Coverity's NASA project shows how benefits of code testing can be out of this world
One coding error in Mars Science Laboratory’s flight software could have led to the probe crashing into the planet’s surface. To avoid this and any future catastrophe, NASA turned to software testing specialist Coverity.
The version 220.127.116.11 update of the Apache Struts Java framework fixes several high-risk vulnerabilities that allow attackers to inject code into the server, for example via specially crafted HTTP requests. Vulnerability details and a Proof of Concept (PoC) can be found on the Coverity blog.
As quality and security software compliance mandates now spiral around us, Coverity's Development Testing Maturity Model is a branded product that champions a "phased-in approach" to development testing adoption and software development lifecycle integration.
Report Finds Open Source Software Quality Better than Industry Average
More lines of code are being written and put into production today than at any previous point, and this trend is only expected to rise in the coming years. So it’s no surprise that software quality is more important for businesses today than it has ever been.
Real entrepreneurs come to the game with vision, conviction, and an all-consuming desire to build something. They cannot help being entrepreneurs. So financing or not, these are the kinds of people who will figure out how to proceed.
Coverity: open source & proprietary code better than average
Coverity’s analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers.
Hottest Embedded Trends Elucidated at Embedded Developer Conference 2013
"Development Testing – Shift to Source” where both discussed on how Coverity helps companies develop mobile and consumer electronics devices and to ensure software quality and security—without sacrificing speed or cost.
Coverity Scan Report on 450m lines of open source coding shows it is still competitive V proprietary... Coverity Scan Report on 450m lines of open source coding shows it is still competitive V proprietary code
The report details the analysis of more than 450m lines of software code through the Coverity Scan service, the single largest sample size that the report has studied to date, since its launch in partnership with the US Department of Homeland Security back in 2006.
Linux leads in open-source quality, but risky defects lurk
The jury is in: Linux is the benchmark for open-source software quality, according to a study into defects occurring in the software development process. The study was started in partnership with Homeland Security Department, but is now managed by Coverity.
Erase The Line Between QA Defects And Security Flaws?
According to some developer experts, during preproduction the line can be so blurry that the industry would do well to quit trying to draw it and instead endeavor to do testing that reduces overall defect rates so that the code quality and, consequently, security increase across the board.
Open Source Has As Good Code Quality As Proprietary Code
Among the report's key findings is the reassuring one that for the second consecutive year both open source code and proprietary code scanned by Coverity have achieved defect density below one in every thousand lines of code, which is the industry-standard density defect level and provides the index of 1.0.
Linux Code is the ‘benchmark of quality,’ study concludes
Following the analysis of more than 450 million lines of software code through the Coverity Scan service, Coverity's 2012 Coverity Scan Open Source Report, which was released Tuesday, concludes that “Linux remains the benchmark for quality.”
Zack Samocha On Development Testing And Emergence Of Interactive App Security Testing (IAST)
There can be no better person than Zack Samocha, Senior Director of Product Management at Coverity, an industry veteran, to clear our doubts on the subject of Interactive Application Security Testing (IAST).
450M lines of code say large open source and small closed source software projects are worst quality
Development testing service Coverity’s annual scan report, which is based on data from almost 500 software projects with a total of over 450 million lines of code, says that almost 230,000 defects were found and fixed.
Report: Open source code higher quality - until it supersizes
An analysis has revealed that while the difference is negligible between smaller projects, OSS tends to produce higher-quality mid-sized codebases - but when it comes to projects with over a million lines of code, proprietary software wins out.
450 Million Lines Of Scanned Software Code Can’t Be Wrong
The 2012 Coverity Scan Open Source Report arrives this month from the prominent development testing company. The report details the analysis of more than 450 million lines of software code through the firm’s own scanning service.
It’s Getting Better All the Time (Software Code Quality, That Is)
Software quality is continuously improving for both open source and proprietary projects, according to a recent analysis of more than 450,000,000 lines of code conducted by Coverity in its annual Scan report.
450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up
A new report details the analysis of more than 450 million lines of software through the Coverity Scan service, which began as the largest public-private sector research project focused on open source software integrity, and was initiated between Coverity and the U.S. Department of Homeland Security in 2006.
The recently released Coverity Scan Report 2012 contains the results of scanning the top 118 participating open source projects cumulating 68 millions lines of code, a significant increase from last year’s 37M LoC.
