One coding error in Mars Science Laboratory’s flight software could have led to the probe crashing into the planet’s surface. To avoid this and any future catastrophe, NASA turned to software testing specialist Coverity.
To help companies integrate testing into their DevOps cycle, tool provider Coverity recently announced the Development Testing Maturity Model, a guide for implementing testing best practices.
The version 2.3.14.2 update of the Apache Struts Java framework fixes several high-risk vulnerabilities that allow attackers to inject code into the server, for example via specially crafted HTTP requests. Vulnerability details and a Proof of Concept (PoC) can be found on the Coverity blog.
As quality and security software compliance mandates now spiral around us, Coverity's Development Testing Maturity Model is a branded product that champions a "phased-in approach" to development testing adoption and software development lifecycle integration.
More lines of code are being written and put into production today than at any previous point, and this trend is only expected to rise in the coming years. So it’s no surprise that software quality is more important for businesses today than it has ever been.
Real entrepreneurs come to the game with vision, conviction, and an all-consuming desire to build something. They cannot help being entrepreneurs. So financing or not, these are the kinds of people who will figure out how to proceed.
Coverity’s analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers.
Challenges in technology to meet enterprise needs in 2013 and expectations.
The main take-away point from the Coverity Scan study should be that open source software, including Linux, is on par with proprietary software from a quality perspective.
"Development Testing – Shift to Source” where both discussed on how Coverity helps companies develop mobile and consumer electronics devices and to ensure software quality and security—without sacrificing speed or cost.
The report details the analysis of more than 450m lines of software code through the Coverity Scan service, the single largest sample size that the report has studied to date, since its launch in partnership with the US Department of Homeland Security back in 2006.
The jury is in: Linux is the benchmark for open-source software quality, according to a study into defects occurring in the software development process. The study was started in partnership with Homeland Security Department, but is now managed by Coverity.
According to some developer experts, during preproduction the line can be so blurry that the industry would do well to quit trying to draw it and instead endeavor to do testing that reduces overall defect rates so that the code quality and, consequently, security increase across the board.
Among the report's key findings is the reassuring one that for the second consecutive year both open source code and proprietary code scanned by Coverity have achieved defect density below one in every thousand lines of code, which is the industry-standard density defect level and provides the index of 1.0.
Coverity has called Linux the "benchmark of quality" in its newly published 2012 Coverity Scan Open Source report.
Following the analysis of more than 450 million lines of software code through the Coverity Scan service, Coverity's 2012 Coverity Scan Open Source Report, which was released Tuesday, concludes that “Linux remains the benchmark for quality.”
There can be no better person than Zack Samocha, Senior Director of Product Management at Coverity, an industry veteran, to clear our doubts on the subject of Interactive Application Security Testing (IAST).
Development testing service Coverity’s annual scan report, which is based on data from almost 500 software projects with a total of over 450 million lines of code, says that almost 230,000 defects were found and fixed.
Coverity, a development testing company, announced the availability of the 2012 Coverity Scan Open Source Report.
An analysis has revealed that while the difference is negligible between smaller projects, OSS tends to produce higher-quality mid-sized codebases - but when it comes to projects with over a million lines of code, proprietary software wins out.
The 2012 Coverity Scan Open Source Report arrives this month from the prominent development testing company. The report details the analysis of more than 450 million lines of software code through the firm’s own scanning service.
After all of these years, SQL injection vulnerabilities still stand as an old reliable for attackers seeking to break into corporate databases.
Learn it. Know it. Live it. Security professionals talk about how developers don’t understand security, but the Coverity team throws it right back at them
Software quality is continuously improving for both open source and proprietary projects, according to a recent analysis of more than 450,000,000 lines of code conducted by Coverity in its annual Scan report.
Coverity has published its 2012 Scan Report into open source software defects.
Coverity has called Linux the "benchmark of quality" in its newly published 2012 Coverity Scan Open Source report.
A new report details the analysis of more than 450 million lines of software through the Coverity Scan service, which began as the largest public-private sector research project focused on open source software integrity, and was initiated between Coverity and the U.S. Department of Homeland Security in 2006.
Over the past seven years, the Coverity Scan service has analyzed nearly 850 million lines of code from more than 300 open source projects including Linux, PHP and Apache.
The recently released Coverity Scan Report 2012 contains the results of scanning the top 118 participating open source projects cumulating 68 millions lines of code, a significant increase from last year’s 37M LoC.
For years open source and proprietary software camps have fought over which model produces better software. According to Coverity's annual Scan report, released today, both sides are right. And wrong. Depending on how big the code base is.
The latest Coverity Scan Report published on Wednesday, found something new: the code quality of open source projects tends to suffer when they surpass 1 million lines of code, whereas proprietary code bases continue improve when they pass that mark.
“Is this secure code?” is probably the last thing on your workhorse coders' minds. The only real way to ensure it's at the top of their priority list is to train them extensively on what insecure code looks like.
Today Coverity announced the availability of the ‘2012 Coverity Scan™ Open Source Report.’ The report details the analysis of more than 450 million lines of software code through the Coverity Scan service.
Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
Coverity experts present some of the pain-points, wishes, suggestions and advice developers have to their security teams.
Coverity presents advice for security testers on how to have a great working relationship with developers.
One of the first “Developer-Ready” Interactive Application Security Testing Solution that brings the software developers and security testers at the same page allowing organizations to address lethal security issues much earlier in the app lifecycle has arrived.
Coverity resolved issues, SuperCap reliability and error recovery enhancements, as well as from the adjustment of the USB phy boost value for the Mars controllers.
Groups of thousands of hackers are determined to take down organizations, which are targeted for reasons only the attackers themselves understand. Yet they are serious about it. And it’s time you become serious about it too.
Coverity, Inc. has appointed Jennifer Johnson as its chief marketing officer. Johnson will be responsible for the global strategy and execution of all facets of marketing for Coverity, leading the corporate communications, demand generation, product marketing and product management functions.
The medical device industry - which includes everything from pacemakers to insulin pumps - is one of the single largest components of the U.S. economy, and one that is increasingly software-driven. It is thus critical to ensure the quality of the software powering these devices early and often in the development process.
Almost 95 per cent of endpoints running Java and making active requests are currently vulnerable to at least one Java exploit. Read more about Coverity's new scanning tool for Java open source projects.
Code analysis tool vendor Coverity, Inc., is expanding free access to its development testing service within the open source community with the launch of its Scan for Java tool.
Cloud services can benefit many SMBs, shaving costs and increasing efficiency, but it is not suitable for all. Cloud is like any piece of IT which has to fit the particular business to work.
Don't believe the lie that developers don't care whether their application code causes expensive vulnerabilities for their organizations. Read more to learn why much of today's security testing and training isn't tailored to suit the way developers think and do their jobs.
Coverity and SQS, a leading specialist in software quality, have teamed up to launch the testing industry’s first independent development testing services offering.
Coverity explains that static analysis can be used to manage risk in a Java development environment. In addition, static analysis and contract-based programming can be combined to deliver software components with enhanced safety and security.
Andy Chou, co founder and CTO of Coverity, discusses importance of security processes early on in development at RSA tradeshow.
Security firm, Coverity, thinks that there's no need for cross-site scripting (XSS) holes to exist and explains how to prevent them.
As every tester knows, every defect fixed before it causes product failure has cost too. One of its components is the sum of the cost of the repair, related rework, retesting and regression testing the defect makes necessary, all easily quantified in any properly managed project.
John Jacott, security evangelist for Coverity, sheds some insight on nine important questions that should be central to implementing an application security policy in any organization.
A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10.
The Coverity Development Testing Platform enables developers to test early and often so they can assure code quality at each development sprint. In addition, seamless integration with existing Agile development methodologies and tools helps maximize development productivity.
Learn how the Coverity Development Testing Platform can be used in conjunction with open source solutions to help you fix more of the quality and security issues in your Java code that matter, with your existing resources and a unified process across the enterprise.
With software becoming more complex because of increased uses and integration demands, technology companies providing solutions to detect the source of code failure have become a quick growing niche.
With a globally distributed development operation, Novell needed a flexible static analysis solution that could be used by its dispersed internal development teams and partners.
Real entrepreneurs come to the game with vision, conviction, and an all-consuming desire to build something. Read how Andy Chou, Co-founder of Coverity, raised money in Series A funding.
The NASA Jet Propulsion Laboratory (JPL), builder of the Curiosity Rover, used Coverity to help ensure the reliability of the mission-critical flight software guiding the successful landing of Curiosity on Mars.
Coverity, San Francisco, has been assigned a patent developed by Andy Chou and Sumant J. Kowshik for "methods for selectively pruning false paths in graphs that use high-precision state information."
There's a burgeoning trade in finding and selling exploits. However, the sellers aren't all cybercriminals; some legitimate companies sell exploits to governments and law enforcement agencies around the world.
Even after Oracle patched critical Java vulnerabilities on Monday, the U.S. Computer Emergency Readiness Team (US-CERT) continued urging users to disable Java browser plug-ins.
Globally recognized as the leader in end-to-end software quality services, SQS has augmented its Development Quality practice with a new development testing service based on the Coverity development testing platform.
In 2013, we'll see processes intended to avoid security vulnerabilities baked more fully into the development process.
Coverity's Security Research Laboratory makes the VDC Research Top 12 list for 2012.
Curiosity successfully landed on Mars in August. The developers at JPL used a suite of sophisticated software tools and programming techniques, including Coverity, to improve the quality of the software that controls the flight and onboard functions of Curiosity.
Flaws in the ubiquitous software on PCs, tablets and smartphones have empowered cyber intruders and plagued businesses, governments and political dissidents with sabotage, theft and physical attacks, a year-long series by Bloomberg News shows.
If you were a developer who would have loved to better incorporate security into your app but felt as though you just weren’t equipped to do so, you weren’t alone.
Coverity, a provider of static analysis and development testing tools, has announced the hire of a key Microsoft C# guru, Eric Lippert, as architect in the Coverity research and development organization.