1. Parasoft Quality SystemsAutomated Processes for FDA Software Compliance2011

2. FDA Verification & Validation Software validation is accomplished through a series of activities and tasks that are planned and executed at variousstages of the software development life cycleDevelopers should use a mixture of methods and techniquesto prevent software errors and to detect software errorsSoftware TestingStatic AnalysisDynamic AnalysisCode InspectionsWalkthroughsOthersParasoft Proprietary and Confidential 3. Parasoft TestA Broad set of integrated defect prevention anddetection technologies for C, C++, Java, .NETand SOAAutomates the validation practices named in theFDAs General Principles of Software Validation,including:Static code analysis - coding standards, data flow, metrics.Dynamic analysis - unit/component testing, integration testing,functional testing, memory error detection, continuous regressiontesting.Coverage analysis - Multiple coverage metricsPeer review (and document review) process automationParasoft Proprietary and Confidential 4. Parasoft Test Static AnalysisPattern-Based Static AnalysisIncreases productivity by preventing errorsExtensive breadth of rulesOver 1,700 for C/C++Over 1,000 for JavaOver 700 for .NETParasoft Test rule quality based on over 20 years of researchGraphical interface for custom rule creation and customizationExtensive security Ruleset for (PCI, OWASP, Sun Java SecurityFlow-Based Static AnalysisFind bugsDeep, multi-file path analysisVery low false positivesMetrics AnalysisFinds complex code prone to errorsDirectly pinpoints areas of code/application prone to errorsLarge breadth of metrics availableParasoft Proprietary and Confidential 5. Implementation of Static Analysis 1Chose Rulesets and workflow3 Cross-reference with source2 Scan Code4Deliver ResultsParasoft Proprietary and Confidential 6. Results within IDE2 Directly access line of code to fix 3Check-in1 Results delivered as uniform view within IDEParasoft Proprietary and Confidential 7. Parasoft Test Code ReviewAutomated infrastructure for peer code reviewLanguage independent, works in all developmentenvironmentsAda, Fortan, Perl, SQL, etcPre check-in code reviewCode reviewed prior to check into sourcePost check-in code reviewAutomatic creation of a code review session for the codechecked into source but not reviewedGuarantees 100% code review for new or modified codeFull traceability of code review sessionsPrioritization and categorization of issues foundParasoft Proprietary and Confidential 8. Implementation Code Review Post CheckAuthor1Check in code2 Scan and analyze codeReviewer 3 Review code within IDE 4 Review/Suggest changesParasoft Proprietary and Confidential 9. Parasoft Test Unit TestingMaintenance of test suitesAssertions in unit test suites maintained on a daily basis to keeptest suites in-syncWorkflow to achieve this is fundamentalAutomatic creation of unit test cases from codeOut of the box coverage 50-60%Ideal for the creation of baseline test suitesSupport for stubs and mock objectsAbility to capture or create repositories of initialized objects ready to be used inunit test casesFor embedded systems, execution on target (C/C++)Parasoft Proprietary and Confidential 10. Parasoft Test Coverage AnalysisFull application analysisReports combined coverage of executed code as test suitesare executedUnit testing coverage analysisReports combined coverage of entire unit test suiteTarget execution coverageReports on both target and host coverageCombined coverage of both unit test suites and functional testsuitesMultiple types of coverage analysisLinePathBranchStatementMoreParasoft Proprietary and Confidential 11. Implementation of Unit Testing 1Creation of unit test cases in IDE (auto or manual)5 Deliver results within IDE4 Cross reference2 Check into Source3 Execute nightlyParasoft Proprietary and Confidential 12. Policy Driven ComplianceProductivity VerificationTraceabilityMore V&V Policies in Part2!Parasoft Proprietary and Confidential 13. Parasoft Concerto = FDA ComplianceA closed-loop process to manage and improve the softwaredevelopment lifecycleManage By Exception3Control the Process Analyze and Improve Manage the Process 1 24Parasoft Proprietary and Confidential 14. FDA ReportsParasoft Proprietary and Confidential 15. Questions?For More Information Web: http://www.parasoft.com (Look for FDA Validation) Contact: support-psa@parasoft.comParasoft Proprietary and Confidential