Software Integrity

 

The future of software signoff

Software is no longer limited to traditional computing platforms devices such as our personal PC or a corporate compute server. Almost every device today runs some software – from run-time environment firmware at the chip level to a full-blown operating system found within our smart TVs. Life-critical products, such as automobiles, medical devices, and industrial control systems for the national critical infrastructure also depend on software.

Signoff is a concept that is well understood in other industries and has its foundation in supply chain quality control. With signoff, none of the parts have to be perfect but they do have to conform to quality levels within a certain tolerance. This is validated by testing the parts on the producer and the consumer sides. Testing on both sides allows manufacturers to identify discrepancies in the quality of the product, as well as perform a deep root cause analysis to fix issues and improve the overall system quality.

Software Signoff is a quality and security methodology that introduces formal testing gates into the life cycle of software. Software Signoff addresses key concerns such as cybersecurity, functional quality, standards compliance, and others at its root during the creation and distribution of software – therefore offering a foundational building block for achieving attributes such as “Built-in Security” or “Build-in Quality”.

From development and supply chain management to updates of shipped products, Software Signoff does not allow development to proceed without first passing tests for security and quality, Software Signoff enforces discipline early in the development process resulting in a predictable outcome. Similarly, it implements acceptance gates into the software supply chain therefore providing the means for quality control, price differentiation, and competitive market positioning.

Learn more about the Synopsys Software Integrity Platform.