TalkSecure

CodeSecure Streamlines ISO 26262 Compliance for Functional Safety in Automotive Industry

Posted on

by

NUREMBERG, GERMANY — CodeSecure, Inc., manufacturer of the most in-depth source-code analysis technology, today announced a new resource for simplifying the International Organization for Standardization (ISO) Draft International Standard (DIS) 26262 compliance process with static analysis. ISO 26262, titled “Road vehicles — Functional safety,” is a Functional Safety standard that is currently in the final draft. This standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems.

According to Mark Zarins, vice president of products at CodeSecure, “Software has an increasingly important role in the modern automobile. In fact, a car may contain more than 10 million lines of code. Some of this code controls critical functionality. For example, one car was recently recalled due to a software-related issue that could result in the unintended disabling of passenger-side airbags. Another car was recalled because faulty software could result in the engine being inadvertently shut down. Similar recalls have affected a wide variety of vehicles produced by different manufacturers.”

The company has released supplementary documentation to its CodeSonar® static-analysis tool that details how static analysis can be used to support an organization’s ISO 26262 initiatives. CodeSonar has a long history of being used to improve reliability in critical industries like avionics. CodeSonar performs the deepest analysis of any commercial tool, providing a higher level of assurance. More recently, CodeSecure’s static analysis technology has been adopted by some of the largest automotive manufacturers.

“In the competitive automotive industry, manufacturers are under pressure to create new features,” continued Mark Zarins. “Some of these features improve safety while others provide better comfort or entertainment. Software plays a key role in most of these new features, underscoring the importance of software quality. In addition, some of the software-enabled features employ networking, which can expose the automobile to potential security threats like worms or malicious code. Yet the growing code size of the software makes it increasingly difficult to test and verify. Manufacturers are adopting static analysis as part of the test plan to increase reliability.”

In a prominent example, NASA recently used static analysis to examine the software in Toyota vehicles as part of an investigation into unintended acceleration in Toyota vehicles. CodeSecure CodeSonar was one of the tools used by NASA. In the report, NASA described CodeSonar as a “strong static source code analysis tool from CodeSecure that uses a different technology for detailed inter-procedural source code analysis.” The full NASA Engineering and Safety Center Technical Assessment Report is located at www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf.

More information about CodeSonar is available on the CodeSonar product pages.

About CodeSecure:
CodeSecure’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now