Welcome to Coverity Resource Library where you will find up-to-date information, best practices, tips & tricks and industry research on a wide range of topics relevant to maximizing the integrity of your software in order to help ensure the safety, quality and security of your products.

  • Featured Report

    Coverity has been testing code in open source projects since 2006. This 2010 report shares everything we've found in open source, from security defects to what could be shipping inside Android devices from our analysis of the Android kernel.

    Read the Report

  • Featured Article

    A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World. This article from the Communications of the ACM, written by Coverity co-founders and technical experts, details how Coverity built a business around the unlimited supply of bugs in software systems.

    Read the Article

  • Featured Press Release

    CERN uses Coverity® Static Analysis to help find and fix more than 40,000 defects in the Large Hadron Collider software, helping CERN precisely analyze data from 600 million proton collisions per second in its quest to find new scientific discoveries about the universe.

    Read the Press Release

  • Featured Article

    Coverity Gets Code Right 25% Faster. This Forbes article profiles Coverity and its hyper-growth in the emerging development testing market.

    Read the Article

Critical Elements of a Successful Implementation Featuring Raytheon
Join Anne Frazier from Raytheon Company for this informative 1-hour webinar to learn how the Coverity development testing platform has improved their software quality.
Development Testing: A New Era in Software Quality
Join Dave West, a leading Forrester Analyst, for the next Coverity webinar, and gain real-world insight into applying development testing to deliver innovative software faster.
Development Testing: The Missing Link in ALM
The link between software defects and business risk, including delayed time-to-market and lost customer satisfaction, is undeniable. To remain agile today and avoid quality control problems late in the cycle, requires that testing be expanded beyond traditional QA testing into development.
Find Out What's New in Coverity 5.5
Coverity 5.5, the industry's first development testing platform, is a groundbreaking release which delivers up to a 10x improvement in analysis speed, the most accurate analysis results, the new integration FindBugs™, and is fully integrated into the development workflow so developers can run the analysis from their desktop, as part of a central build or continuous build with the new Jenkins CI integration.
Get Ahead of Code Defects: Development Testing with Coverity 5.5
Software defects can result in headline news and millions in lost revenue, yet finding and fixing defects can be labor intensive and slow down innovation - until now. The Coverity 5.5 Development Testing Platform delivers groundbreaking analysis speed, the most accurate results and integrates seamlessly into the development workflow enabling developers to quickly find and fix defects and focus on their core task of delivering innovation.
Gain Visibility and Control Over the Risk in Your Software
This informative 60 minute webcast will walk you through best practices for implementing effective software code governance in your development organization, from defining code quality policies to getting a consolidated view of your project--by component, supplier, or team--to identifying the exact location and nature of quality problems when policies are not met.
Is Untested Third-Party Code Threatening Your Business?
In this hour webinar, hear Chenxi Wang from Forrester Research. Share her key findings of the recently released Forrester Consulting Software Integrity Risk Report and specific steps you can take to reduce the risk of these threats to your business.
Best Practices for Tackling Security Early in Development
In this 60 minute webcast, join our trio of security and development experts, Robert Seacord, of the Computer Emergency Response Team (CERT), Yinian Mao, Staff Engineer at Qualcomm and Michael White, Professional Services Engineer at Coverity as they discuss the security challenges that software organizations are facing today, along with the ROI and real-world best practices to effectively address security early in software development.
Protecting the Integrity of your Brand with Your Software Supply Chain
In this 60 minute webcast, hear Jason Cooper from ip.access and Ken Cheney from Likewise Software discuss how Coverity's solution has helped them preserve the integrity of their brand by verifying the integrity of their third-party software, and how identifying and fixing software errors early in the development cycle has helped them meet rapid time to market schedules and reduce software risks.
Cracking the Code: A Look at the Google Android Kernel
In this 60 minute webcast, hear Andy Chou, Chief Scientist and Co-Founder of Coverity, recap the Android kernel code testing results and progress made since the release of the Coverity Scan 2010 Open Source Integrity Report. While he provides OEMs with recommendations to help gain visibility into their software supply chain.
Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain
Learn about the evolution of infotainment and telematics, and how development testing can help ensure software quality and security to keep your company out of negative headlines, reduce the strain on your resources, and reduce liability across your supply chain.
The Proven ROI of Development Testing: An in-depth analysis of Coverity customer experiences
Do the benefits of static analysis justify the cost and effort of adopting a new technology? This paper, based on in-depth interviews with Coverity customers from a range of industries, investigates that question by looking at the actual value achieved in real-life implementations.
Accelerate Development Velocity and Reduce Costs with Automated Code Testing
Software code is integral to the financial services industry: it drives banking systems, trading activity and even mobile payments. Manual code testing has become neither practical nor feasible: an automated Development Testing solution is needed to assure the quality, safety and security of financial software.
Supporting ISO 26262 with Coverity Development Testing
To help address vehicle safety, The International Organization for Standardization, ISO, has put forth ISO 26262 for road vehicle functional safety. The standard was created to provide guidance to avoid the risk of systematic failures and random hardware failures through feasible requirements and processes.
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Security breaches in software and mobile devices are making headline news and costing companies millions in lost revenue and damage to brand equity. As more people conduct increasingly sophisticated and sensitive transactions, the stakes around software security are rising. Plus, the software and platforms are becoming increasingly complex with multiple components coming from third-party suppliers.
Development Testing for Agile Environments
More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive and capitalize on market opportunity. Increasingly companies are turning to Agile development methodologies for rapid iterative development cycles and the promise of improved efficiency and faster time to market. Read this white paper to learn how developer testing with Coverity® Static Analysis seamless integrates with existing Agile development methodologies and tools helps maximize development efficiencies.
Effective Management of Static Analysis Vulnerabilities and Defects
According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their costs and deliver products faster to the market. One of the primary methods used for development testing is static code analysis which helps organizations find critical defects in their code earlier in the lifecycle.
Coverity Development Testing Solution for Medical Device Software Validation
Medical device manufacturers at the forefront of innovation rely heavily on software to build devices that help patients lead better lives. Learn how Coverity's development testing solution can help ensure that code defects do not slip into the field, and how organizations can meet certain regulatory guidelines identified for software validation by the FDA to control the quality, reliability, and safety of software throughout development.
Controlling Risk Through Software Code Governance
Today's headlines are filled with stories about catastrophic software failures and security breaches; medical devices being recalled, gaming systems getting hacked, and credit card information becoming compromised. These events cost companies millions of dollars in brand equity, lost revenue and result in the erosion of customer loyalty and in the most extreme cases; deaths.
A Look Inside the Android Kernel with Automated Code Testing
Using a case study of the Android kernel, learn how automated code testing via static analysis offers a way for vendors to get visibility into the integrity of software they include in their devices, and gain confidence in what is shipping in their product and under their brand.
Meeting DO-178B with Coverity Integrity Center
Organizations that develop safety critical software for use in airborne systems, or any other safety-critical device or application, can benefit from using solutions that help automate compliance with DO-178B. This white paper will discuss how the Coverity Integrity Center can help organizations with specific software verification guidelines as outlined in DO-178B.

