FDA, PCI, DO-178B, JSF, MISRA, and more

Language

FDA, PCI, DO-178B, JSF, MISRA, and more - Compliance tools

Parasoft's integrated compliance solution is the most comprehensive available–automating all mandated software validation practices from static analysis, to peer code review, to dynamic testing, to coverage analysis and regression testing.

With 20+ years of experience helping over half of the Fortune 500 companies incorporate these practices into their environments, Parasoft knows what it takes to rapidly bring organizations into compliance with quality and security regulations and evolve a sustainable process for continued compliance.

In addition to addressing organization-specific initiatives and policies, Parasoft offers rapid implementation packages for:

FDA
PCI DSS
OWASP
CWE/SANS
SAMATE
DO-178B
ISO/IEC Automotive
MISRA
JSF
Web Accessibility (Section 508, WAI, WCAG)
Outsourcing SLAs

Policy establishment, application, and monitoring	Parasoft's policy-based approach establishes the organization's expectations for quality, leverages an automated infrastructure to ensure consistent, unobtrusive policy application, and automatically monitors policy compliance for visibility and auditability. Parasoft's unique automated infrastructure orchestrates both automated and manual compliance tasks and tracks the execution of all policy-based tasks, analyses, and approvals/sign-off tasks.
Multiple, complementary technologies	Parasoft provides out-of-the-box automation of the key validation practices named in FDA, PCI DSS, DO-178B and other key regulations, including: Static code analysis - coding standards, data flow, metrics. Dynamic analysis - unit/component testing, integration testing, functional testing, memory error detection, coverage analysis, continuous regression testing, requirements-based testing, change-based testing. Peer code review (and document review) process automation.
Prevent defects and reduce development cycles	Regulations such as FDA and PCI DSS recommend preventing the introduction of defects rather than trying to "test quality into" the software code after it is written. Parasoft is the industry leader in defect prevention–we wrote the book on it (Automated Defect Prevention, Wiley-IEEE, 2007).
20 years of experience establishing sustainable, repeatable, predictable quality processes	The Parasoft approach has evolved over our 20 years in business. With experience helping 58% of the Fortune 500 companies implement a broad range of validation and verification practices, Parasoft knows what it takes to ensure adoption and establish a sustainable, repeatable, and predictable process.
Continuous compliance process integrates into the workflow and across the SDLC	Parasoft establishes a continuous compliance process that ensures compliance tasks begin early and are deployed across every stage of the SDLC, as recommended by the FDA and PCI DSS. We've learned that even the best tool eventually becomes shelfware if it is not integrated into a sustainable process. To ensure that the compliance process remains on track and does not disrupt project progress, Parasoft ingrains compliance tasks into the team's existing workflow and automates them so team members can focus on tasks that truly require human intelligence.

SOA / Web services

Java

C/C++

.NET languages (C#, VB.NET, ASP.NET, Managed C++)

XML

WSDL

SOAP

PoX (Plain XML)

REST

JSON

BPEL

Web Applications

RIA

AJAX

JSP

JavaScript

VBScript/ASP

HTML

CSS

Multiple Message Protocols

WS-* Standards

UDDI

WSIL

MTOM(XOP) / MIME / DIME Attachments

HTTP 1.0, 1.1

HTTPS

TCP/IP

SMTP

.NET WCF (TCP, HTTP, WS Transaction Flow)

JMS

IBM MQ

Sonic MQ

TIBCO Rendezvous

EJB

RMI

CORBA

[+] FDA

Parasoft supports FDA compliance by:

Learn More

Read our white paper "Achieving FDA Compliance with Parasoft Quality Solutions" for specific details about how Parasoft supports FDA General Principles of Software Validation sections 3, 4, and 5.

Get more details about our specific capabilities for C/C++, Java, and .NET languages.

