calender
Date & Time
Search
Datum
{{range.dates[index].day}}
{{range.dates[index].date}}
Time
Mornings Noon Afternoons Evenings
  • from
  • to
  • o'clock
Topic
Event
Properties
{{item.name}}
{{item.name}}
Exhibition venue

(please choose the desired areas)

Lecture language
Format

Event database

The event database contains all event-related information for the digital electronica conference and supporting event program.

Back to the EventList

On the Return on Investment of Using Static Analysis Tools

NOV
09
2020
09. NOV 2020

Lecture electronica Conferences > electronica Medical Electronics Conference > Session 1: SAFETY, SECURITY & REGULATORY

15:00-15:30 h | Virtual

Medical software has to be developed in accordance to international norms like EN-60601 and IEC-62304, and national regulations, such as the German Medizinproduktegesetz, or the CfR and the FDA General Principles of Software Validation in the US. One important aspect is software validation and verification: functional safety and security of medical software has to be ensured. The requirements imposed by existing regulations not only include demonstrating functional correctness but also meeting quality requirements such as satisfying coding guidelines, demonstrating the absence of coding defects such as runtime errors and data races, and preventing resource exhaustion like stack overflows, or exceeding timing budgets. In addition, the code also should be free of cybersecurity vulnerabilities. To meet these quality requirements, the methodology of static analysis has gained increasing popularity. Static analysis does not require executing the software under analysis, but it computes information about all potential software executions from the program code itself. Depending on their level of rigor, static analyzers can detect such defects, or, in the case of sound static analyzers, even prove their absence. Using static analysis tools in the development process has advantages beyond the regulatory aspect. Since static analysis is a defect prevention mechanism which can be applied prior to testing, it contributes avoiding late-stage bug hunting, and it increases the efficiency of testing methods. Independent studies conducted in the past years give indications about the number of defects discovered after system release, and about the cost associated with them. To determine the Return on Investment of static analysis tool usage, the cost of tool usage has to be weighed up against positive effects on development efficiency and turn-around time as well as avoiding the cost of post-release defects including recalls or lawsuits. This presentation briefly summarizes the regulatory background, gives an overview of the different factors determining the profitability of applying static analysis techniques and illustrates them with practical examples and statistical data from recent years.

Subjects: Medical Electronics

Speaker: Daniel Kästner (AbsInt Angewandte Informatik)

Type: Lecture

Speech: English

Notifiable

Chargeable

Login

Medical software has to be developed in accordance to international norms like EN-60601 and IEC-62304, and national regulations, such as the German Medizinproduktegesetz, or the CfR and the FDA General Principles of Software Validation in the US. One important aspect is software validation and verification: functional safety and security of medical software has to be ensured. The requirements imposed by existing regulations not only include demonstrating functional correctness but also meeting quality requirements such as satisfying coding guidelines, demonstrating the absence of coding defects such as runtime errors and data races, and preventing resource exhaustion like stack overflows, or exceeding timing budgets. In addition, the code also should be free of cybersecurity vulnerabilities. To meet these quality requirements, the methodology of static analysis has gained increasing popularity. Static analysis does not require executing the software under analysis, but it computes information about all potential software executions from the program code itself. Depending on their level of rigor, static analyzers can detect such defects, or, in the case of sound static analyzers, even prove their absence. Using static analysis tools in the development process has advantages beyond the regulatory aspect. Since static analysis is a defect prevention mechanism which can be applied prior to testing, it contributes avoiding late-stage bug hunting, and it increases the efficiency of testing methods. Independent studies conducted in the past years give indications about the number of defects discovered after system release, and about the cost associated with them. To determine the Return on Investment of static analysis tool usage, the cost of tool usage has to be weighed up against positive effects on development efficiency and turn-around time as well as avoiding the cost of post-release defects including recalls or lawsuits. This presentation briefly summarizes the regulatory background, gives an overview of the different factors determining the profitability of applying static analysis techniques and illustrates them with practical examples and statistical data from recent years.

Daniel Kästner

Daniel Kästner

AbsInt Angewandte Informatik

Show Profile

Informations

Daniel Kästner

Location

Eingang
Nord-West
ICM
Eingang
Nord
Eingang
West
Atrium
Eingang
Nord-Ost
Eingang
Ost
Conference
Center Nord
Freigelände
C1
C2
C3
C4
C5
C6
B0
B1
B2
B3
B4
B5
B6
A1
A2
A3
A4
A5
A6

More Events