Frequentis
Frequentis develops highly reliable communication and information systems for safety-critical applications. Its market leading control centre solutions, products and services are used by customers in a variety of mission critical public and private fields such as air traffic control (civil and military); emergency services (police, fire departments, and ambulances); maritime systems; and railways and public transport.

Schneider Electric
Schneider Electric (Schneider) is a global leader in energy management, developing solutions to make energy safe, reliable, efficient, and productive from plant to plug. In 1999, Schneider's Automation and Control software division started to develop a new automation system called Unity, a solution to automate manufacturing control systems, machine equipment and related applications.

ip.access
Headquartered in Cambridge in the UK, ip.access makes market-leading small cellular base

Improving Scientific Research: CERN and Coverity® Static Analysis
Watch a brief video interview of Axel Naumann from CERN, the European Organization for Nuclear Research. Axel describes how Coverity® Static Analysis has significantly improved the integrity of the source code found across a number of projects analyzing data from CERN's Large Hadron Collider.

Sun Microsystems
For customers of Sun Microsystems' long-term storage products, quality is rarely an issue. Sun is a global leader in network computing infrastructure solutions with well-known brands such as Java, Solaris, MySQL, and StorageTek. The StorageTek-branded products, including the T10000 and T9840 tape drives and the SL8500, SL3000, and SL500 tape libraries, are particularly noteworthy as it relates to product reliability and quality.

Sega
The game industry is constantly evolving. As technical capabilities increase, so do consumer desires. This has led to the expansion of game categories along with the sophisticated technical requirements for higher quality graphics. Today’s game developers are writing code that renders photorealistic games by taking advantage of advanced shading technique that requires both the CPU and GPU.

