Coverity and Wind River alliance to squash bugs during development

Coverity and Wind River have teamed to integrate Coverity's development testing platform for security with Wind River's embedded software, it was announced.

According to a release, the Coverity SRL will continue to focus on security vulnerability research, investigating and uncovering the root cause of new and existing vulnerability-causing defects that exist in software code.

M2M (machine-to-machine) technology is making gains every day, and to sustain this growth, many in the industry are thinking proactively about how to protect our data, our devices, and our systems. In fact, it’s safe to say privacy and security are never far from our minds in a connected world.

Coverity will offer an evaluation edition of Coverity Static Analysis, pre-configured for Wind River Workbench, supporting both Wind River Linux and Wind River’s VxWorks real-time operating system (RTOS).

This week, Wind River partnered up with Coverity to integrate Coverity's development testing platform for security with Wind River's embedded software.

Coverity is readying an evaluation edition of a security analysis package pre-configured for Wind River Workbench and Wind River Linux. Coverity Static Analysis for Wind River Workbench integrates security within the embedded development process, identifying vulnerabilities as code is written, according to Wind River.

For a company purchasing software components, implementing quality assurance methods can improve and support the brand by ensuring that externally sourced code is held to a high standard.

In this reprinted #altdevblogaday in-depth piece, id Software co-founder and technical director John Carmack shares his experiences with static code analysis and explains why it's irresponsible to not use it.

The most important thing I have done as a programmer in recent years is to aggressively pursue static code analysis. Even more valuable than the hundreds of serious bugs I have prevented with it is the change in mindset about the way I view software reliability and code quality.

If hackers love one thing, it’s a big pool of potential targets, which is why Android and Windows platforms are attacked far more often than BlackBerry and Mac OS X. So, it’s no surprise that as the installed base of multicore processors has grown, they’ve become a potential target.

To stop software failures, a new software category – called development testing – is finding its way into corporate IT budgets. I spoke with the CEO Anthony Bettencourt of Coverity, the company leading this market, about its development testing technology and what’s driving demand.

It is amazing how much software is in a modern automobile. Estimates range from 10 million to 100 million lines of code in a modern automobile. That is enormous.

As software gets more capable it gets more complex, and the more complex it is, the more difficult it is to get right. A single line that is wrong with software can take down an entire software system.

If you look at the competitive space, there were products that did minimal standards enforcement, but they were not used widely by developers. Since then, many competitors have cropped up who use this core technology in security, quality, embedded software, enterprise Web applications, and many other vertical markets.

We had a definitive advantage of coming out of a university. We have access to prototype funding, research & development, and quality talent. We had the freedom to explore our ideas without having constraints of a business.

Spotting problems before they expensively emerge has proved to be a rich vein for Coverity Inc. It is helping large companies like Bayer, Boston Scientific, Chicago Trading Co., Lenovo, Level 3 Communications, Lockheed Martin, Medtronic, Mitsubishi Electric, NEC, Raytheon, Siemens, Yahoo and unnamed auto manufacturers search early on for errors.

In the world of static analysis the idea is to take the source code for a program, dissect it and digest it, and then analyze all of the different paths through that program. We can then semantically detect problems along a specific path such as buffer overflows or a pointer reference error.

Andy Chou is the co-founder and chief technology officer of Coverity, a development testing company. Prior to co-founding Coverity, Andy was instrumental in developing the core intellectual property behind the Coverity platform while earning his Ph.D. in computer science from Stanford University.

Two software quality experts argue that inspections are the defect-prevention technique of choice. The companies that are most likely to use inspections are those that look for software quality best practices and adopt them. It's telling that all organizations and industries most committed to quality tend to use pretest inspections.

You can't govern what you can't see. As simple as this axiom might sound, it holds true for industries of all types. It holds particular relevance to the IT industry since many critical processes that an entire business depends on runs under the hood in complicated code scripts and millions of lines of code.

Multi-threaded applications are becoming more sophisticated as multicore and many core platforms become the norm even for embedded applications. I recently spoke with Andy Chou is, Co-Founder and Chief Technology Officer of Coverity about development challenges and how static and dynamic analysis tools can address a range of issues including security defects.

I've recently come across an EE Times article written by Coverity stressing the benefits of static analysis and how it can help finding potential issues in the code early.

As with most other industries in the last decade, the medical device sector has seen a tremendous increase in the amount of software used in its products. According to the Institute of Medicine (IOM), medical device manufacturers increasingly are relying on software to build new devices and to add new capabilities.

