Search

US-12619411-B2 - Automated functional-safety evaluation and deployment of a software package

US12619411B2US 12619411 B2US12619411 B2US 12619411B2US-12619411-B2

Abstract

Some examples described herein related to automated functional-safety evaluation and deployment of a software package. As one example, a system can execute an automated scoring engine configured to analyze data associated with different phases of a software development process for a software package. Based on the data, the automated scoring engine can generate a score indicating compliance of the software package with a functional safety standard issued by a standard-setting organization. The system can then automatically control deployment of the software package to an entity based on the score.

Inventors

  • Roberto PACCAPELI

Assignees

  • RED HAT, INC.

Dates

Publication Date
20260505
Application Date
20221221

Claims (20)

  1. 1 . A non-transitory computer-readable medium comprising program code that is executable by one or more processors for causing the one or more processors to: execute a software test on a software package to generate a test result; generate a score indicating compliance of the software package with a functional safety standard issued by a standard-setting organization, by applying a predefined set of rules to data generated during different phases of a software development process for the software package, wherein the data includes the test result; and automatically control deployment of the software package to a first entity and a second entity based on the score, wherein automatically controlling the deployment of the software package involves transmitting the software package over a network to a first production server in response to determining that the score meets or exceeds a first threshold provided by the first entity, and wherein automatically controlling the deployment of the software package involves preventing transmission of the software package over the network to a second production server in response to determining that the score is below a second threshold provided by the second entity, the second threshold being different from the first threshold and the second entity being different from the first entity, wherein the first production server is configured to provide the software package for download to the first entity, and wherein the second production server is configured to provide the software package for download to the second entity.
  2. 2 . The non-transitory computer-readable medium of claim 1 , further comprising program code that is executable by the one or more processors for causing the one or more processors to: determine that the score meets or exceeds the first threshold associated with the first entity and responsively deploy the software package to the first entity, the first entity being capable of customizing the first threshold; and determine that the score is below the second threshold associated with the second entity and responsively prevent deployment of the software package to the second entity, the second entity being capable of customizing the second threshold.
  3. 3 . The non-transitory computer-readable medium of claim 1 , further comprising program code that is executable by the one or more processors for causing the one or more processors to: generate a graphical user interface indicating the score for a user.
  4. 4 . The non-transitory computer-readable medium of claim 1 , wherein the score is an overall score, and further comprising program code that is executable by the one or more processors for causing the one or more processors to: determine a plurality of subscores corresponding to different areas of evaluation defined in the functional safety standard, each subscore corresponding to a respective area of evaluation and indicating a degree to which the software package satisfies one or more normative requirements associated with the respective area; and generate the overall score by combining the plurality of subscores.
  5. 5 . The non-transitory computer-readable medium of claim 4 , wherein the different areas for evaluation include design, programming, verification, and testing of the software package.
  6. 6 . The non-transitory computer-readable medium of claim 4 , further comprising program code that is executable by the one or more processors for causing the one or more processors to, for each respective area of evaluation: determine the subscore for the respective area of evaluation by applying a respective set of rules to a corresponding subset of the data.
  7. 7 . The non-transitory computer-readable medium of claim 1 , wherein the score is a first subscore that corresponds to an individual evaluation area defined in the functional safety standard, and further comprising program code that is executable by the one or more processors for causing the one or more processors to: determine a first subscore threshold selected by the first entity for the individual evaluation area; determine whether the first subscore meets or exceeds the first subscore threshold; and based on determining that the subscore meets or exceeds the first subscore threshold, automatically deploy the software package to the first entity.
  8. 8 . The non-transitory computer-readable medium of claim 7 , further comprising program code that is executable by the one or more processors for causing the one or more processors to: determine a second subscore threshold selected by the second entity for the individual evaluation area, the second subscore threshold being different from the first subscore threshold; determine whether a second subscore meets or exceeds the second subscore threshold; and based on determining that the second subscore is below the second subscore threshold, automatically prevent deployment of the software package to the second entity.
  9. 9 . The non-transitory computer-readable medium of claim 1 , wherein the functional safety standard defines functional goals for the software package but excludes specific details describing how to determine whether those functional goals are met by the software package, and further comprising program code that is executable by the one or more processors for causing the one or more processors to: determine results of a set of software development operations performed during the different phases of the software development process for the software package; and apply the predefined set of rules to the results to generate the score, the score reflecting a degree to which the functional goals are met by the software package.