[+] PCI DSS

Parasoft supports PCI DSS section 6 compliance by:

Providing out-of-the-box checking for the security issues referenced in PCI DSS section 6: The solution is configured to deliver an instant assessment of compliance with PCI DSS section 6 security guidelines. This enables teams to rapidly assess the level of compliance–without spending time reading the PCI DSS specification and determining how the requirements translate to code.
Establishing an automated process that integrates security throughout the SDLC: Audits are necessary, but true success in application security requires an in-line process to prevent security vulnerabilities and ensure that the application adheres to the organization's security policy. Our automated infrastructure makes security policy application, management, and monitoring an unobtrusive part of the team's existing workflow–from the start of the SDLC. Problems are reported as they emerge, so they can be resolved when it is fastest, easiest, and least costly to do so.
Facilitating issue remediation, not just issue detection: Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing more secure code as a matter of habit. Moreover, through integration with the development infrastructure, results are correlated with requirements, bugs, and source code changes–converting data into actionable information.
Delivering extensive reporting for documentation and process improvement: Our centralized reporting system provides real-time visibility into overall security status and processes, documents improvements, and helps you determine what additional actions are needed to safeguard security.

Learn More

Review our special packages for PCI DSS Compliance.

Read our white paper "Achieving PCI DSS 6 Compliance with Parasoft Quality Solutions" for specific details about how Parasoft supports PCI DSS.

To learn more about our security capabilities, visit our Security Solution page.

[+] DO-178B

Parasoft supports DO-178B compliance by providing an automated method for attaining and documenting the high code coverage required.

To help teams rapidly achieve high coverage, Parasoft automatically generates complete tests, including test drivers and test cases for individual functions and methods. These tests are used for initial validation of the functional behavior of the code. By using corner case conditions, these automatically-generated test cases also check function responses to unexpected inputs, exposing potential reliability problems. To expand test coverage, tests can be parameterized using data sources or extended by hand.

A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps users gauge test suite efficacy and completeness, as well as demonstrate satisfaction of coverage requirements. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details. Back tracing from coverage elements to the corresponding test cases enables users to analyze test results and extend the test cases for better coverage, with higher efficiency. Moreover, data from unit, component, and manual testing can be combined for cumulative coverage reporting. This includes interactive visualization and analysis in the code browser, as well as automatic generation of comprehensive coverage reports.

Learn More

Visit our C/C++ Quality Solution page.

[+] ISO/IEC Automotive

ISO/IEC Automotive - ISO/DIS 26262 & ASIL, IEC 61508 & SIL

Parasoft helps automotive software development teams meet the SOP for embedded software development and achieve compliance to techniques/measures required and recommended in:

ISO/DIS 26262, the adaptation of IEC 61508 to comply with needs specific to the application sector of E/E systems within road vehicles.
Automotive Safety Integrity Levels (ASIL)–as defined by the ISO/DIS 26262 standard.
Safety Integrity Levels (SIL)–as defined by the IEC 61508 standard.

Parasoft's broad range of automated analysis types–including coding standards compliance analysis, data and control flow analysis, unit testing, application monitoring, workflow components, and automated peer code review process–together with the configurable test reports containing high level of details, significantly facilitates the work required for the software verification process.

For details on how Parasoft addresses these functional safety standards, see the following papers:

[+] MISRA

Parasoft provides out-of-the box checking for the MISRA C, MISRA C 2004, and MISRA C++ 2008 standards. The solution is configured to deliver an instant assessment of compliance with the various MISRA guidelines.

To promote fast remediation, each MISRA violation detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a rule description. Every rule description provides a description of the rule rationale and benefits, a sample violation, an explanation of how to correct the violation, and a demonstration of how to correct the sample violation.

Learn More

Visit our C/C++ Quality Solution page.

[+] JSF

Parasoft provides out-of-the box checking for the Joint Strike Fighter, Air Vehicle, C++ Coding standards.

To promote fast remediation, each JSF violation detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a rule description. Every rule description provides a description of the rule rationale and benefits, a sample violation, an explanation of how to correct the violation, and a demonstration of how to correct the sample violation.