Coverity, a provider of software development testing products, has released the latest version of its development testing platform, Coverity 5.5. In the new release, Coverity has improved the analysis speed and accuracy of its core technology, the Coverity Static Analysis code-analysis engine, and has enabled the product to integrate with the Visual Studio and Eclipse software development IDEs.

A maker of software development testing tools, Coverity, has released version 5.5 of its testing suite and is announcing its integration with HP’s application lifecycle management (ALM) platform, which is used by thousands of enterprises and other businesses to develop software applications.

In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbed RageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.

In an analysis of the Android 2.6.32 kernel performed in November 2010, static-analysis firm Coverity found 0.47 defect per line of code -- better than the software industry as a whole. Yet in chasing down the source of flaws, Coverity found that only a few ended with Google.

On October 3rd, Coverity announced Coverity 5.5, a new release of their development testing platform, along with integration with major ALM vendor HP. Coverity provides static analysis of machine code uncovering defects early in the development lifecycle. Though code analysis is available for  Java, C, C++ and C# code, Coverity has a growing user base in the Java community.

In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbedRageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.

Coverity has updated its development testing suite so that its results can be displayed directly from within the HP ALM (application lifecycle management) suite software, Coverity announced Monday.

Coverity has updated its development testing suite so that its results can be displayed directly from within the HP ALM (application lifecycle management) suite software, Coverity announced Monday.

Coverity has updated its development testing suite so that its results can be displayed directly from within the HP ALM (application lifecycle management) suite software, Coverity announced Monday.

Coverity has updated its development testing suite so that its results can be displayed directly from within the HP ALM (application lifecycle management) suite software, Coverity announced Monday.

Companies are increasingly collecting amounts of digital information that are so large as to be unwieldy. It's no surprise that finding a way to securely store, categorize and recall this information efficiently is a huge advantage for any enterprise or organization.

Coverity 5.5 adds integration with FindBugs™, Jenkins Continuous Integration Server and up to 10x improvements in analysis speed in tests on the most complex codebases. Coverity, Inc., the development testing leader, today announced the industry's first developer-friendly and enterprise ready development testing platform, Coverity 5.5.

Coverity 5.5 adds integration with FindBugs™, Jenkins Continuous Integration Server and up to 10x improvements in analysis speed in tests on the most complex codebases. Coverity, Inc., the development testing leader, today announced the industry's first developer-friendly and enterprise ready development testing platform, Coverity 5.5.

Results from Coverity's bug-finding tools can now be viewed directly from within HP's Application Lifecycle Management suite. Coverity has updated its development testing suite so that its results can be displayed directly from within the HP ALM (application lifecycle management) suite software, Coverity announced Monday.

Coverity has updated its development testing suite so that its results can be displayed directly from within the HP Application Lifecycle Management (ALM) suite software, Coverity announced Monday.

Under the weight of petabytes of annual data, physicists find clarity with data accuracy application. The search for a particle that may unlock secrets of the origin of the universe was made clearer with data quality and software testing tools used in everyday business.

The world's largest physics lab and everyone's favourite particle accelerator has been in the news more than once this last week.Firstly, CERN scientist Antonio Ereditato revealed that recent large hadron collider results suggest subatomic particles may have gone FASTER than the speed of light.

In this podcast, Axel Naumann describes how CERN used Coverity testing software to root out problems in its massive Root codebase used to analyze results from the Large Hadron Collider. The LHC is all about Big Data, generating over 15 Petabytes of information per year.

Don’t ask how but GoMo News ended up chatting with CERN’s Axel Naumann at a meal hosted by Coverity in a cheese restaurant in London’s Marylebone district. Naumann works for the European Organisation for Nuclear Research – better known as CERN.

In this podcast, Axel Naumann describes how CERN used Coverity testing software to root out problems in its massive Root codebase used to analyze results from the Large Hadron Collider. The LHC is all about Big Data, generating over 15 Petabytes of information per year.

Coverity, a key player in the software development testing market has just released the testing stats relating to the software that runs the European Organisation for Nuclear Research, CERN’s Large Hadron Collider.

As news of CERN's astonishing discovery of particles travelling faster than light reverberates around the globe, the role of code testing experts in the success of the nuclear research body's pioneering work was highlighted this week. Coverity, which offers a suite of products to test source code for potentially critical software flaws, announced that it has been working with CERN.