  10. 10 . A method comprising: generating, by one or more processors, a score indicating compliance of a software package with a functional safety standard issued by a standard-setting organization, by applying a predefined set of rules to data generated during different phases of a software development process for the software package; and automatically controlling, by the one or more processors, deployment of the software package to a first entity and a second entity based on the score, wherein automatically controlling the deployment of the software package involves transmitting the software package over a network to a first production server in response to determining that the score meets or exceeds a first threshold provided by the first entity, and wherein automatically controlling the deployment of the software package involves preventing transmission of the software package over the network to a second production server in response to determining that the score is below a second threshold provided by the second entity, the second threshold being different from the first threshold and the second entity being different from the first entity, wherein the first production server is configured to provide the software package for download to the first entity, and wherein the second production server is configured to provide the software package for download to the second entity.
  11. 11 . The method of claim 10 , further comprising: determining, by the one or more processors, that the score meets or exceeds the first threshold associated with the first entity and responsively deploy the software package to the first entity, the first entity being capable of customizing the first threshold; and determining, by the one or more processors, that the score is below the second threshold associated with the second entity and responsively prevent deployment of the software package to the second entity, the second entity being capable of customizing the second threshold.
  12. 12 . The method of claim 10 , further comprising: generating, by the one or more processors, a graphical user interface indicating the score for a user.
  13. 13 . The method of claim 10 , wherein the score is an overall score, and further comprising: determining, by the one or more processors, a plurality of subscores corresponding to different areas of evaluation defined in the functional safety standard, each subscore corresponding to a respective area of evaluation and indicating a degree to which the software package satisfies one or more normative requirements associated with the respective area; and generating, by the one or more processors, the overall score by combining the plurality of subscores.
  14. 14 . The method of claim 13 , wherein the different areas for evaluation include design, programming, verification, and testing of the software package.
  15. 15 . The method of claim 13 , further comprising, for each respective area of evaluation: determining, by the one or more processors, the subscore for the respective area of evaluation by applying a respective set of rules to a corresponding subset of the data.
  16. 16 . The method of claim 10 , wherein the score is a first subscore that corresponds to an individual evaluation area defined in the functional safety standard, and further comprising: determining, by the one or more processors, a first subscore threshold selected by the first entity for the individual evaluation area; determining, by the one or more processors, whether the first subscore meets or exceeds the first subscore threshold; and based on determining that the first subscore meets or exceeds the first subscore threshold, automatically deploying, by the one or more processors, the software package to the first entity.
  17. 17 . The method of claim 16 , further comprising: determining, by the one or more processors, a second subscore threshold selected by the second entity for the individual evaluation area, the second subscore threshold being different from the first subscore threshold; determining, by the one or more processors, whether a second subscore meets or exceeds the second subscore threshold; and based on determining that the second subscore is below the second subscore threshold, automatically preventing, by the one or more processors, deployment of the software package to the second entity.
  18. 18 . The method of claim 10 , wherein the functional safety standard defines functional goals for the software package but excludes specific details describing how to determine whether those functional goals are met by the software package, and further comprising: determining, by the one or more processors, results of a set of software development operations performed during the different phases of the software development process for the software package; and applying, by the one or more processors, the predefined set of rules to the results to generate the score, the score reflecting a degree to which the functional goals are met by the software package.
  19. 19 . A system comprising: one or more processors; and one or more memories including instructions that are executable by the one or more processors for causing the one or more processors to: generate a score indicating compliance of a software package with a functional safety standard issued by a standard-setting organization, by applying a predefined set of rules to data generated during different phases of a software development process for the software package; and automatically control deployment of the software package to a first entity and a second entity based on the score, wherein automatically controlling the deployment of the software package involves transmitting the software package over a network to a first production server in response to determining that the score meets or exceeds a first threshold provided by the first entity, and wherein automatically controlling the deployment of the software package involves preventing transmission of the software package over the network to a second production server in response to determining that the score is below a second threshold provided by the second entity, the second threshold being different from the first threshold and the second entity being different from the first entity, wherein the first production server is configured to provide the software package for download to the first entity, and wherein the second production server is configured to provide the software package for download to the second entity.
  20. 20 . The system of claim 19 , wherein the score is an overall score, and wherein the one or more memories further include instructions that are executable by the one or more processors for causing the one or more processors to: determine a plurality of subscores corresponding to different areas of evaluation defined in the functional safety standard, each subscore corresponding to a respective area of evaluation and indicating a degree to which the software package satisfies one or more normative requirements associated with the respective area; and generate the overall score by combining the plurality of subscores.

