As embedded software gradually replaces mechanical components, the “Software Guidelines – Development & Assessment” document offers a practical and easy-to-use set of best practices for software development. Presented in the form of standards, the guide outlines numerous recommendations for ensuring that development meets the two-fold requirement of optimal operability and high risk tolerance.
An option for businesses to obtain a third party certificate of conformity
Released as an open-access document on January 18, 2016, the guide applies to sectors with no obligatory existing standard in this area [car amenities (multimedia, air conditioning, etc.), robotics and smart devices (automated handling, connected bracelets and watches, etc.), defense, industrial and agricultural machines, etc.]. Businesses that are interested can obtain a compliance certificate for their embedded software, following impartial and independent conformity assessment by Bureau Veritas.
Obtained by complying with each requirement, the third party certificate of conformity confirms that the software meets all relevant recommendations. To suit the customer’s needs, certification can take place through a continuous assessment process encompassing the entire development cycle, from software design through validation.
As the digitization of equipment continues at an increasing rate, we are currently seeing the development of more embedded software. Faced with certification costs that can sometimes reach 20% of the total development cost, it is crucial for businesses to receive strong guarantees concerning the reliability and stability of their software,” asserts Franck Sadmi, Software Team Leader at Bureau Veritas.
Responding to separate needs with 60 different requirements
The guide offers more than 60 different requirements that list and define current best practices. Each recommendation was validated by the Operational Safety joint working group constituted by Bureau Veritas and the CEA Tech List institute.
The requirements are ranked by level of criticality from 1 (slightly critical) to 4 (highly critical), enabling development teams to identify the most relevant requirements for their specific software. The level of criticality reflects the efforts needed to reach all target objectives.
A guide based on several standards and the Frama-C code analysis platform
Working with CEA Tech, Bureau Veritas produced the guide by summarizing all of the best practices arising from existing standards (such as IEC 61508, IEC 62304, and DO-178). Particularly demanding, those standards apply respectively to electronic, medical and civil aviation systems.
To overcome the two-fold challenge presented by the growing complexity and criticality of software objects, Bureau Veritas turned to Frama-C technology developed by List. The code analysis platform makes it possible to analyze and verify software to make sure it meets recommended standards at optimal cost.
With a guide adapted to the demands of critical security fields and produced using feedback from our customers, businesses can rest assured that their embedded software, development processes and usage environments meet all the functional security requirements and standards in their field,” explains Franck Sadmi. “We decided to take a White Box approach by relying on high-performance technologies (static code analysis), such as Frama-C, enabling developers to focus their efforts on identifying bugs.”
Sébastien Flanc, Business Manager in the Embedded Systems Department at Sirehna, a specialist in control systems for the dynamic behavior of naval platforms, is one of the first users of the guide:
We used the principles outlined in the guide to develop several software programs and the results are conclusive,” he explains. “In addition to simplifying and improving development, the guide assures us that we have the confidence of an independent party, represented by a testing, inspection and certification specialist.”