Particle physics lab CERN has announced it may have discovered faster-than-light neutrino particles today. The result could rewrite the laws of physics – but scientists must first work hard to eliminate all possible sources of error from the experiment.

CERN Deploys Coverity Static Analysis and Fixes More than 40,000 Defects in Large Hadron Collider Software. Coverity® Static Analysis tests 50 million lines of software code in Large Hadron Collider software, helping CERN find and fix more than 40,000 defects. Coverity helps to more precisely analyse data from 600 million proton collisions per second, in CERN’s quest to find new scientific discoveries about the universe.

The European Organisation for Nuclear Research (CERN) is using software development testing vendor Coverity's Static Analysis package to test the software CERN's scientists write and use for analysing data from its Large Hadron Collider experiments.

CERN reckons the bugs had helped muddy results from the LHC, throwing them off the Higgs-boson scent. Further, there were programs built by those 10,000 scientists that could never be properly tested prior to Coverity.

This is a guest blog written by Rutul Dave of Coverity. The company is focused on software developer defect tracking issues relating to software integrity; as such, its products and services tackle source code analysis tasks.

Agile development is known for being cheaper, faster, and quicker to respond to changing market demands, as compared to the slower but steady, sequential process of the waterfall method. And while Agile may be more suitable for projects that are amenable to its speed and quick reaction time, traditional waterfall industries are starting to see the value of using this methodology.

A well-known prediction by Gartner stated that by next year, agile techniques will be used in 80 percent of all sofware development projects. Statistics like that are growing proof that if you're not on board the Agile Train by now, you'd better hurry or risk being left at the station.

There is an interesting debate going on in Washington right now over a report by the Institute of Medicine released last Friday – July 29th, 2011. The Institute of Medicine, a group consisting of physicians, academics and lawyers is making an argument for a tougher approval process through the Food and Drug Administration (FDA) for a wide variety of medical devices including defibrillators and hospital pumps.

Is it possible to have a new twist on the seemingly endless debate between advocates of Agile software development and those of the waterfall model? Some people, including Coverity's Rutul Dave, think so. Coverity is a provider of code-testing products.

Coverity provides static analysis tools to improve the quality and security of applications. I talked with Rutul Dave, Senior Development Manager at Coverity, about multicore development issues and how tools like their Coverity Integrity Control address these problems.

Recently, Coverity Inc. commissioned the "Software Integrity Risk Report," a study conducted with Forrester Consulting with an eye on quality and the software supply chain. More than 330 software development influencers were surveyed about their policies for managing software quality, security, and safety.

Most developers would agree that consumers of software today continually demand more from their applications. Because of its pace of evolution to date, the world now anticipates a seemingly endless expansion of capabilities from their software, regardless of where that software is applied.

As our dependence on software grows, so does the sheer size of software and its complexity. Software is used to achieve essential functionality in everything from the latest games on the smart phones to sophisticated control systems in airplanes.

This is a guest post by Rutul Dave of Coverity, a company that builds tools and technology to equip developers with resources, techniques and practices to help maximise the integrity of software.

Mission- and safety-critical applications leave no room for error when one software bug can prove disastrous, so everything has to be right. And, with software sources diverging from in-house to outsourced and other third-party suppliers, bugs can be hiding in all sorts of cracks and crevices in the code.

You’ve been diligent and used static code analysis to identify defects early during development. Great. So now what? Finding defects is just the first step in the process of ensuring software integrity. Contextual information on every identified defect is essential to prioritize fixes and maintain bug-free software.

Continuing our discussion on the different forms of the software supply chain, this month we look at the best practices for software governance for internal software supply chains. An internal software supply chain results when multiple teams work together on components of a system and there is a handoff or integration of these components before they can be assembled into a functioning product.

When it comes to managing software many IT organizations are between the proverbial rock and a hard place. The business is more dependent on software than ever before and yet most of that software has never been more fragile.

Do you trust outside software developers more than in-house software developers? Such may often be the case according to a recent survey conducted by Forrester Consulting on behalf of software tester Coverity. The news is a bit unsettling.

Seventy percent run security, vulnerability assessments on internal code, but only 35 percent do the same for third-party code they bring in-house, Forrester/Coverity report finds

Coverity's Software Integrity Risk Report examines code quality in America and Europe. Coverity has announced the results of the "Software Integrity Risk Report," a commissioned study conducted by Forrester Consulting on behalf of the company to examine developer trends in software code quality.

