Coverity Launches Coverity Inspected Program
Leading Open Source Database Developers MySQL, Sleepycat Software, and PostgreSQL First To Be Coverity Inspected

SAN FRANCISCO, February 15, 2005 – Coverity, Inc., makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, today announced the Coverity Inspected Program. To be Coverity Inspected, software companies need to use Coverity to identify software defects so that they can be easily fixed. Companies must fix all defects identified, except defects that have no impact on the runtime behavior of the software.

MySQL AB and Sleepycat Software are the first two companies to be Coverity Inspected. Both companies' open source databases had extremely high quality with less than 0.25 bugs per 1,000 lines of code - even before the vendors fixed the bugs that Coverity found. Coverity discovered only 97 bugs in 425,000 lines of code in the recent 4.1.8 version of MySQL. MySQL has already fixed all the bugs identified by Coverity's analysis and will incorporate the results into MySQL Pro Certified database server. Sleepycat's Software Berkeley DB version 4.4.2 only had 26 bugs in 160,000 lines of code. Sleepycat has also fixed all the bugs. PostgreSQL is in the process of completing their Coverity Inspected security and quality analysis and plans to have information available at the end of the month.

"The Coverity Inspected Program is a very important component of our new MySQL Network offering for enterprise database customers," said Zack Urlocker, vice president of marketing for MySQL AB. "Coverity's detailed analysis allows us to provide more reliable and secure certified software - a real benefit for large IT organizations, high-volume Web sites and all of our six million active installations worldwide."

"Berkeley DB is an open source developer database used in demanding mission-critical applications," said Rex Wang, vice president of marketing for Sleepycat Software. "We are absolutely committed to delivering the highest quality code possible - our engineers and development practices are world class, our developer community provides tremendous peer review, and we use world-class tools such as Coverity.. Coverity Inspected gives new customers strong independent validation of the high quality that our global customers have relied on for years."

"With Coverity's code auditing tools available to PostgreSQL, my customers will rest easy knowing that PostgreSQL is not breakable," said Sean Chittenden, PostgreSQL Contributor. "It was a genuine delight to watch PostgreSQL's code be scrutinized by Coverity, especially knowing that Linux, FreeBSD and large proprietary databases have also been put through the same intense lens."

In December, Coverity published a report showing that the Linux kernel contained 0.17 bugs per thousand lines of code, which is an extremely low defect rate and is evidence of the strong security of Linux.

As a public service, Coverity will continue to provide open source software bug analysis reports on a regular basis and is making a summary of the results freely available to the open source development community. In addition to its track record helping open source projects such as Linux, Apache, FreeBSD and now Sleepycat's Berkeley DB and MySQL, Coverity has more than 40 proprietary software customers.

"We hope that Coverity Inspected helps developers, outsourcers and buyers of software focus on software quality and security," said Seth Hallem, CEO of Coverity. "Both MySQL and Sleepycat designed their code very well to avoid problems. Many security holes in software are the result of software bugs that can be eliminated with good programming processes."

Summary reports of the bugs for Linux, MySQL and Sleepycat are available at www.coverity.com.

About Coverity's Products
Coverity's core technology runs on a wide variety of hardware and software platforms used by C and C++ developers. It is unique amongst source code analysis solutions in both its precision and scalability. Unlike many competing technologies, Coverity simulates the effects that the operations in the source code might have in the runtime environment, rather than searching the source code for known, dangerous coding patterns or potentially sloppy coding constructs. The result is that the defects detected by Coverity's analysis platform are potentially disastrous runtime errors that must be fixed in the source code. In addition, Coverity is designed to integrate easily into existing software development practices without any changes to existing build systems or existing development tools.

About Coverity, Inc.
Coverity (www.coverity.com), makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, is a privately-held company headquartered in San Francisco. Coverity was founded in 2002 by leading Stanford University scientists whose four-year research project resulted in a breakthrough approach for addressing the costliest problem in the software industry. That research breakthrough allows developers to quickly and precisely eliminate software defects and security vulnerabilities in tens of millions of lines of new or legacy code. Today, Coverity's solution is used by more than 40 leading companies to significantly improve the quality of their software, including Juniper Networks, VERITAS, McAfee, Synopsys, NASA, PalmOne, Sun Microsystems and Wind River.

Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Media Contacts
David Park
dave@coverity.com
(415) 321-5204

Craig Oda
Page One PR
coda@pageonepr.com
(650) 565-9800, x102