Automotive Software Development Process Improvement and Capability Determination (Automotive SPICE® or ASPICE) is a process assessment model that helps automotive original equipment manufacturers (OEMs) and suppliers assess the performance and maturity level of their current enterprise software development processes.
Adherence to this standard helps automotive suppliers ensure the quality of their software meets critical customer needs.
This article will take you through ASPICE and provide you with performance quality compliance recommendations for automotive software companies.
What is Automotive SPICE®?
Automotive SPICE® (ASPICE) is a process assessment framework developed within the SPICE (or ISO/IEC 15504) standard. It is intended for automotive suppliers and manufacturers who wish to demonstrate that their software development processes are at a level sufficient to meet OEM requirements and apply best practices throughout the automotive software development lifecycle.
(Automotive SPICE® is a registered trademark of Verband der Automobilindustrie eV (VDA). For more information about Automotive SPICE®, please visit www.automotivespice.com.)
Today, vehicles are developing rapidly with intelligent integrated technology. They are equipped with sensors, infotainment and advanced driver assistance systems (ADAS) to improve driver and passenger safety.
The manufacturing process of automobiles is also constantly evolving, with complex technologies and components emerging around the world. This means that OEMs must ensure that their suppliers meet their product quality requirements if they want to compete effectively in the market.
The ASPICE standards address quality issues by evaluating software at every stage of development. It was developed by car manufacturers in the Automotive Special Interest Group (AUTOSIG) under the Automotive SPICE programme. This automotive special interest group is composed of automotive OEMs, procurement forums and SPICE user groups. ASPICE has similar principles to SPICE, but it is mainly targeted at the automotive industry and defines best practice standards for embedded software development in the automotive industry.
Why is ASPICE important to OEMs and automotive suppliers?
ASPICE is a powerful standard that assesses a company's processes at organizational, project and system levels so that automotive suppliers and OEMs can continuously monitor and improve the way things are done.
For OEMs, following ASPICE standards means they can evaluate suppliers' process quality levels and easily select suppliers that can meet their needs. For suppliers, following ASPICE standards can ensure that they meet customer needs while improving process quality. This can improve the overall quality of the product, potentially shortening time to market and reducing development costs.
The goal of the ASPICE standard is to help companies define and integrate best practices for automotive software development at all stages, including design, review, development, testing and verification. After you specify best practices for each process according to the ASPICE guidelines and show how you implement those practices, you are ready to conduct an ASPICE assessment.
ASPICE supplements existing safety and quality management standards and guidelines, such as ISO 26262 focusing on functional safety, ISO 21434 focusing on network security engineering, etc. Additionally, there is a version of Automotive SPICE for cybersecurity that guides automakers in identifying and managing cybersecurity risks in their supply chains.
ASPICE framework and static analysis
ASPICE will be divided into many process groups, including the Software Engineering Process Group (SWE) based on the V model. SWE can be further broken down into various stages of the development life cycle:
-
SWE.1-Software requirements analysis
-
SWE.2-Software architecture design
-
SWE.3-Software detailed design and unit construction
-
SWE.4-Software Unit Verification
-
SWE.5-Software Integration and Integration Testing
-
SWE.6-Software Qualification Test
For example, in SWE.4 - Software Unit Verification , static analysis and MISRA C/MISRA ® C++ coding standards are mentioned:
-
SWE.4.BP2 : Develop unit verification standards. Unit verification standards may include: unit test cases, static verification, coverage goals, and coding standards (such as MISRA® rules);
-
SWE.4.BP3 : Perform static verification of software units. Static verification may include: static analysis, code reviews, checks against coding standards and guidelines. Appendix D, subsection 6 shows: MISRA is an example of coding standards and guidelines to "evaluate," "validate standards," and "ensure compliance."
Since ASPICE is a process standard, enterprises can use static analysis tools to meet process requirements. So, for SWE.4, you can achieve static verification by enforcing coding standards using a static code analyzer.
Once your processes are in place, external assessment of ASPICE levels begins and Capability Levels (CL) are assigned based on Process Attributes (PA). Each process is assessed individually, and the overall maturity level is assessed starting with the lowest level.
ASPICE standard scoring levels
Process Attributes (PA) consist of a 5-point rating scale that determines a project's maturity:
-
Level 0-Basically met/incomplete: Meets the requirements of ASPICE to some extent;
-
Level 1 - Executable: Almost or fully meets ASPICE requirements, but may be missing components in the process;
-
Level 2 - Manageable: Delivers work product reliably and meets almost or fully ASPICE standards except for the work product;
-
Level 3 - Verifiable: Establish and set performance standards for the organization and monitor them continuously to achieve improvements;
-
Level 4 - Predictable: In addition to establishing performance standards, analyze results and produce predictable results;
-
Level 5 - Innovation: Processes are consistent, predictable and continuously improving.
Generally speaking, in order to meet the needs of customers, levels 2 and 3 are considered excellent levels, and levels 4 and 5 are extraordinary levels.
Adopting the ASPICE framework brings many benefits to both vendors and OEMs. By following ASPICE guidelines to implement best practices, organizations are better able to identify issues before a vehicle reaches the market, increase transparency into the quality and safety of automotive embedded systems, and drive product innovation with appropriate process evaluation.
How Static Analysis Tools Help Implement ASPICE Guidelines
The benefits of following ASPICE standards are many, and once your organization has a process in place to comply with ASPICE requirements, you have established a framework that can help you obtain certification to other standards. For example, despite the differences, following ASPICE can also help you follow other security standards like ISO 26262.
Powerful static analysis tools like Perforce Helix QAC can support ASPICE's process group - SWE.4 (the standard requires a static verification process to comply with coding standards). Helix QAC also makes it easier for developers to comply with automotive industry coding standards by:
-
Detect compliance issues early in development;
-
Enforce coding standards and detect rule conflicts;
-
Accelerate code review and manual testing efforts;
-
Report compliance issues across time periods and across product versions.
About the Author:
Jill Britton
Director of Compliance at Perforce
Jill Brittain has over 30 years of embedded software experience across multiple industries. She has worked as a software engineer and manager for companies in telecommunications, automotive, defense, and educational software.
Gill is now Director of Compliance at Perforce and is a committee member of MISRA. Gill holds a BA in Computer Science and Statistics from Newcastle University and an MSc in Computer Science from Brunel University London.
Article source: https://bit.ly/3RnwWnn