Learn More

Visit our C/C++ Quality Solution page.

[+] Ellemtel

Parasoft provides out-of-the box checking for the C++ coding rules from Ellemtel (Swedish Telecom) by Mats Henricson and Erik Nyquist.

To promote fast remediation, each Ellemtel violation detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a rule description. Every rule description provides a description of the rule rationale and benefits, a sample violation, an explanation of how to correct the violation, and a demonstration of how to correct the sample violation.

Learn More

Visit our C/C++ Quality Solution page.

[+] SAMATE

Parasoft provides automated identification of SAMATE Annex A source code weaknesses in high-complexity C, C++, and Java code–as well as additional programming languages (.NET languages, JavaScript, XML, etc.).

Context-sensitive suppressions allow teams to prevent rules from firing under specific circumstances where they do not apply. This reduces the level of noise, ensuring that every violation reported is a real problem that should be fixed. Suppressions can be defined in the code to ensure they are always visible when code is reviewed and modified.

To promote fast remediation, each source code weakness detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE. These results provide a textual description of the precise weakness location, as well as direct links to the problematic code and a rule description. Every rule description includes an explanation of the rule rationale and benefits, a sample violation, an explanation of how to correct the violation, and a demonstration of how to correct the sample violation. In addition, results are available in XML, PDF, HTML and custom format reports.

Learn More

Visit our C/C++, Java, .NET, and SOA Quality Solution pages.

[+] Web Accessibility

Parasoft SOA Quality Solution streamlines the accessibility validation process by automatically identifying code that positively or possibly violates Section 508, WAI, and WCAG 2.0 Web accessibility guidelines. During its automated audit. the solution checks whether Web interfaces comply with core accessibility guidelines and helps you identify code and page elements that require further inspection and/or modification.

To promote fast remediation, each accessibility violation detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a rule description. Every rule description provides a description of the rule rationale and benefits, a sample violation, an explanation of how to correct the violation, and a demonstration of how to correct the sample violation.

Learn More

Read our white paper "Verifying Section 508 and WAI WCAG Web Accessibility Requirements" which explains how Parasoft facilitates compliance with Section 508 and WAI WCAG web accessibility guidelines.

Visit our SOA Quality Solution page.

[+] Security

Parasoft's Application Security Solution establishes a continuous process that ensures security verification and remediation tasks are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow. The solution automatically monitors policy compliance at all layers of the application stack, identifies vulnerabilities, and collects process metrics.

Developers secure code by simply responding to the reported tasks. To promote rapid remediation, each security issue detected is prioritized, automatically distributed to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code.

Management gains real-time visibility into overall security status and processes, which allows teams to document improvements as well as determine what additional actions are needed to safeguard security.

Learn More

Visit our Security Solution page.

[+] Outsourcing SLAs

The greatest challenge of outsourced or distributed development is how to ensure that high-quality, flexible code is delivered promptly and predictably–regardless of obstacles such as communication barriers, different development environments, and team turnover. Developers might implement code based on a misunderstanding of your requirements and quality policies. The outsourcer's status estimations might be inaccurate or untruthful. Or, the code might be completed on time, but require tremendous rework. These and other headaches can be prevented by establishing a process that ensures code is developed according to your expectations, using an automated infrastructure to drive this process, then actively monitoring the developers' adherence to the process.

Parasoft delivers the visibility and consistency needed to reduce the risks of outsourcing and geographically-distributed development. An automated framework manages software verification methods to ensure that all software development activities meet your expectations, which are defined as SLA requirements. This enables a consistent workflow that reduces downstream rework. Moreover, reports provide objective, real-time information about code quality, requirement implementation status, and the process being used to build and test the code. The system alerts you to issues as they emerge so you can address them before they impact deadlines or budgets.

Learn More

Visit our Outsourcing Solution page.

[+] Custom

Many organizations attempt to implement quality initiatives by introducing software verification methods such as unit testing, peer code review, or static analysis, but find that their efforts eventually decay as schedule/budget pressures emerge, policies and projects evolve, and employees come and go. The few organizations that enjoy long-term success are the ones that make quality an integral part of their day to day workflow.

