certitudo – Defence


Military systems contain software everywhere. Weather it is to plan troop movements, for logistical tasks, such as supply lines, to precisely position an artillery piece using control handle or to guide projectiles automatically to their target.

All of these systems must work fault-free at all times and in all climatic environments (temperature, pressure, humidity, etc.). For these reasons testing, verification and validation of the software systems are indispensable.


Standards conformity

We work to the following standard

  • IEC 61508 „Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems”


Software development process

As a service provider we support you during all phases of your software development process. Our employees are highly experienced in all fields relating to the software development process for your specific military application, starting with setting up of requirements (Requirement Engineering) and by defining suitable architectures and designs, source code analyses, the various test stages and also verification and validation. To us it does not matter whether your development process is based the waterfall model, the V model or an agile development approach (e.g. SCRUM). We are familiar with all of them.


Verification and validation

For the field of verification and validation we are your competent partner, too. We have several years of experience in verification and validation projects. In cooperation with you we will set up the optimum verification and validation strategy. We will also practically support you in implementing this within the projects.


Requirement Traceability

The Requirement Traceability is a core approach to establishing whether your military application meets the necessary requirements and therefore meets the intended use you require. A matrix is used to show the relationship between requirements to the test cases and the test results. Tis matriy then helps to determine the coverage of the requirements by the system or the product per release. If a requirement is not linked to a test case or the linked test case has not been carried out, there is a requirement coverage gap. This gap must be evaluated in relation to the functional effects on the system or product and must potentially be closed. If a test case could only be conducted with a negative test case, the functional effects on the system or product must be evaluated applying a fault analysis.

certitudo GmbH has successfully applied the requirement traceability procedure in numerous projects. We can support you by technically drawing up the requirement traceability matrix as well as the evaluation of the requirement traceability matrix.


Reference Project

The German Federal Armed Forces (Bundeswehr) are planning to replace the armoured personnel carrier “Marder” with the armoured personnel carrier “Puma”. Apart from two main sub-contractors there are a number of further companies working on this project. One of these companies is tasked to develop the control handles for the control of the target setting in azimuth and elevation to position and align the installed components panoramic periscope, weapons optics and main weapon (machine cannon and machine gun) and WA MELL. The readings angles in azimuth and elevation, status information of the operations monitoring and the switching status of the operating elements are sent to the system computer of the personnel carrier via a CAN bus interface. Switching states of certain operating elements are available at the interface as discreet signals.

For this project certitudo GmbH was tasked with planning and executing the verification and validation activities of the software components. This required to provide evidence in line with IEC 61508 SIL2. After having set up the standards conform verification and validation strategy, a specifications structure was built together with development from which it was possible to derive the development and test activities in an optimum manner. We carried out the planned verification and validation activities as part of the process which made it possible to detect and rectify deviations in early phases of the processes. During the last phase of the project certitudo handed over the verification and validation activities to the employees of the company, applying a project accompanying know how transfer.

The project was concluded by the consultant confirming that the development was conforming to standard IEC 61508 SIL2. The component control handles armoured personnel carrier Puma could be produced.