Bay Computer Associates (BCA)

CodeSonar Ensures Reliability of Life-Saving Mobile App.


Bay Computer Associates (BCA) is an electronics and software design firm whose clients include Motorola and Johnson & Johnson, as well as many startups. BCA brings product design expertise to a wide variety of applications, but about half of its business comes from medical devices.

City street at night with long exposure light trails from traffic, against a backdrop of illuminated office buildings.

As every programmer knows, just because a statement executes correctly once, does not mean it will always do so it may trigger an error only under a very unusual set of circumstances, This is where CodeSonar shines. It examines paths and considers conditions and program states in the abstract. By doing so, it can achieve much higher coverage of code than is usually feasible with testing.

Smiling man wearing glasses and a striped shirt, sitting indoors with a coffee maker in the background.

Dave Frey

BCA Co-Founder & Director of Software Engineering

CodeSonar Helps BCA Ensure Reliability of Life-Saving Mobile App

BCA brings product design expertise to a wide variety of applications, but about half of its business comes from medical devices.

Recently, BCA designed ZOLL Medical’s PocketCPR® for iPhone, a life-saving mobile app that monitors force of motion. The app measures compression depth, which teaches responders how to correctly perform CPR. When one of the app’s customers, a medical products manufacturer, requested advanced static analysis tools be used in the development process, BCA chose CodeSonar®.

Adopting CodeSonar for Static Analysis 

BCA works on a number of client projects simultaneously, leveraging a shared codebase where possible. Before the adoption of Codesonar, developers relied on visual code inspections and ad hoc tools. However, this was painstaking and time-consuming, so the company was excited to add advanced static analysis to automate the process. 

BCA selected CodeSonar because of its strong reputation in the medical device industry, and because it could be configured easily to fit the company’s workflow. According to Dave Frey, BCA co-founder and director of software engineering, the transition to using CodeSonar was smooth. CodeSonar can be pointed to any code directory and reports are aggregated on a company server that is accessible from any of the company’s workstations. Frey recalled that when CodeSecure initially visited BCA’s facility to demonstrate CodeSonar, he had requested that CodeSonar be used to analyze the real code from one of the company’s active projects. He said CodeSonar was quickly and easily installed and configured to do so. 

BCA has been using CodeSonar for about nine months, and engineers on projects across the company are embracing the tool. “I’ll tell you what amazes me is that CodeSonar works like it’s advertised,” said Frey. “It actually runs through complex loop and logic constructs and analyzes every single branch of that construct and will find something that no human would ever find by just looking at it.” 

“As every programmer knows, just because a statement executes correctly once, does not mean it will always do so — it may trigger an error only under a very unusual set of circumstances,” said Paul Anderson, Vice President of Engineering at CodeSecure. “This is where CodeSonar shines. It examines paths and considers conditions and program states in the abstract. By doing so, it can achieve much higher coverage of code than is usually feasible with testing.” 

Saving Time During Product Development

A typical project at BCA will have system-level firmware and application software, all implemented in C. The application software is first implemented on a PC simulator so the user interface can be refined. “I think we see the most benefit during code integration,” said Frey. “When the application software is integrated with the system firmware, CodeSonar helps speed the debugging and results in better code quality when the project goes into the testing phase.” 

“CodeSonar saves time in digging out things like memory leaks and buffer overruns,” added a firmware engineer at BCA. ”It will show you exactly the line of code where the problem is, so you don’t have to hunt through hundreds of lines of code to find a problem.” Frey noted more and more clients are requesting that static code analysis be used during product development. In some cases, clients request the printed results of static analysis to facilitate the regulatory approval process. However, BCA uses CodeSonar whether customers ask for it or not. 

Frey concluded, “It’s a great product! We are using it on everything now. Non-medical products, as well, and the client has no idea we are using it. We are still using it to make sure that our code is sound.”

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now

Book a Demo

We’re ready to help you integrate SAST and BCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now