To help organizations ensure adoption and establish a sustainable, repeatable, and predictable process, Parasoft ingrains compliance tasks into the team's application development process. As developers write code, our automated infrastructure monitors the team's compliance to the organization's policies for ensuring that quality is built into the code and maintained in response to changing business needs. This can include static analysis, peer code review, unit and component testing, and regression testing. To ensure that the compliance process remains on track and does not disrupt project progress, Parasoft automates and optimizes the workflow so team members can focus on tasks that truly require human intelligence.

Learn More

Visit our C/C++, Java, .NET, and SOA Quality Solution pages.

[+] CWE/SANS

Parasoft provides out-of-the box checking for code that is vulnerable to the CWE/SANS Top 25 Most Dangerous Programming Errors.

[+] OWASP

Parasoft provides out-of-the box checking for code that is vulnerable to the OWASP Top 10 most critical web application security flaws.

White Papers

Success with Static Analysis for Security: Why Code Audits Fail
Explains why and how to apply static analysis tools in the context of a policy-based security process that not only prevents security vulnerabilities, but also focuses on SDLC productivity.
Achieving FDA Compliance with Parasoft Quality Solutions
Details how Parasoft supports FDA General Principles of Software Validation sections 3, 4, and 5.
Achieving PCI DSS 6 Compliance with Parasoft Quality Solutions
Details how Parasoft reduces the time and cost of PCI DSS compliance.
Static Analysis Best Practices
Explains how coding standards analysis, data flow analysis, and metrics can help your team improve code security, reliability, performance, and maintainability–and how to get started as painlessly as possible.
Code Review Best Practices
Explains how process automation plus a focus on requirements can help your team uncover more complex defects during peer code review–without impeding project progress.
Unit Testing Best Practices
Explains how unit testing can help your team rapidly modify code with confidence–and how to get started as painlessly as possible.
The Yin and Yang of Software Development: 5 Best Practices that Allow Efficiency and Creativity to Productively Coexist
Explains how 5 best practices reduce the amount of avoidable waste in the software development process, enabling developers to satisfy business goals without compromising their craft.
Verifying Section 508 and WAI WCAG Web Accessibility Requirements
Explains how Parasoft facilitates compliance with Section 508 and WAI WCAG web accessibility guidelines.
ISO 26262 Compliance: Achieving Functional Safety in the Automotive Industry
Outlines how Parasoft addresses the development process functional safety aspects that are outlined in ISO/DIS 26262.
Satisfying ASIL Requirements: Ensure Functional Safety of Automotive Software
Outlines how Parasoft addresses the requirements for achieving each ASIL safety integrity level as defined by the ISO/DIS 26262 standard.
Satisfying SIL Requirements: Ensure Functional Safety of E/E/PE Safety-Related Systems
Outlines how Parasoft addresses the requirements for achieving each SIL safety integrity level as defined by the IEC 61508 standard.

Case Studies

Bovie Medical
Bovie Medical had been using an outside vendor to perform the software validation required for FDA compliance, but they wanted to improve the effectiveness of testing while at the same time reduce testing costs. Learn how Parasoft helped them move verification and validation testing in-house–cutting costs approximately in half and increasing quality and productivity.
Wipro
To remain competitive, Wipro launched an initiative to establish a more efficient and cost-effective way to maintain the exceptional quality standards that they pride themselves on. Find out how Parasoft helped them automate application and monitoring of their internal quality policies–and achieve a 25%.reduction in testing time and effort.
Sabre
Sabre continuously develops & deploys Web services, and must ensure that their SOA meets the most stringent quality requirements. Learn how they developed a repeatable testing method that promotes stability through continuous integration–as well as a method for certifying each service's production readiness.
NEC
NEC Telecom Software Philippines (NSP) needed an alternative to manual code review and unit testing in order to comply with internal quality initiatives while working under a tight schedule. Find out how Parasoft helped them streamline their internal quality processes to more efficiently satisfy quality initiatives.
Intermoco
Intermoco's engineering organization is responsible for both the "server side" (or database) activities associated with its network operations center as well as "embedded" solutions associated with metering and communication units in the field. Learn how Parasoft helped them double testing coverage, reducing the risk of inaccurate reporting and unit failures in the field.
Enventive
Most of Enventive's products must comply with a design for Six Sigma development process and meet a five nines (99.999%) reliability standard. Discover how Parasoft helped them move towards their goal of 100% crash-free code–and also implemented best practices that enable them to spend more time creating new capabilities.
Cisco Systems
To comply with corporate quality and security initiatives, Cisco Systems adopted static analysis, unit testing and code review. Learn how they automated these practices and seamlessly integrated them into their existing processes to deliver compliant code without impeding productivity.

