.
• Graphical reporting of requirement status as indicated by developers.
4.2 Defect Prevention
Software quality assurance needs to focus on preventing the introduction of defects into the software development process rather than trying to “test quality into” the software code after it is written.
Software testing is limited in its ability to surface all latent defects in code.
Software testing by itself is not enough to establish confidence that the software is fit for its intended use.
The industry’s most comprehensive automated defect prevention system.
• A proven automated defect prevention system that can be implemented into any software development environment
• Technologies that automate defect prevention practices to ensure their consistent and comprehensive application.
• An automated infrastructure that drives the defect prevention process to ensure that it remains on track and does not disrupt the team’s workflow.
• A system that monitors adherence to defect prevention policies.
• Capabilities include: quality policy management, static code analysis (pattern-based, flow-based, metric-based), automated peer code review, contextual peer code review, unit testing framework, code coverage analysis
4.3 Time and Effort
Preparation of software validation should begin early, i.e., during design and development planning and design input.
• Preconfigured FDA templates.
• A central system that documents and defines requirements, expected tasks, timelines and outcomes — as well as manages by exception to ensure that the project is meeting expectations.
• A continuous, end-to-end quality process that ensures defect prevention and detection tasks are not only deployed across every stage of the SDLC, but also ingrained into the team’s workflow.
• A system that answers in real-time:
-Will I be on time?
-Will I be on budget?
-Will I have the expected functionality?
-Will it work?