Risk Assessment using Automotive SPICE and static code analysis
Do you want to evaluate the quality and risks related to accepting
software applications from your suppliers? Are you responsible for
taking over and maintaining an application and do you want to know
beforehand where you can expect trouble?
Our risk assessment will provide you with objective insight in quality and risks.
How to evaluate the risks for maintaining an application?
There may be several aspects to the risk of taking over an application.
Crucial product documentation needed for understanding the application
may be lacking or of poor quality. On the other hand risks related to
operation and maintenance may also be hidden in the code.
During the risk and quality assessment we analyze the product documentation and the code is analyzed using static code analysis.
How do we perform the product documentation analysis?
We analyze the available product documentation and we compare it with
the requirements of Automotive SPICE. Automotive SPICE as reference
model provides a detailed view on typical product documentation
The SPICE model is used both for identifying and analyzing flaws in the product documentation and for categorizing the derived risks for acceptance, operations and maintenance of the application. The assessment report includes risk reduction suggestions.
How is the static code analysis performed?
The code will undergo both manual and automatic code analysis against a
well-defined set of quality indicators, which include code
test-coverage, cyclomatic complexity, code-duplication, fan-out, dead
code, and risks related to use of linked libraries.
We have an extensive set of proprietary code-checking tools for a variety of programming languages. We can also combine or integrate with your dedicated code-checking tools.
Automatic code-checking from our side can be performed once as part of the risk assessment, but you can also choose to take a subscription for continuous monitoring of code quality.
The static code analysis is performed by our partner Tiobe. The analysis results will be compared against Tiobe's benchmarking database. The analyzed code will be rated against Tiobe's Code Quality Index, which ranges from A (high quality) to F (poor quality).
You will receive a combined view on the results of both the product documentation analysis and the static code review. We will present and discuss the required steps to effectively reduce the identified risks.
Senior Executive Consultant
+49 6151 503349-0