There is a widening gap between the quality standards that businesses apply to the software they develop in-house and the software they get from other providers. Seventy percent of companies conduct security or risk assessments on their own code, while just 35 percent conduct those assessments for third-party software, according to a report from Forrester Research.

More than 40 per cent of firms using software from third parties said that poor integrity of the code had contributed to delays or recalls, security flaws or increased code development time, leading to an impact on their revenues.

Less than 50% of third party code is tested for quality and security in development.

Research just published by Coverity, a software integrity specialist, claims that less than 50% of third party program code is tested for quality and security at the development stages.

Here's a look at some of the newest ALM-related products and updates hitting the market: Seapine Software has released Seapine ALM 2011.1, an updated version of its application lifecycle management tool suite, which comprises the various TestTrack products and the Surround SCM, QA Wizard Pro and Seapine CM tools.

It's no secret that companies of all kinds use third-party software in their own products. Mobile OEMs are a great example--new phones often contain code from of hundreds of code suppliers--both open source and proprietary.

Those looking for good news when it comes to healthy software development hygiene are going to be soundly disappointed by today's news.

Coverity, a company that helps developers reduce defects and increase security in their software, announced the results of its "Software Integrity Risk Report" today.

CSO - Those looking for good news when it comes to healthy software development hygiene are going to be soundly disappointed by today's news.

In a study conducted by Forrester Consulting, commissioned by software security firm Coverity, 336 people involved in software development in North America and Europe were surveyed on their current practices when it came to managing software quality, security and safety.

Despite all of the talk surrounding the importance of software quality, a study released today shows few companies are walking the secure development walk.

When it comes to testing under-development software for bugs and potential security flaws, many businesses today will assess code developed in-house. But almost half fail to require similar checks for any third-party code that also goes into their products.

Even in small software development policies and guidelines are necessary for high architecture and code quality. Software engineers might feel confined by coding and design conventions. However, software systems tend to become inexpressive and complex when every code contributor introduces her own policies.

According to Coverity, this latest release will mean that companies can automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third party suppliers, whilst enabling gaining deep visibility into development risk across the software supply chain.

Coverity, a software service provider, has unveiled new Integrity Control offering for code governance that enables software development organisations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested.

Our round-up of intriguing new products from BeyondTrust, Packet Motion, Polycom among others. With Coverity Integrity Control, companies can automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third-party suppliers, gaining deep visibility into development risk across the software supply chain.

These days software development teams are often spread across the country or the world. Outsourcing and third party suppliers add to the challenge of managing large software projects. Tools like Coverity's Integrity Control are designed to reduce the development risk by providing greater visibility across the software supply chain.

This week, McAfee upgrades Facebook protection to block all kinds of nasty bugs from getting in, GFI offers SharePoint log management for site governance, Coverity releases its upgraded code governance offering, while Zylab offers e-Discovery software that includes audio content identification.

Software integrity firm Coverity has just released Coverity Integrity Control, a new solution for code governance that enables software development organisations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested.

It’s not uncommon for IT organizations to deal with two trends that wind up pulling the company in opposite directions. On the one hand, we have a general shift towards application development and testing in the cloud as IT organizations look to reduce the amount of IT infrastructure they need to support on premise.

Coverity, Inc., the software integrity leader, today announced the release of Coverity Integrity Control. Coverity Integrity Control is a new solution for code governance that enables software development organizations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested.

With Coverity Integrity Control, companies can set and manage code quality and security standards and identify suppliers or teams that are introducing code risk or slowing time to market. An executive heat map offers a single-pane view of code sources, including suppliers, projects, and teams, to identify which entity is in violation of code integrity policies. Developers also can use the heat map to determine the context of a code problem.

With Coverity Integrity Control, companies can set and manage code quality and security standards and identify suppliers or teams that are introducing code risk or slowing time to market. An executive heat map offers a single-pane view of code sources, including suppliers, projects, and teams, to identify which entity is in violation of code integrity policies. Developers also can use the heat map to determine the context of a code problem.

With Coverity Integrity Control, companies can set and manage code quality and security standards and identify suppliers or teams that are introducing code risk or slowing time to market. An executive heat map offers a single-pane view of code sources, including suppliers, projects, and teams, to identify which entity is in violation of code integrity policies. Developers also can use the heat map to determine the context of a code problem.

