The event database contains all event-related information for the digital electronica conference and supporting event program.
Lecture electronica Conferences > electronica Medical Electronics Conference > Session 1: SAFETY, SECURITY & REGULATORY
15:00-15:30 h | Virtual
Medical software has to be developed in accordance to international norms like EN-60601 and IEC-62304, and national regulations, such as the German Medizinproduktegesetz, or the CfR and the FDA General Principles of Software Validation in the US. One important aspect is software validation and verification: functional safety and security of medical software has to be ensured. The requirements imposed by existing regulations not only include demonstrating functional correctness but also meeting quality requirements such as satisfying coding guidelines, demonstrating the absence of coding defects such as runtime errors and data races, and preventing resource exhaustion like stack overflows, or exceeding timing budgets. In addition, the code also should be free of cybersecurity vulnerabilities. To meet these quality requirements, the methodology of static analysis has gained increasing popularity. Static analysis does not require executing the software under analysis, but it computes information about all potential software executions from the program code itself. Depending on their level of rigor, static analyzers can detect such defects, or, in the case of sound static analyzers, even prove their absence. Using static analysis tools in the development process has advantages beyond the regulatory aspect. Since static analysis is a defect prevention mechanism which can be applied prior to testing, it contributes avoiding late-stage bug hunting, and it increases the efficiency of testing methods. Independent studies conducted in the past years give indications about the number of defects discovered after system release, and about the cost associated with them. To determine the Return on Investment of static analysis tool usage, the cost of tool usage has to be weighed up against positive effects on development efficiency and turn-around time as well as avoiding the cost of post-release defects including recalls or lawsuits. This presentation briefly summarizes the regulatory background, gives an overview of the different factors determining the profitability of applying static analysis techniques and illustrates them with practical examples and statistical data from recent years.
Subjects: Medical Electronics
Speaker: Daniel Kästner (AbsInt Angewandte Informatik)
Type: Lecture
Speech: English
Notifiable
Chargeable
LoginMedical software has to be developed in accordance to international norms like EN-60601 and IEC-62304, and national regulations, such as the German Medizinproduktegesetz, or the CfR and the FDA General Principles of Software Validation in the US. One important aspect is software validation and verification: functional safety and security of medical software has to be ensured. The requirements imposed by existing regulations not only include demonstrating functional correctness but also meeting quality requirements such as satisfying coding guidelines, demonstrating the absence of coding defects such as runtime errors and data races, and preventing resource exhaustion like stack overflows, or exceeding timing budgets. In addition, the code also should be free of cybersecurity vulnerabilities. To meet these quality requirements, the methodology of static analysis has gained increasing popularity. Static analysis does not require executing the software under analysis, but it computes information about all potential software executions from the program code itself. Depending on their level of rigor, static analyzers can detect such defects, or, in the case of sound static analyzers, even prove their absence. Using static analysis tools in the development process has advantages beyond the regulatory aspect. Since static analysis is a defect prevention mechanism which can be applied prior to testing, it contributes avoiding late-stage bug hunting, and it increases the efficiency of testing methods. Independent studies conducted in the past years give indications about the number of defects discovered after system release, and about the cost associated with them. To determine the Return on Investment of static analysis tool usage, the cost of tool usage has to be weighed up against positive effects on development efficiency and turn-around time as well as avoiding the cost of post-release defects including recalls or lawsuits. This presentation briefly summarizes the regulatory background, gives an overview of the different factors determining the profitability of applying static analysis techniques and illustrates them with practical examples and statistical data from recent years.
Speaker,
AbsInt Angewandte Informatik
Speaker,
AbsInt Angewandte Informatik