Auditing Source Code
Description Of
Service
This service currently covers only C and C++ source code at the moment.
The customer supplies source code, preferably pre-processed in precisely
the same way as their own compiler operates and Oakwood Computing staff
will analyse the code with a mixture of automated and manual inspection
procedures, producing a detailed report covering the following:
- Presence and location of statically detectable fault.
- Compliance with ISO standards.
- Detailed analysis using proprietary metric techniques of the code
complexity with any maintenance implications.
If required, the code will also be analysed for the customer's own
standards in so far as this can be achieved.
The audit is third-party, independent and, in the case of all high-integrity
work will be carried out by a Chartered Engineer, in line with recommendations
of the British Computer Society. Oakwood Computing staff have worldwide
experience of auditing code from many application areas gained over
the last few years.
Optional diversity
As an optional extra, for high-integrity systems involving C, unique
diverse methods are employed whereby multiple tools are used to analyse
the same code, and their results compared. This provides a good measure
of protection against the possibility of any false warnings being generated
from the tools themselves. This addresses one of the fundamental problems
with the use of tools in high-integrity systems - the absence of any
validation process for tools. Oakwood Computing use the FIPS160
validation suite for its own in-house quality control.
Requirements
Source code should either be preprocessed or be supplied with all referenced
include files. It can be sent by e-mail, by PC format floppy disc, CD,
zip disc or Exabyte cartridge, preferably as a zip archive. For particularly
confidential code, the code can be audited on-site, in which case, the
auditor will bring a Posix compliant system with the DCAS (Diverse Code
Auditing System) pre-installed.
For more details, contact
us.