With Coverity Integrity Control, companies can set and manage code quality and security standards and identify suppliers or teams that are introducing code risk or slowing time to market. An executive heat map offers a single-pane view of code sources, including suppliers, projects, and teams, to identify which entity is in violation of code integrity policies. Developers also can use the heat map to determine the context of a code problem.

Coverity, Inc., the software integrity leader, announced today the release of Coverity Integrity Control. Coverity Integrity Control is a new solution for code governance that enables software development organisations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested.

New to market this week is Coverity's Integrity Control solution for code governance, code quality, and security policy control. The product is presented as a route for developers to manage, monitor, and report on policies as code is developed and tested.

The largely successful philosophy of why-build-when-you-can-buy has inspired Original Equipment Manufacturers (OEMs) building software and systems to buy software components from third-party providers. Every software module within the system, regardless of its source, is an integral part of the OEM brand. Hence, it is necessary that every piece measures up and is tested.

Researchers are focusing on vulnerabilities in cell phones, but manufacturers and carriers are still stuck in the 90s. The inability of cell phone makers to speed their reaction time to vulnerabilities continues to leave businesses vulnerable to attacks on mobile devices, according to recent research.

Open source mobile operating systems such as Android are becoming increasingly vulnerable to security defects and exploitation by hackers because of the speed with which products are being rushed to market.

One of the biggest debates rocking much of the application development world is how to best handle application testing in a world that is increasingly being dominated by agile software development methodologies.

This article discusses the repercussions of embedded software failure within such industrial segments as automotive, medical and mil/aero, looks at examples of erroneous code to look out for when looking for defects, and the different initiatives that drive software safety benchmarks such as DO-178B, FDA, and MISRA.

CBR talks to the boss of 'developer-side' testing firm Coverity about whether the business is 'old hat' and what the analysts think. Anthony says, "It's simple; wake up to the importance of developer-side, early defect catching - or you'll pay the price. What we do for companies is stop them ending up as a result on the pages of the FT, New York Times and Wall St Journal."

Andy Chou discusses "The increasing liability of the expanding software supply chain" (see page E9). In an increasing number of industries, development organizations are building their proprietary software from a combination of third-party open source and legacy code. The defense and aerospace industries are no different. Many defense organizations take a "system of systems" approach that requires integration of multiple commercial off-the-shelf (COTS) software of unknown pedigree (SOUP) and open source components. Read the full article in the GSN 2011 Guide to IT Security.

Open-source code is ubiquitous these days, and it is hard to find a better deal than a high-quality, free implementation of a component with a thriving and innovative community surrounding it. We’ve been working with more than 260 open-source projects since 2006 to help them find and fix software defects through our Coverity Scan initiative. Here are some of the lessons we’ve learned.

In this interview with Threatpost's Paul Roberts, recorded at the RSA Security Conference in San Francisco, Chou said that mobile device software vendors face many of the same risks that PC giants like Microsoft did a decade ago. As with the Windows operating system before it, mobile OSs like Android and IOS are only as good as their underlying code.

Coverity's technical director doesn't believe in surprises. The company has a triage process for resolving defects, in timely fashion, to help develop secure applications. It has clients across the globe, including financial giants such as Barclays.

In an increasing number of industries, development organizations are using less of their own code developed in-house and more codes that come from third parties or open-source projects. The extended software supply chain is a business necessity, as go-to-market times are shortened and customer demand for new device features has increased.

Functionality of avionics software continues to expand. Additional software capabilities bring many more lines of code, and greater opportunity for error.

When it comes to mobile security, Apple's iOS platform might get the nod over Android, according to security software maker Trend Micro.

As in most any year in the modern age, 2010 saw its share of problems due to programming errors, bugs and other shortcomings.

On Tuesday software-scanning firm Coverity announced the findings of its annual open source bug hunt, this year focusing on HTC’s “Droid Incredible” version of the Android mobile operating system. The company found 359 bugs, a quarter of which they classified as “high risk.” Coverity, which makes its money selling these code scans, found a higher rate of defects in Android-specific code than it did elsewhere in the Linux codebase.

An analysis of the kernel used in Google’s Android smartphone software has turned up 88 high-risk security flaws that could be used to expose users’ personal information, security firm Coverity said in a report published on Tuesday.

Coverity, a security firm based out of San Francisco, California, has taken it upon themselves to reveal the security holes that lie within the Android operating system. Using an HTC Incredible, they found .47 defects for every 1,000 lines of code. Usually its 1 for every 1,000 lines of code. All together Coverity, found a total of 359 defects in our beloved Android os.

