Reduce the cost, time, and risk of certifying software for airworthiness

This article originally appeared in the October'24 magazine issue of Electronic Specifier Design – see ES's Magazine Archives for more featured publications

Typically, decisions around software development and verification tools have been managed within individual development and assurance teams. With today’s complex regulatory landscape and short windows of competitive opportunity, however, these choices are being made at an enterprise level. Initiatives aimed at reducing the cost, time and risk of certification have become essential activities for business leaders.

How development and verification tools help overcome certification challenges

Software verification can take as much time, effort, and resources as the entire planning and development processes combined. That makes testing and certification costly activities. Moreso, the increasing complexity and volume of compliance requirements make verification more challenging. Trying to address these challenges or this complexity without integrated, automated tools is no longer possible. Disparate groups must be able to work collaboratively and in parallel, using an integrated development and verification tool chain, to reduce development and certification time.

Successful development teams take a big-picture approach that addresses the entire software development lifecycle to ensure effective communication and knowledge transfer through every stage. The move to an integrated suite of automated software development and verification tools can have a dramatic impact on these efforts. This is especially important for remote and geographically dispersed teams who need to aggregate information over the course of development and testing, during which manual processes or disparate tools can introduce inefficiencies along with opportunities for errors and vulnerabilities.

Integrated tools increase quality and reduce cost

Unlike spreadsheets or stand-alone document-management systems, integrated tools offer full visibility and change-impact analysis across projects and teams, enabling better, faster decision making. An ideal set of verification tools provides a broad range of capabilities, including requirements traceability, change impact analysis, test management, coding standards compliance, code quality review, code coverage analysis, data- and control flow analysis, unit/integration/system testing (including target testing), along with the automated generation of certification evidence.

Such tools lend themselves equally to any software development lifecycle model. Verification tools are also an important part of the continuous integration (CI) workflow, allowing teams to use the same tools throughout the development process for rapid, iterative software development, verification, and deployment. Applying CI, developers can run static analysis and unit testing as part of their front-end verification, to make sure their code is doing what is intended even before it’s merged with other code bases.

‘Shift left’ to minimise security vulnerabilities that impact safety

Cybersecurity in avionics systems has been a moving target with serious implications for safety, making it a significant driver of business risk and uncertainty. The recommended strategy is to design in security so that vulnerabilities are minimised during development. Subsequent testing of the completed software helps to prove the efficacy of that approach before the product is put into the field. Once there, a strategy to address any newly exposed vulnerabilities quickly and safely becomes important.

To address this challenge, many teams are moving to an integrated development-security-operations (DevSecOps) approach to help reduce costs and risk and improve efficiencies. In contrast to the traditional handoff to security teams after software is completed, this ‘shift left’ enables software development and security teams to work efficiently and cost-effectively in parallel. Flexible and customisable software tools easily adapt to the level of risk and necessary rigor of mitigation, and requirements traceability tools enable a rapid response for dealing with a compromised vulnerability even for systems that have been unchanged for years.

Certifying the next generation of flight software

The time to address concerns and make fundamental changes is now – not during a future critical product launch. With a comprehensive verification tool suite, teams are well-armed with documentation and shared knowledge throughout the product development lifecycle. These new areas of avionics will require complex engineering and frequent collaboration. By using integrated tools, teams can develop, verify and certify next generation flight software effectively and efficiently.

Security process and software development process as part of the aircraft development process