Hatha Systems is committed to a standards-based approach. Our Knowledge Refinery™ has been built on the foundation of international standards. This foundation combined with our industry-leading innovation provides for unprecedented comprehensive static analysis of software systems and extensive data/metadata correlation.
Static analysis is a powerful approach for culling system knowledge whether it is for the purpose of modernization, security and compliance analysis, etc. Unfortunately, until the introduction of tools like those from Hatha Systems, the tools that provide static analysis have fallen short of the knowledge extraction required to be truly useful.
A group of industry leaders, over the last seven to eight years, have been addressing the need for international standards that knit together to provide a comprehensive analysis framework. Driven by the modernization community that requires full system knowledge of the 'as is' system, which is critical for both analysis and reuse when migrating the system. This community, entrenched in system engineering methodologies and process, addressed the world of software analysis as an engineering effort, with the same rigor. This resulted in a number of standards that set the stage for comprehensive static analysis.
The standards include:
- Knowledge Discovery Meta-Model (KDM): an ISO/OMG Standard providing an ontology (a set of definitions) for system knowledge extraction and analysis.
- Business Process Modeling Notation (BPMN): an OMG standard delivering a modeling notation used to capture business/operational processes in support of system and organizational process simulation and analysis.
- Rules Interchange Format (RIF): W3C standard, this standard delivers representation used for specifying, analyzing and exchanging information about business rules.
- SBVR (Semantics of Business Vocabulary and Business Rules): An ISO/OMG standard, this specification provides a structured process for formalizing, in natural language, the existing English language representation of compliance points. The standard enables the various compliance specifications (e.g. FISMA, HIPAA, SOX, FIPs, Common Criteria, etc.) to be formalized reducing the room for different interpretations.
- Data/Metadata Storage Standards (old and new): With the emergence of the standards noted above and the need for storing this information for analysis, a set of storage standards needed to be embraced. XMI, RDBMS, and RDF (Resource Description Framework) are the three formats that are compatible with these standards.
The figure below provides a diagrammatic representation of how all the above standards knit together and deliver the foundation for software system knowledge extraction and comprehensive static analysis.
Possibilities when automated static analysis tools embrace these standards:
- Business/operational logic can be extracted to derive business/operational processes into a BPMN format for documentation, re-architecture (including SOA enablement) , gaps analysis and migration purposes.
- Rules can be extracted and correlated with business/operational terms and processes for 'as is' system analysis.
- Rules extracted in RIF format could be used to generate code or may be migrated to a business rule engine.
- System architectures, data flows and control flows can be extracted and represented visually. These representations may be used to document the 'as is' system for the purpose of modernization, compliance or security analysis.
- Code weaknesses can be discovered and then associated with the data and control flows in which they occur in order to determine their possible impact for security, safety, etc. within the context of a specific system.
- Compliance points or controls can be represented in SBVR to formalize each control, then written in kPath (the KDM querying language - planned for standards release) and placed in a reusable repository for extracting compliance knowledge of the system being analyzed.
- Configuration data can be extracted in a KDM repository for those components that do not have source code, making them part of the overall system analysis for security or modernization purposes.
Contact Hatha Systems to learn more about how to bring the power of standards to your organization.