CRAQ - Certification

Objectives of the project

The issue of certification and / or labeling can take various forms depending on the aspect that should be certified :

• The evaluation of some aspects is already governed by a standard certification following models that are standards of fact or law. For example, the models defining the level of maturity of software processes of an enterprise (the CMM which is a de facto standard in the U.S. and the Spice model becoming an ISO standard), standards defining software security levels (the Orange Book U.S., the European ITSEC and their more recent development: the common criteria). For these aspects, the objective of the centre was to become the regional point of reference with accredited assessors and, where appropriate, the necessary adaptation of these models to the regional reality.
• Evaluation of other aspects such as compliance with specifications or compliance with the ergonomics is based on various criteria and pointy that are not necessarily covered by a standard.

For these aspects, it is desirable to have specific and public criteria for evaluating and that they are applied in a uniform manner. In this case, the centre had to be such a reference, which has a high level of technical expertise and a total independence from the market players. It provides the necessary assessments and shall publish its criteria for giving out the status label and the necessary recognition. A suitable tool is also necessary to conduct these evaluations in an objective manner.

Through the production and dissemination of these criteria, CETIC also plays an advocacy role in the ICT market in general. This sensitization is an integral part of its missions.

Results of the project

To support the objective assessments underlying the certification process CETIC developed “D-Side Dashboard, a decision aid tool” to support project managers, quality engineers and software developers. This tool allows identifying weaknesses of the source code. For each profile, a dashboard is created specifically to improve their decision-making in the early stages of development.

Since then, several companies have asked the CETIC an opinion regarding the use and quality of third party software. The arguments, analysis and methods adopted by CETIC have always been a success.

About its position as a reference center for certification, CETIC has become a widely involved actor in various regional and federal groups, such that the label eTIC, the working group on the electronic identity card and the working group on the establishment of an evaluation using the common criteria in Belgium.

Added Value for Industry

Project 155 developed D-Side Dashboard, a tool for analysis of code. The results given by this tool are presented as a dashboard composed of graphics. Each graphic answers a question about the quality of an application. This software was used within many societies. Generally, these missions consist of the drafting of reports of static analysis of code. The companies which benefited of this expertise are, for the majority, active in the design of software for which quality is a vital criterion. D-SideDashboard was even implemented at a partner.