Weekly Edition
Return to the Announcements page
| |||||||||||||
|
| |||||||||||||
Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
Coverity to Regularly Scan Security and Quality of 250 Open Source Projects New framework allows rapid expansion of scan.coverity.com 400 percent Increase in 45 Days SAN FRANCISCO and MONTREAL, May 1, 2007 Coverity, Inc., makers of the worlds most advanced source code analysis solution, today announced a major infrastructure upgrade to scan.coverity.com, an open source software quality and security analysis site. The upgrade will enable the rapid expansion of the site, including regular additions of hundreds of new open source software projects. Coverity will use the new infrastructure to add 100 new open source graphics projects to the site on May 4th, coinciding with the start of the open source Libre Graphics Meeting in Montreal, Canada. This is the first time that Coverity is focusing on improving the quality of end-user professional applications such as the open source Blender 3d suite used to create computer animation in movies. Other projects to be analyzed include the GNU Image Manipulation Program (GIMP), an open source photo retouching package and Inkscape, a vector graphics program. The new expansion is in response to the spread of open source software into all areas of the world economy, including the multi-billion dollar industry around professional graphics software. The collaborative spirit of the open source development community leads members to work on multiple projects. Bryce Harrington, one of the project leaders for Inkscape, previously used scan.coverity.com when working on testing the performance of NFS. "Coverity has again showed its good will in now analyzing open source graphics projects as part of their efforts with Scan," said Harrington. "As a test engineer at the Open Source Development Labs, I have been using the defects Coverity reported for Linux NFSv4. The way Coverity's product communicates information about every reported defect is especially valuable. It's rare to find this level of information in tests typically available to open source developers." The new framework will enable scan.coverity.com to take full advantage of the latest advances in Coverity's recently announced Prevent SQS to further the work that was started in using Coverity Prevent(tm) last year. Last month on March 27, Coverity announced the addition of 100 new key open source libraries and infrastructure components. Today's announcement of an additional 100 open source graphics applications brings the total number of packages under regular analysis to 250. "With this new infrastructure, we can fully leverage the scalability and precision of Coverity Prevent SQS the same way our commercial customers do. Our analysis of these 250 open source projects and beyond will reduce the global economic impact of catastrophic software failures and security vulnerabilities," said David Maxwell, open source strategist for Coverity. "The success of scan.coverity.com shows that Coverity's static code analysis is easy to use, quickly identifies relevant software defects, and provides a way to effectively improve the quality and security of complex software projects with distributed development teams." David Maxwell will be providing details about the expansion of the scan.coverity.com site on May 4, 2007 at 11:20am at the Libre Graphics Meeting in Montreal, Canada, located at the Ecole Polytechnique de Montreal. More information on the talk and the conference is available at http://www.libregraphicsmeeting.org More information about the scan project and a list of the new projects under analysis will be available at http://scan.coverity.com. ## About Coverity Coverity (www.coverity.com), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coveritys groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 200 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path coverage. Companies like Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with Coverity's tools to find and fix security and quality defects from their mission-critical code. Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners. (Log in to post comments)
Unicode Posted May 1, 2007 19:22 UTC (Tue) by Dom2 (guest, #458) [Link] Is there any chance that Unicode characters could be handled correctly in LWN articles? The capital-a-with-caret-followed-by-something in the second paragraph is a classic example of something that's double-encoded UTF-8 somewhere. I would hope that it wouldn't be too hard to fix, given Python's excellent Unicode support... Thanks!
Unicode Posted May 1, 2007 21:53 UTC (Tue) by DonDiego (subscriber, #24141) [Link] The content-type of the page is iso8859-1, which is a problem already. It's high time to switch to UTF-8.
Theo not impressed somewhere Posted May 1, 2007 22:33 UTC (Tue) by bluefoxicy (subscriber, #25366) [Link] Ah, this brings back memories of an off-list debate with Theo de Raadt where he directly tried to convince me that such automated software scanning tools were useless, and only manual code review on its own ever produced proper results (i.e. using tools to supplement manual review == bad).
Theo not impressed somewhere Posted May 2, 2007 8:07 UTC (Wed) by khim (subscriber, #9252) [Link] You need a context to compare. Tools like Coverity are indeed almost useless if you want to catch malicious code (==code which does not what it must do because someone made it this way on purpose), but they are very-very good on catching typos and other stupid errors...
|
|||||||||||||