Harvard Apparatus

CodeSecure Brings SAST into Product Development Process to Facilitate FDA Approval Process.


Download PDF

Harvard Apparatus was founded in 1901 in a basement at Harvard Medical School. In the 1950s, the company invented the mechanical syringe pump, and in the 1980s, it introduced the first microprocessor-controlled syringe pumps. Harvard Apparatus’ achievements include the first volume-controlled and subsequently pressure-controlled ventilators. The company has also created pulsatile blood pumps, transducers, amplifiers, recorders, glassware, and many other specialized bioscience research products. Today it continues a tradition of innovation with the most advanced, easiest-to-use programmable syringe pumps, the PHD ULTRA series.

“We’re using CodeSonar to analyze the codebase for our bioresearch products. This is a mature and reliable codebase. Still, I have been impressed by some of the issues CodeSonar has uncovered. Even though these issues would likely have been caught down the line during testing, finding them early and correcting them as soon as they are introduced is helping us make our software more robust.”

Ricky Bennett

Harvard Apparatus Senior Embedded Software Engineer 

CodeSonar Helps Harvard Apparatus Tackle the Medical Device Market

With extensive experience developing innovative scientific instruments, and a reputation for product excellence, Harvard Apparatus saw an opportunity in the fast-growing medical device market. Entering the medical device market for the first time was a huge step for Harvard Apparatus, as it faced new challenges including new product development processes, new requirements for the clinical market, and a rigorous FDA approval process. 

Under the best of circumstances, the FDA approval process can be time-consuming and expensive. However, the agency has added more stringent guidelines and requirements for manufacturers that are introducing new medical devices that include embedded software. Today, more than half of medical devices use software, and software defects are now the third-leading cause of medical device recalls.

A Stronger Product-Development Process 

Harvard Apparatus developed a strategy to strengthen its product development processes and facilitate the FDA approval process. A key part of the company’s new software development process is the use of advanced static code analysis. While the FDA does not specifically require manufacturers to use static analysis, the FDA itself uses it for its own testing. The FDA does require extensive documentation of a manufacturer’s test and verification procedures. For this reason alone, static analysis tools can be very helpful. 

To decide on a static analysis tool, Harvard Apparatus’ development team tested products from assorted vendors, using each one to analyze the same codebase. Ultimately, the team selected CodeSonar. Comparing the products, team members noted that CodeSonar was intuitive and easy to use. More importantly, its analysis provided more useful information, both finding more real issues and returning information in a way that made it easy to locate and fix problems. When CodeSonar reported warnings, it also allowed users to walk through the suspect code, following the actual execution path and displaying definitions. 

Team members reported that CodeSonar also required far less time to complete its analysis. It returned results in about 10 minutes while other products took all day or even a weekend. Harvard Apparatus especially liked that CodeSonar provided a network hub that allowed the team to share results and automatically import issues into their BugZilla defect tracking system.

Software Engineers Weigh In

“We’re using CodeSonar to analyze the codebase for our bioresearch products. This is a mature and reliable codebase. Still, I have been impressed by some of the issues CodeSonar has uncovered. Even though these issues would likely have been caught down the line during testing, finding them early and correcting them as soon as they are introduced is helping us make our software more robust.” – Ricky Bennett, Senior Embedded Software Engineer 

“CodeSecure’s customer support engineers were very knowledgeable, patient, and easy to call on via email. Any issues that came up were resolved quickly, usually within a couple of days. When we wanted to start using CodeSonar on other projects, CodeSecure arranged WebEx meetings to guide us through the installation and setup process.” – Jason Turcotte, Electrical/Computer Engineer

“Entering the medical device market requires a new level of process discipline. For example, we have to qualify component suppliers in a new way. Internally, we have to inspect every line of code and make sure every execution path is verified. With our large codebase, this would be impossible without a tool like CodeSonar. This is a great product, very effective!” – Frank Harrington, Engineering Manager for Harvard Apparatus’ medical device team

Book a Demo

We’re ready to help you integrate SAST and BCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now