Supply Chain Demo
View this demo to learn how Coverity automates code testing of in-house and third party supplier code, providing OEMs with an objective measurement of quality and security by which they can hold their suppliers accountable, and visibility to gain confidence about the third party code they are shipping as part of their product-and under their brand.
Coverity Dynamic Analysis Demo
View this demo to learn how Coverity's development testing solution can be used to dynamically analyze applications at run time to point-point concurrency defects in multi-threaded Java applications.
Coverity Architecture Analysis Demo
View this demo to learn how Coverity® Architecture Analysis allows you to visualize code the code structure and enforce policies to manage software complexity.
Coverity Static Analysis for the Desktop
View this demo to learn how Coverity's development testing solution can be used to find and fix defects on the development desktop within the developer IDE. With out-of-the-box plug-ins for Microsoft Visual Studio and Eclipse, developers can ensure that all code changes are analyzed and the reported are fixed before checking-in code into the central build repository.
Coverity Static Analysis Demo
View this demo to learn how Coverity® Static Analysis helps developers and development teams find and fix hard-to-spot, yet crash causing defects early in the development cycle.
Coverity Connector for HP ALM Demo
View this demo to learn how the Coverity® Connector for HP ALM integrates Coverity's development testing suite into HP ALM workflow to allow development traceability across the application development lifecycle.
Coverity Integrity Control for FDA Compliance
View this demo to learn how Coverity® Integrity Control provides out-of-the-box policy management that allows organizations to meet the FDA guidelines for software validation using the Coverity development testing solution.
Identify Risks to Project and Schedules Demo
View this demo to learn how Coverity® Integrity Control allows you to identify the risks to software development projects and schedules, improve development process efficiency, and ease development tool adoption.
Enforce SLAs with Third Party Suppliers Demo
View this demo to learn how Coverity® Integrity Control can be used to enforce service level agreements (SLAs) for software code quality and security with third-party software providers.
Centrally Manage Geographically Distributed Teams Demo
View this demo to learn how Coverity® Integrity Control can be used to manage geographically distributed software development teams.
Integrity Control for DISA STIG Demo
View this demo to learn how Coverity® Integrity Control provides out-of-the-box policy management for sites designing, developing, and testing software for defense systems to meet the DISA STIG guidelines.
Forrester Consulting – Development Testing: A New Era in Software Quality
Software is increasingly becoming a key part of any business' ability to compete. Speed and innovation have risen to the top of the to-do list for software delivery teams. In parallel, software delivery teams are looking to deliver their applications on a growing list of platforms and channels. The result is the need to build software faster, demonstrating more innovation in an environment of increased complexity. Those objectives translate into an ever-changing software development team that is applying more Agile approaches, using different technologies, and executing different practices.
Forrester Consulting – Software Integrity Risk Report
Get the free report exposing the critical link between business risk and development risk across the software supply chain.
voke Research Market Mover Array™ Report: Testing Platforms
Coverity has been rated as a Transformational company in the voke, inc. Market Mover Array™ Report for Testing Platforms. Coverity's rating is recognition of the impact that Coverity's software integrity strategy is making in shaping the future of the testing market.
Coverity Scan 2010 Open Source Integrity Report
Get the free Coverity Scan 2010 Open Source Integrity Report featuring the Coverity Software Integrity Report for the Android Kernel.
Coverity Services Datasheet
Coverity has helped over 1,100 customers around the globe assure the quality, security and safety of their software through development testing. By finding and fixing defects early in the development lifecycle, we’ve helped our customers lower their costs and risk, accelerate time to market and improve developer productivity.
Coverity Static Analysis for Java
Coverity helps Java developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors.
Coverity Connector for HP ALM Software
Coverity Connector for HP ALM connects development to QA and the business by incorporating code quality into the overall definition and view of application quality.
Coverity Coverage for Common Weakness Enumeration (CWE): Java
Coverity® Static Analysis coverage for CWE 2.0.
Coverity Coverage for Common Weakness Enumeration (CWE): C/C++
Coverity® Static Analysis coverage for CWE 2.0.
Coverity Integrity Control
Coverity® Integrity Control provides a robust solution for software code governance and control.
Coverity Architecture Analysis
Coverity® Architecture Analysis visualizes architectural structure and dependencies in large, C/C++ and Java code bases.
Coverity Dynamic Analysis
Coverity® Dynamic Analysis helps developers, QA, and test engineers quickly identify hard to diagnose defects in multi-threaded Java applications.
Coverity Static Analysis
Coverity® Static Analysis helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors.

Connect