Posted by Synopsys Editorial Team on September 1, 2016
Software is no longer limited to traditional computing platforms and devices such as our personal PCs or corporate compute servers. Almost every device today runs some software—from runtime environment firmware at the chip level to the full-blown operating systems found within our smart TVs. Life-critical products, such as automobiles, medical devices, and industrial control systems for the national critical infrastructure, also depend on software.
Signoff is a concept that is well-understood in other industries and has its foundation in supply chain quality control. With signoff, none of the parts have to be perfect, but they do have to conform to quality levels within a certain tolerance. This is validated by testing the parts on the producer and the consumer sides. Testing on both sides allows manufacturers to identify discrepancies in the quality of the product, as well as perform a deep root cause analysis to fix issues and improve the overall system quality.
Software signoff is a quality and security methodology that introduces formal testing gates into the life cycle of software. Software signoff addresses key concerns such as cyber security, functional quality, standards compliance, and others at its root during the creation and distribution of software—therefore offering a foundational building block for achieving attributes such as “built-in security” or “built-in quality.”
From development and supply chain management to updates of shipped products, software signoff does not allow development to proceed without first passing tests for security and quality. Software signoff enforces discipline early in the development process, resulting in a predictable outcome. Similarly, it implements acceptance gates into the software supply chain, therefore providing the means for quality control, price differentiation, and competitive market positioning.
Get the latest AppSec news and trends sent directly to you.