Coverity to Regularly Scan Security and Quality of 250 Open Source Projects

  Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
  

  New framework allows rapid expansion of scan.coverity.com — 400 percent
Increase in 45 Days
  

  SAN FRANCISCO and MONTREAL, May 1, 2007 – Coverity, Inc., makers of the
world’s most advanced source code analysis solution, today announced a major
infrastructure upgrade to scan.coverity.com, an open source software quality
and security analysis site. The upgrade will enable the rapid expansion of
the site, including regular additions of hundreds of new open source software
projects. Coverity will use the new infrastructure to add 100 new open source
graphics projects to the site on May 4th, coinciding with the start of the
open source Libre Graphics Meeting in Montreal, Canada. 
  

  This is the first time that Coverity is focusing on improving the quality
of end-user professional applications such as the open source Blender 3d
suite used to create computer animation in movies. Other projects to be
analyzed include the GNU Image Manipulation Program (GIMP), an open source
photo retouching package and Inkscape, a vector graphics program. The new
expansion is in response to the spread of open source software into all areas
of the world economy, including the multi-billion dollar industry around
professional graphics software. 
  

  The collaborative spirit of the open source development community leads
members to work on multiple projects. Bryce Harrington, one of the project
leaders for Inkscape, previously used scan.coverity.com when working on
testing the performance of NFS.
  

  "Coverity has again showed its good will in now analyzing open source
graphics projects as part of their efforts with Scan," said Harrington. "As a
test engineer at the Open Source Development Labs, I have been using the
defects Coverity reported for Linux NFSv4. The way Coverity's product
communicates information about every reported defect is especially valuable.
It's rare to find this level of information in tests typically available to
open source developers." 
  

  The new framework will enable scan.coverity.com to take full advantage of
the latest advances in Coverity's recently announced Prevent SQS to further
the work that was started in using Coverity Prevent(tm) last year. Last month
on March 27, Coverity announced the addition of 100 new key open source
libraries and infrastructure components. Today's announcement of an
additional 100 open source graphics applications brings the total number of
packages under regular analysis to 250.
  

  "With this new infrastructure, we can fully leverage the scalability and
precision of Coverity Prevent SQS the same way our commercial customers do.
Our analysis of these 250 open source projects and beyond will reduce the
global economic impact of catastrophic software failures and security
vulnerabilities," said David Maxwell, open source strategist for Coverity.
"The success of scan.coverity.com shows that Coverity's static code analysis
is easy to use, quickly identifies relevant software defects, and provides a
way to effectively improve the quality and security of complex software
projects with distributed development teams."
  

  David Maxwell will be providing details about the expansion of the
scan.coverity.com site on May 4, 2007 at 11:20am at the Libre Graphics
Meeting in Montreal, Canada, located at the Ecole Polytechnique de Montreal.
More information on the talk and the conference is available at
http://www.libregraphicsmeeting.org
  

  More information about the scan project and a list of the new projects
under analysis will be available at http://scan.coverity.com. 
  

  ##
  

  About Coverity
Coverity (www.coverity.com), the leader in improving software quality and
security, is a privately held company headquartered in San Francisco.
Coverity’s groundbreaking technology removes the barriers to writing and
delivering complex software by automatically finding and helping to fix
critical software defects and security vulnerabilities as the software is
written. More than 200 leading companies choose Coverity because it scales to
tens of millions of lines of code, has the lowest false positive rate and
provides 100 percent path coverage. Companies like Juniper Networks,
Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with
Coverity's tools to find and fix security and quality defects from their
mission-critical code.
  

  

  Coverity is a registered trademark, and Coverity Extend and Coverity
Prevent are trademarks of Coverity, Inc. All other company and product names
are the property of their respective owners.