A recent global study conducted by Juniper Networks on smartphone use found that three out of four people currently use their mobiles to share and access sensitive business information.

Some security analysts over at a firm called Coverity has announced that the Android kernel is riddled with security holes. Despite the issues the analysts claim with the kernel security, they still rank Android higher than most open source OS projects.

How is this for a shocker? Google’s Android OS has just undergone a thorough screening by security analyst Coverity and the company found an average of 0.47 defects per 1,000 lines of code.

Hackers could potentially steal personal information from your Google Android smartphone because of serious errors with the operating system (OS), a software security firm has discovered.

Smartphones running Google's Android operating system are increasingly catching on among businesses as well as consumers, according to a recent study from ChangeWave.

INSECURITY EXPERTS at Coverity have issued a report on kernel flaws found in the Android mobile operating system.

These days, it seems there isn’t a month that goes by without a security firm pointing out some potential flaws in Android. This time, Coverity – based out of San Francisco – has gone deep into the Android source code and came up with some interesting numbers.

This week, Coverity, a company that provides a tool that performs static analysis of code, announced findings of their annual report on the state of open source software integrity.

Security analysts at Coverity reckon the Android kernel is riddled with security holes, though they still rate it as twice as good as most open-source projects.

stem--which is about half as bad as the industry standard of one defect per 1,000 lines of code.

The high-risk defects in the Android kernel included memory corruption flaws, memory illegal accesses and resource leaks.

Coverity, a company with tools to check for programming problems that pose security risks, has found 359 of them in a scan of the Android source code.

According to a new study by Coverity, a code analysis group, the most critical part of the Android mobile operating system has found programming errors which may enable hackers or specially crafted malware applications to access a users personal smartphone data.

A study has shown that Google’s Android operating system could be susceptible to hackers due to programming errors, citing "high risk defects".

Google's Android mobile operating system may include a number of high-risk software flaws, according to a new report from static code analysis vendor Coverity.

There is a high level of agreement between two analysts’ firms, Canalys and NPD Group, on the market-share status of mobile operating systems. The consensus – to a degree that speaks either to incredibly accurate surveying or coincidence – is that the ascendancy of Android continues.

A study by analysis group Coverity turned up programming errors in a critical part of the system that ships with HTC Droid Incredible phones.

First, the cloud: Numerous programming flaws in the Android kernel include 88 high-risk defects that could leave users' sensitive information exposed, analysis firm Coverity announced today.

A study by analysis group Coverity turned up programming errors in a critical part of the system that ships with HTC Droid Incredible phones.

Wired speaks to Bjarne Stroustup -- the inventor of the C++ programming language -- 25 years after its invention

Analysts say moves by tech leaders HP and IBM should boost flagging demand for application security tools

With the acquisition of Fortify Software by Hewlett-Packard this week, it’s clear that the major vendors are beginning to zone in on application security.

Recently in San Jose, TMC's CEO Rich Tehrani had a chance to sit down and interview Andy Chou, the Chief Architect of Coverity (News - Alert), who said the company has just launched a new partnership with Armorize Software, which works in enterprise malware detection.

Shares of Japanese auto giant Toyota Motor Corp. (TYO.7203) slipped, Wednesday, despite news that an initial investigation by the US government has revealed that the electronic throttles on Toyota vehicles, long suspected for being defective and causing unintended acceleration, are sound.

With modern military systems increasingly relying on software, new techniques are being adopted to decrease costs and increase the chances for mission success.

Software integrity is an indicator of risk created by software defects. Software integrity risk gauges the potential of a software defect altering the expected behavior, safety, performance or security of products and services operated by software.

To help developers learn about the integrity of all components in their software, Coverity, a supplier of code analysis tools, introduced a Software Integrity Rating program yesterday. The program measures defects in software and lets companies place a Coverity Integrity Seal on their software when it meets industry standards.

U.S. vehicle recalls related to electronic systems have tripled and investigations quadrupled in the past 30 years following a surge in the use of computers to control functions such as acceleration.

Source code analysis (sometimes called "static analysis") is a technology which analyzes source code for the purpose of detecting defects, understanding architecture, collecting statistics on the software and more.

Toyota is not the only car maker navigating around accusations of quality problems with its auto controls, but recent fatalities drove the company into the spotlight. Over the years, Ford, Audi and Nissan had similar troubles. In all cases, government agencies responsible for overseeing consumer safety detoured away from the situation.

