Static Analysis for FDA and Medical Device Development

Static code analysis, data flow static analysis, code metrics analysis

  • Out-of-the-box test configuration for FDA/medical devices
  • Analyzes C, C++, Java, and .NET languages
  • Direct integration into embedded development environments
  • Also includes peer code review, unit testing, coverage analysis, and runtime error detection


Bovie Medical Device Testing Case Study

Bovie Medical had been using an outside vendor to perform the software validation required for FDA compliance, but they wanted to improve the effectiveness of testing while at the same time reduce testing costs. Learn how Parasoft helped them move verification and validation testing in-house - cutting costs approximately in half and getting to market 6 months sooner.

IMA Static Analysis Compliance Case Study

By working with Parasoft , IMA significantly increased the efficiency and auditability of the strict quality process they adopted to comply with pharmaceutical industry regulations.

FDA Static Analysis Templates

For FDA and medical device development, Parasoft’s core static analysis capability is preconfigured with templates for common regulations related to medical device software development, including FDA General Principles of Software Validation, IEC 62304, IEC & SIL. This directly addresses the FDA’s recommendation to integrate static code analysis into the medical device software development process to detect problems before release. Parasoft works with each organization to optimize the templates for the organization’s unique demands. This jumpstarts compliance and establishes the foundation for continuous improvement. The result: Compliance to management expectations while driving unprecedented levels of productivity and application quality.

Sample Rules for FDA Static Analysis

  • Avoid accessing arrays out of bounds
  • Avoid use before initialization
  • Avoid null pointer dereferencing
  • Avoid overflows due to [various causes]
  • Avoid division by zero
  • Ensure deallocation functions guarantee resource freeing
  • Do not use resources that have been freed
  • Do not free resources using invalid pointers
  • Do not abandon unreleased locks
  • Do not use blocking functions while holding a lock
  • Ensure resources are freed
  • Do not abandon unreleased locks
  • Properly terminate character strings
  • Never return a reference to a local object

Supported Languages for FDA Static Analysis

Parasoft’s static analysis is supported across:
  • C and C++
  • .NET languages including: C#, VB.NET, ASP.NET, etc.
  • Java

FDA Software Validation Beyond Static Analysis

The FDA recommends not only that testing involve a mixture of test and analysis methods applied throughout the SDLC, but also that a broad set of software life cycle management and risk management activities be integrated across the process to ensure the delivery of safe and reliable software.

Parasoft addresses both of these expectations with Parasoft Concerto for Medical Device Software Development. This integrated system extends Parasoft’s static analysis capabilities—providing a pre-configured system with processes and best practices that help organizations produce medical device software consistently and efficiently, with freedom from unacceptable risks.

The complete ALM solution integrates project & task management with Automated Defect Prevention and end-to-end QA testing. It drives SDLC tasks to a predictable outcome according to defined industry standards or management’s expectations. This gives organizations the comprehensive process visibility & control needed to effectively satisfy quality and compliance requirements.