Assessment of implementation of network communication consists of two analyses: static code and dynamic analysis. At first, the code which deals with communication within the given system (e.g., connection of the camera to the cloud) must be implemented according to feature requests or bug reports. The code is then inspected in static code analysis.

Static code analysis uses either general analysers which are available in well-known static analysis frameworks (for instance, but not limited to, Infer or Frama-C). The targets for the analyses are general software quality issues like memory related bugs, synchronisation bugs, or general software weaknesses. Static code analysis can also incorporate purpose-specific analysers which focus on, e.g., performance or cyber-security related problems. The results from static code analyses can be used not just by developers to fix the code but it can sometimes be used to locate possible weakness which should be further inspected by dynamic analysis during runtime. The execution of static analysis is fully automated, but the results must be processed manually.

Dynamic analysis of a design and an implementation of communication of the system is based on simulated fault-injection of a network link. The method requires one to clearly specify the communication nodes, communication parts, and prioritize which parts of communication are sensitive on communication link reliability, stability, and speed. The method incorporates a tool which can automatically introduce faults on selected network flows which simulate connection loss, connection delays, or man-in-the-middle attacks.

The activity ends with generation of the overall report of the assessment.