The latest cases of uncontrolled acceleration in the Toyota Prius point to software glitches that the car industry needs to address with more rigorous testing, according to a company that specializes in software integrity.

Could software, or faulty logic design, be at the root of runaway acceleration problems plaguing Toyota automobiles?

Could software, or faulty logic design, be at the root of runaway acceleration problems plaguing Toyota automobiles?

How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems.

Thomas Schultz discusses tools and techniques that can help cure weaknesses in military software

We all make mistakes -- even software code writers working for major corporations. Coverity's goal is to help catch those mistakes before they become costly problems. The company recently released Version 5 of its software analysis tool, and seven years after starting up as a group of four grad students and their professor, it's now sitting on a list of over 400 customers.

The good news is that tools from companies like Coverity now make it relatively simple to check for software integrity in a more cost-effective and less work-intensive way.

Code analysis vendor combines Agile-friendly static, dynamic, build and architecture analysis in new offering.

Coverity is adding in version 5 of its namesake code scanning tool the ability to map all the downstream effects a change to a particular piece of code will have on the entire application.

Coverity has brought new defect-tracking and identification capabilities to an update of its software integrity suite.

Coverity 5 scans, prioritizes, and maps the impact of defects introduced by software changes

Coverity, a software integrity firm perhaps best known for its SCAN project of open-source software sponsored by the Department of Homeland Security thinks it has the preventive medicine to help organizations avoid the inevitable errors, defects, and failures that software change can introduce.

Many developers who write software in popular open source languages...are writing programs with more high-quality code these days, according to a recent survey conducted by Coverity Inc., a company that creates tools for software development and integrity - good news for security-minded consumers, to say the least.

Latest Coverity Scan report shows lower defect densities but NULL pointer errors are still common

Coverity details the findings from analyzing more than 11 billion lines of open source code from 280 open source projects

Static analysis can protect software organizations from leaking software defects in production and making the kind of front page news that everyone wants to avoid.

Coverity joins debate about the pros and cons of various licences available to free and open source software developer.

David Maxwell Open Source Strategist at Coverity will advocate the BSD license

the BlackBerry Smart Card Reader, together with the BlackBerry Enterprise Solution, provides advanced security features to meet IT requirements in corporate environments and public sectors, including Coverity Certification for Quality Code Level 2 and Secure Code Level 2

The Open Source Report 2008 and the Architecture Library Report, conducted by Coverity for the U.S. Department Homeland Security Cybersecurity Open Source Hardening Project, shows more than 10,000 defects fixed since project launch in March 2006.

There are plenty of ways to support open source without having to shell out cash. This is a very useful one indeed.

The story of how a Linux exploit actually wasn't, thanks to Coverity Prevent static code analysis.

The Scan Project analyzes the Linux kernel on an ongoing basis. This issue was identified months ago, and tracked up until the fix was committed.

There are many techniques for detecting security vulnerabilities, and the innovative companies recognized in this category have demonstrated that their products and services make a real difference.

Ben Chelf, Chief Technology Officer of Coverity, discusses Coverity Integrity Center and the crisis of embedded software development. Static code analysis, dynamic code analysis, architecture analysis to make building embedded software easier.

Studies show that when used correctly, static analysis can improve individual developer productivity by as much as 12.5% by automating the time-intensive task of identifying hard-to-find defects.

Automated static analysis can improve reliability of medical device software. Here are the key criteria that need to be considered when selecting a static analysis tool.

Coverity "has got an inhuman eye for detail. It's like having the most persnickety programmer in the world looking over your shoulder."

"Coverity's new offering may go a long way to changing the software development equation: more investment up front in developing software right the first time could save 10 times the cost of fixing/supporting broken code later."

Coverity's introduction of SAT into software analysis is of greater significance than earlier improvements in statistical analysis. SAT solvers represent a mature, highly developed technology that benefits from decades of optimization by computer hardware companies.

The Coverity Scan resource is probably the most comprehensive and high-level collection of diagrams of open sources projects.

Coverity...are taking steps to look into the build process to detect configuration and build issues sooner in the software development lifecycle than may normally be the case.

The latest version (of Coverity Prevent) beefs up the VS integration and adds support for Windows Mobile, Windows Automotive and Xbox. It also offers C# concurrency defect detection, which according to the company makes Prevent the first product to support this functionality.