Tier One Aerospace Supplier
Creating Reliable Innovation with TrustInSoft
Summary
This use case is about a player with broad expertise in safety-critical embedded software. They were looking for a solution to increase cybersecurity. Their adoption of TrustInSoft Analyzer allowed them to mathematically guarantee cybersecurity and cut their robustness testing costs by 75%.
Read It BelowChallenge
One of our customers is a tier 1 aerospace supplier with broad expertise in safety-critical and mission critical embedded software. They develop software modules for major aircraft OEMs and have years of experience in certification to DO-178C. A few years ago, they were contracted to develop for commercial transport aircrafts, a module which is not classified as safety-critical, but is cybersecurity-critical as it connects the plane’s aircrew communications and in-flight entertainment systems to the internet. Any vulnerability in the module, therefore, could allow hackers to access the plane’s flight control system. Its code needed to be flawless. As an experienced aerospace supplier, the company already had a proven process for assuring certification of safety-critical software. Cybersecurity, however, was another matter. The cybersecurity issue being more recent, processes were in place but still evolving.
Because they as well as their customer and their certification authorities had a strong understanding of their safety assurance procedures, they initially considered adapting those same procedures to cybersecurity assurance. This supplier soon realized, however, that using those procedures would entail a very high volume of robustness testing. They feared the process would become too demanding and expensive. They wanted to compare their results with an alternative solution to see if they could reduce cost and schedule while assuring even greater robustness. They had another concern as well: cybersecurity can be considered even more demanding than safety. While safety-assurance robustness testing might give one the confidence that there is a less than 10-12 chance a software bug will result in a safety-critical failure, a hacker will be using search algorithms to actively hunt for those “10-12” cases, hoping to exploit them.
Implementation
After a thorough search, the company chose TrustInSoft Analyzer for their comparison. They set up two verification efforts in parallel. On one side, they applied their standard V&V process. Four engineers carried out their standard unit testing effort for one month. On the other side, they used exhaustive static analysis. One engineer worked the same month finding errors with TrustInSoft Analyzer.
Results
After that one month, they found that the verification coverage and the number of coding errors uncovered and eliminated using TrustInSoft Analyzer were far superior to what they had been able to achieve using their standard V&V procedures for safety-critical software. In other words, TrustInSoft Analyzer allowed this supplier to cut their robustness testing costs by 75% while achieving better coverage and allowing the company to show they had done all the necessary testing. Because of TrustInSoft Analyzer’s guarantee that no bugs remain in the software, it brings a level of confidence to the end customer on the quality of the software which cannot be reached any other way.
Learn more about TrustInSoft Analyzer
Learn more about the tool that this Tier One Aerospace Supplier used to secure their code!
Discover our product