Study: Open Source Delivers Superior Quality…Up to a Point
For years open source and proprietary software camps have fought over which model produces better software. According to Coverity's annual Scan report, released today, both sides are right. And wrong. Depending on how big the code base is.
Open Source is Better Than the Closed Stuff (Until You Hit 1 Million Lines)
The latest Coverity Scan Report published on Wednesday, found something new: the code quality of open source projects tends to suffer when they surpass 1 million lines of code, whereas proprietary code bases continue improve when they pass that mark.
“Is this secure code?” is probably the last thing on your workhorse coders' minds. The only real way to ensure it's at the top of their priority list is to train them extensively on what insecure code looks like.
Code Quality For OpenSource SW Mirrors That Of Proprietary SW Says Coverity Report
Today Coverity announced the availability of the ‘2012 Coverity Scan™ Open Source Report.’ The report details the analysis of more than 450 million lines of software code through the Coverity Scan service.
Size Matters: When Open Source Code Quality is Better than Proprietary Software
Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
First Developer Ready IAST Arrives, Courtesy Coverity And NTObjectives
One of the first “Developer-Ready” Interactive Application Security Testing Solution that brings the software developers and security testers at the same page allowing organizations to address lethal security issues much earlier in the app lifecycle has arrived.
Groups of thousands of hackers are determined to take down organizations, which are targeted for reasons only the attackers themselves understand. Yet they are serious about it. And it’s time you become serious about it too.
Coverity, Inc. has appointed Jennifer Johnson as its chief marketing officer. Johnson will be responsible for the global strategy and execution of all facets of marketing for Coverity, leading the corporate communications, demand generation, product marketing and product management functions.
The Impact of a Medical Device Recall (Infographic)
The medical device industry - which includes everything from pacemakers to insulin pumps - is one of the single largest components of the U.S. economy, and one that is increasingly software-driven. It is thus critical to ensure the quality of the software powering these devices early and often in the development process.
Java users are mostly running outdated versions, according to Websense
Almost 95 per cent of endpoints running Java and making active requests are currently vulnerable to at least one Java exploit. Read more about Coverity's new scanning tool for Java open source projects.
Constructive Security Training For Application Developers That Works
Don't believe the lie that developers don't care whether their application code causes expensive vulnerabilities for their organizations. Read more to learn why much of today's security testing and training isn't tailored to suit the way developers think and do their jobs.
Coverity explains that static analysis can be used to manage risk in a Java development environment. In addition, static analysis and contract-based programming can be combined to deliver software components with enhanced safety and security.
Moving Security Testing into the Developer’s Domain
As every tester knows, every defect fixed before it causes product failure has cost too. One of its components is the sum of the cost of the repair, related rework, retesting and regression testing the defect makes necessary, all easily quantified in any properly managed project.
A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10.
The Coverity Development Testing Platform enables developers to test early and often so they can assure code quality at each development sprint. In addition, seamless integration with existing Agile development methodologies and tools helps maximize development productivity.
Learn how the Coverity Development Testing Platform can be used in conjunction with open source solutions to help you fix more of the quality and security issues in your Java code that matter, with your existing resources and a unified process across the enterprise.
The NASA Jet Propulsion Laboratory (JPL), builder of the Curiosity Rover, used Coverity to help ensure the reliability of the mission-critical flight software guiding the successful landing of Curiosity on Mars.
There's a burgeoning trade in finding and selling exploits. However, the sellers aren't all cybercriminals; some legitimate companies sell exploits to governments and law enforcement agencies around the world.
Coverity and SQS Transform Software Quality with Development Testing
Globally recognized as the leader in end-to-end software quality services, SQS has augmented its Development Quality practice with a new development testing service based on the Coverity development testing platform.
Curiosity successfully landed on Mars in August. The developers at JPL used a suite of sophisticated software tools and programming techniques, including Coverity, to improve the quality of the software that controls the flight and onboard functions of Curiosity.
Americans Hacked Don't Know Chamber Left Them Alone
Flaws in the ubiquitous software on PCs, tablets and smartphones have empowered cyber intruders and plagued businesses, governments and political dissidents with sabotage, theft and physical attacks, a year-long series by Bloomberg News shows.
Coverity, a provider of static analysis and development testing tools, has announced the hire of a key Microsoft C# guru, Eric Lippert, as architect in the Coverity research and development organization.