Open Source Cloud Authors: Elizabeth White, Zakia Bouachraoui, Liz McMillan, Pat Romanski, Yeshim Deniz

News Feed Item

Critical Open Source Software Projects Receive 6,000 Bug Fixes in First Year of Coverity Scan Site

Department of Homeland Security open source hardening project grows to 150 applications and regular scans of 35 million lines of

SAN FRANCISCO, March 27 /PRNewswire/ -- Coverity, Inc., makers of the world's most advanced source code analysis solution, today celebrated the one year anniversary of the scan.coverity.com project that was started under an open source vulnerability research contract with the Department of Homeland Security (DHS). The contract is shared with Stanford University and Symantec Corporation. Coverity also announced a major expansion of the analysis scope, increasing the number of open source projects involved to 150, up from 50.

In the first year, developers fixed an average of 16 defects a day. Many of the new projects are so widely used that a single serious defect could affect millions of people. For example, Coverity added regular scans of zlib, a compression program used in more than 500 applications, including MSN Messenger, Microsoft Office, QuickTime and Apache. Other new projects include FreeRADIUS, a software application that provides secure authentication to 100 million users on the Internet and on business networks.

"Access to Coverity's technology is enormously valuable for a foundational piece of network access software like FreeRADIUS where any crash or security bug can have a worldwide impact on people's ability to access the Internet," said Alan DeKok, project leader for the FreeRADIUS Project. "I want to thank the DHS for funding this contract and to thank Coverity for providing this service that will help to maintain the valuable reputation of FreeRADIUS as a quality product."

"There's been tremendous adoption of the free service on scan.coverity.com by the open source developer community with most developers fixing bugs after a single look at the analysis of a particular defect," said David Maxwell, open source strategist for Coverity. "The scalability of Coverity's analysis technology allows us to continuously run scans on each of 35 million lines of code and their interdependencies with only a small system of servers. This allows open source developers to find and resolve defects introduced into the project soon after the new code is submitted."

The new scan.coverity.com site gives the general public full color graphs categorized by defect type. Previously, the public could only access summary tables. Developers will continue to be able to drill-down into every defect identified to pinpoint the exact location of all errors.

A partial list of defects that scan.coverity.com identifies include: -- Leaked resources; -- References to pointers that could be NULL; -- References to pointers that are guaranteed to be NULL; -- Use of uninitialized data; -- Array overruns; -- Unsafe use of signed values; -- Use of resources that have been freed.

The impact of each defect varies depending on the application and use. For example, unsafe use of signed values could cause crashes or lead to unexpected behavior or security vulnerabilities.

Access and Eligibility

In order to avoid potential security vulnerabilities leaking to the general public, details of the analysis are given to members of scanned projects only. Open source projects with licenses that meet the criteria described by the Open Source Initiative are eligible if they have no corporate affiliations or are most strongly affiliated with a non-profit organization. Additional conditions may apply. Please see http://scan.coverity.com/faq.html for more information on access and eligibility.

The scan.coverity.com site is under continual development. In the near future, active open source projects will get access to additional features that allow scan.coverity.com to be configured and tuned for their specific projects, enabling an even deeper level of defect detection with the most advanced source code analysis technology available on the market.

Contact details and information on the background and history of scan.coverity.com are available at http://scan.coverity.com/about.html .

About Coverity

Coverity (http://www.coverity.com/), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity's groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 200 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path coverage. Companies like Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with Coverity's tools to find and fix security and quality defects from their mission-critical code.

NOTE: Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Coverity, Inc.

CONTACT: Craig Oda of Page One PR, +1-650-565-9800, ext. 702, or
[email protected], for Coverity; or Russ Wood, Director, Corporate Marketing
of Coverity, +1-415-694-5304, or [email protected]

Web site: http://www.coverity.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...