Develop code to satisfy FDA software validation guidance
When building safety-critical medical device software, implementing early, rigorous detection of critical bugs and security vulnerabilities is a proven best practice for enhancing software reliability while reducing software validation costs. The FDA has issued guidance for proper validation of medical device software in its General Principles of Software Validation.
The guidance applies to any "...software used as components in medical devices, to software that is itself a medical device, and to software used in production of the device or in implementation of the device manufacturer's quality system."
The FDA guidance covers all aspects of software development - everything from requirements and design reviews to software maintenance and retirement. Klocwork addresses the following validation requirements as they relate to the software construction or coding phase:
How Klocwork meets the FDA guidance
Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. Other verification activities include various static and dynamic analyses, code and document inspections, walkthroughs and other techniques.
Klocwork is a leading static code analysis solution providing development teams:
Software quality assurance needs to focus on preventing the introduction of defects into the software development process rather than trying to "test quality into" the software code after it is written. Software testing is limited in its ability to surface all latent defects in code. Software testing by itself is not sufficient to establish confidence that the software is fit for its intended use.
Due to the complexity of software, a seemingly small local change may have a significant global system impact. Whenever software is changed, a validation analysis should be conducted not just for validation of the individual change, but also to determine the extent and impact of that change on the entire software system.
Easily validate the impact of any changes:
Self-validation is extremely difficult. When possible, an independent evaluation is always better, especially for higher risk applications.
Klocwork is used primarily during the coding or construction phase of the software lifecycle:
Code-based testing is also known as structural testing or "white-box" testing. Structural testing can identify "dead" code that is never executed when the program is run.
Klocwork Insight is designed to be used by the developer, at their desktop and supports the identification of multiple forms of dead code including unused code and unreachable code.