Description

TECHNICAL FIELD The present disclosure relates generally to software deployment and evaluation. More specifically, but not by way of limitation, this disclosure relates to automated functional-safety evaluation and deployment of a software package. BACKGROUND Many organizations around the globe have developed functional safety standards for software. Functional safety is about reducing the risks of simple and complex systems, so that the function safely in the event that there is an electrical or electronic malfunction. One example of a functional safety standard is IEC 61508, defined by the International Organization for Standardization® (ISO). Another example of a standard is ISO/IEC 62304. Functional safety standards can be used to avoid or mitigate systematic failures and hardware failures, to prevent hazardous operational situations. These standards may define broad functional goals, but often the standards do not themselves prescribe the specific process that should be used to determine whether a goal is met. For example, a standard may include a broad functional goal like requiring source code to have “low complexity,” but the standard may not actually specify how the level of complexity for a software application is supposed to be measured, leaving it up to a human evaluator of the software to make that decision. As a result, different organizations (and even different human evaluators within the same organization) may apply different approaches when evaluating the same code for compliance with the same safety standard, which can yield inconsistent results. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of an example of a system for providing automated functional-safety evaluation and deployment of a software package according to some aspects of the present disclosure. FIG. 2 is a block diagram of an example of a system for allowing end users to customize deployment of a software package based on scores according to some aspects of the present disclosure. FIG. 3 is a block diagram of an example of a functional safety standard according to some aspects of the present disclosure. FIG. 4 is a block diagram of an example of a set of rules according to some aspects of the present disclosure. FIG. 5 is a block diagram of an example of a system for providing automated functional-safety evaluation and deployment of a software package according to some aspects of the present disclosure. FIG. 6 is a flowchart of an example of a process for providing automated functional-safety evaluation and deployment of a software package according to some aspects of the present disclosure. FIG. 7 is a flowchart of an example of a process for generating subscores and an overall score for a software package according to some aspects of the present disclosure. DETAILED DESCRIPTION A software development organization may want or need to comply with a functional safety standard (FSS) issued by a standard-setting organization when developing a software package for end users. A software package can include programs and files that are bundled together to serve a common purpose. To test a software package's compliance with a functional safety standard, a human evaluator normally interprets the functional safety standard and obtains evidence from individuals throughout the organization to determine whether the software package complies with each normative requirement in the functional safety standard. This is a manual process that may involve the human evaluator subjectively interpreting the functional safety standard, deciding which evidence would be useful in evaluating compliance with each normative requirement in the functional safety standard, interacting with dozens of other individuals to gather the evidence, and then applying the evidence to finally arrive at a conclusion of whether the software packages complies with the functional safety standard. This is a long and arduous process that varies between software evaluators and can take a significant amount of time, which in turn may delay deployment of the software package to users (because the software package may not be allowed to be deployed to end users until its has been verified to comply with the functional safety standard). And this is often a subjective process in which different human evaluators may rely on different evidence to evaluate compliance with the same normative requirement. For example, different evaluators may rely on different test results from different types of software tests (e.g., unit tests vs. integration tests) to evaluate compliance with the same normative requirement, which can lead to different outcomes. Some examples of the present disclosure can overcome one or more of the abovementioned problems by providing an automated process that can be repeatedly executed throughout the lifecycle of a software package, for example each time the software package is updated, to continually validate the package's compliance with a predefined