Open Source Cloud Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, Zakia Bouachraoui

News Feed Item

Critical Open Source Software Projects Receive 6,000 Bug Fixes in First Year of Coverity Scan Site

Department of Homeland Security open source hardening project grows to 150 applications and regular scans of 35 million lines of

SAN FRANCISCO, March 27 /PRNewswire/ -- Coverity, Inc., makers of the world's most advanced source code analysis solution, today celebrated the one year anniversary of the scan.coverity.com project that was started under an open source vulnerability research contract with the Department of Homeland Security (DHS). The contract is shared with Stanford University and Symantec Corporation. Coverity also announced a major expansion of the analysis scope, increasing the number of open source projects involved to 150, up from 50.

In the first year, developers fixed an average of 16 defects a day. Many of the new projects are so widely used that a single serious defect could affect millions of people. For example, Coverity added regular scans of zlib, a compression program used in more than 500 applications, including MSN Messenger, Microsoft Office, QuickTime and Apache. Other new projects include FreeRADIUS, a software application that provides secure authentication to 100 million users on the Internet and on business networks.

"Access to Coverity's technology is enormously valuable for a foundational piece of network access software like FreeRADIUS where any crash or security bug can have a worldwide impact on people's ability to access the Internet," said Alan DeKok, project leader for the FreeRADIUS Project. "I want to thank the DHS for funding this contract and to thank Coverity for providing this service that will help to maintain the valuable reputation of FreeRADIUS as a quality product."

"There's been tremendous adoption of the free service on scan.coverity.com by the open source developer community with most developers fixing bugs after a single look at the analysis of a particular defect," said David Maxwell, open source strategist for Coverity. "The scalability of Coverity's analysis technology allows us to continuously run scans on each of 35 million lines of code and their interdependencies with only a small system of servers. This allows open source developers to find and resolve defects introduced into the project soon after the new code is submitted."

The new scan.coverity.com site gives the general public full color graphs categorized by defect type. Previously, the public could only access summary tables. Developers will continue to be able to drill-down into every defect identified to pinpoint the exact location of all errors.

A partial list of defects that scan.coverity.com identifies include: -- Leaked resources; -- References to pointers that could be NULL; -- References to pointers that are guaranteed to be NULL; -- Use of uninitialized data; -- Array overruns; -- Unsafe use of signed values; -- Use of resources that have been freed.

The impact of each defect varies depending on the application and use. For example, unsafe use of signed values could cause crashes or lead to unexpected behavior or security vulnerabilities.

Access and Eligibility

In order to avoid potential security vulnerabilities leaking to the general public, details of the analysis are given to members of scanned projects only. Open source projects with licenses that meet the criteria described by the Open Source Initiative are eligible if they have no corporate affiliations or are most strongly affiliated with a non-profit organization. Additional conditions may apply. Please see http://scan.coverity.com/faq.html for more information on access and eligibility.

The scan.coverity.com site is under continual development. In the near future, active open source projects will get access to additional features that allow scan.coverity.com to be configured and tuned for their specific projects, enabling an even deeper level of defect detection with the most advanced source code analysis technology available on the market.

Contact details and information on the background and history of scan.coverity.com are available at http://scan.coverity.com/about.html .

About Coverity

Coverity (http://www.coverity.com/), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity's groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 200 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path coverage. Companies like Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with Coverity's tools to find and fix security and quality defects from their mission-critical code.

NOTE: Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Coverity, Inc.

CONTACT: Craig Oda of Page One PR, +1-650-565-9800, ext. 702, or
[email protected], for Coverity; or Russ Wood, Director, Corporate Marketing
of Coverity, +1-415-694-5304, or [email protected]

Web site: http://www.coverity.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...