Published Books

Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE, 2007
Explains an approach to software development and management that makes quality a continuous process throughout the software development lifecycle
Bulletproofing Web Applications. Wiley, 2001
A road map for how to integrate error prevention and detection into the development process to ensure that Web applications are robust, scalable, efficient and reliable.

Published Articles

Static Analysis, Security Failure, Software Test and Performance
Discusses why a policy-based approach is the secret to success with static analysis.
Static Analysis at the End of the SDLC Doesn't Work, SearchSoftwareQuality.com
Explains the importance of ensuring that code is built according to the organization's expectations – rather than trying to tack on security and quality at the end of the process.
Building Security into Software with Security Policies & Static Analysis, JDJ
Discusses why the most effective security efforts define a policy that details security requirements, then use static analysis to verify that the policy is implemented in the code.
Software Quality Needs to be a Continuous Process, SearchSoftwareQuality.com
Explains how establishing a continuous process that helps the team build quality and security into the software not only reduces defects and debugging, but also optimizes QA time and significantly improves team productivity.
The Future of Quality Lies in Productivity, SD Times
Explains how a productive workflow can make or break a quality initiative–focus on productivity by helping the team work smarter, and the team will deliver better software faster.
Unlocking the Power of Automation: Exclusive Q&A with Dr Adam Kolawa, SYS-CON Media
Discusses how Automated Defect Prevention (ADP)–an approach to software development and management that makes quality a continuous process throughout the software development lifecycle–gives developers more time to focus on the creative tasks they enjoy most.
Building Solid Software, CIO
Other industries have learned to incorporate better production methods into their manufacturing processes to ensure quality in their products–why isn't the software industry doing the same?
Why Aren't We Doing More to Prevent Errors?, Computerworld
Argues that the software industry can–and must–do more to prevent errors.
Getting the Most From Your Quality Initiatives, Computerworld
Explores the real problem with process improvement initiatives–there is no practical way to get them off the page and into your software development life cycle–and proposes solutions.
Prevention's the Cure, Dr. Dobb's Journal
Explains how coding standards static analysis can help you shift focus from finding bugs to building quality into the code.
Verifying Web Site Accessibility, WebSphere Journal
Explains how to make dynamic web sites comply with Section 508 and W3C WAI mandates for making Web sites accessible to people with disabilities.

Compliance as a Continuous Process

A continuous quality process ensures compliance tasks are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow. It can be achieved by taking a policy-based approach that embeds automated policy monitoring "sensors" across the SDLC. This involves defining policies that capture the organization's expectations around quality and security, then leveraging automation as a sensor that checks 1) if the policies are being applied correctly and 2) if they are achieving the expected results.

Rather than constantly incur the costs of testing quality and security defects out of the software (auditing), organizations invest in establishing a system that helps the team build quality and security into the software.

With such an infrastructure in place, team productivity increases dramatically. By following clearly-defined expectations for building quality and security into code, development is freed from the constant interruption of having to review, reproduce, and remediate defects reported by QA. Moreover, with so many defects being prevented, QA resources can be reduced or reallocated into tasks that deliver increased business value–such as performing a more extensive high-level "functional audit" of the application and assisting the team to monitor and improve its continuous quality process.

Parasoft Policy-Based Infrastructure

The Parasoft Policy-Based Infrastructure centralizes compliance via a development policy, which is a defined set of validation goals that an organization would like to achieve and measure throughout the SDLC. A properly- defined "policy" allows the organization to increase productivity while mitigating the risks associated with compliance to laws, regulations, and best practices. The overall goal is to drive a more effective SDLC process with automation.

The Parasoft infrastructure integrates into the team's current development environment and drives policy via process and workflow automation, which is achieved through both Parasoft quality components and any other application within the organization's development infrastructure.

Parasoft's policy-based infrastructure features the following components:

Policy Management

The Parasoft Policy Management solution is a central repository that defines management's expectations about how to execute SDLC tasks "correctly" in order to achieve and demonstrate compliance. The Policy Management module takes compliance guidelines and turns them into executable best practices. Metrics and control limits can be set within each policy in order to trigger escalations and/or notifications. This sets a measurement baseline to monitor policy compliance, process visibility, and granular tasks.

Policies can include:

Architectural best practices and approval
Design best practices and approval
Development best practices and monitoring (security, reliability, performance, maintaibility)
Quality process best practices and monitoring
- Process Adherence
- Automated Test Analysis (Code Analysis, Peer Code Review, Regression Testing...)
- Quality Gates
- Test Coverage
- Risk/Release Monitoring
Runtime monitoring

Process/Workflow Automation

Process/Workflow Automation is established to test for compliance to the defined policy. Process and workflow automation can request approval or verification for human/manual tasks or automatically query SDLC systems for specific process artifacts. The Process/Workflow component monitors the SDLC infrastructure for policy compliance.

Furthermore, more granular human tasks can be orchestrated in order to achieve compliance to specific SDLC policies. For example, a review process can be executed when specific components of a project are completed. A human task for review can be generated–bringing together developer and manger as well as key artifacts such as the requirement, the code, code analysis results, and unit test and functional test plans.

Preconfigured, customizable policy templates define common compliance processes that span everything from planning, to validation, to approval/sign-off tasks. Then, Process/Workflow Automation converts checklist items into executable processes. This helps organizations move beyond simply describing "how" to conduct the software validation efforts and towards establishing a "living process" that ensures validation is actually performed according to expectations.

Visibility

Established policies have associated metrics and service level agreements (SLAs) in order to provide visibility at various levels of granularity. This includes:

Policy Compliance
Process Visibility
Task Progress
Correlated SDLC Metrics

Since the Process/Workflow engine works across both business process and SDLC systems, data that is traditionally located in disparate locations can be correlated in context of "process." The result is visibility that not only demonstrates compliance efforts, but also improves an organization's ability to deliver quality software and to continually increase their productivity.

Quality Repository

The quality repository is the central location to deploy, manage, and enforce organization and project policies. It is locally deployed and accessible globally. This flexibility allows core organization policies to be defined and applied to specific project configurations. Since no two projects are created equal, it is important for the project manager to have the ability to optimize productivity while adhering to validation requirements and other corporate defined policies.

The quality repository is the centralizing mechanism that allows compliance to be measured and continuously improved.

Reporting System

Parasoft's reporting system provides the information you need to identify quality, security, and process problems, address their root causes, and then monitor improvements.

The reporting system combines information from multiple sources (source control, bug tracking, and requirements management systems, as well as your Parasoft testing solutions and third party tools), which provides users with the ability to make objective decisions. The gathered data is correlated, organized, and delivered to different user roles within the organization to support their decision system.

The reporting system works as part of a comprehensive team-wide solution that reduces delivery delays and improves the quality and security of complex, multi-language enterprise applications. This particular component of that solution can help organizations:

Improve productivity through process improvement.
Obtain comprehensive, objective, on-demand insight into the development process.
Meet goals predictably.
Manage distributed development.