• Most Popular
  • Most Shared

Coverity Venture With U.S. Department of Homeland Security Resolves Quality Issues...

Wed Jan 9, 2008 6:10am EST
 
Coverity Venture With U.S. Department of Homeland Security Resolves Quality
Issues and Potential Security Vulnerabilities in 11 Major Open-Source Projects
New Version of Coverity Prevent at Coverity Scan Site to Provide Open Source
Projects with Access to Advanced New Static Analysis Capabilities

SAN FRANCISCO, Jan. 9 /PRNewswire/ -- Coverity, Inc., the leader in
improving software quality and security, today announced that as a result of
its contract with U.S. Department of Homeland Security (DHS), potential
security and quality defects in 11 popular open source software projects were
identified and fixed.
    The 11 projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP,
Postfix, Python, Samba, and TCL.
    All of these projects eliminated multiple classes of potential security
vulnerabilities and quality defects from their code at the Coverity Scan site
(http://www.scan.coverity.com). Because of their efforts to proactively ensure
application integrity and security, organizations and consumers can now select
these open source applications with even greater confidence.
    "Addressing security concerns will require a concerted effort on the part
of the entire open source ecosystem to assuage enterprise concerns about
security of open source software," according to analyst Michael Goulde in his
2007 Forrester report 'Enterprises View Open Source As A Key Tactic For
Strategic Software Initiatives.'
    Based on these results, Coverity will advance these 11 projects to 'rung
2' of its open source security ladder, where they will benefit from access to
new, advanced product capabilities, including the base technology which will
enable access to the company's patent-pending application of Boolean
satisfiability in static analysis.
    Coverity's technology creates a bit-accurate representation of a software
system, where every relevant software operation is translated into Boolean
values (true and false) and Boolean operators (such as and, not, or). This bit
accurate representation enables SAT-based Solvers to analyze source code for
the first time in commercial computer programming.
    The Coverity Scan site was developed with support from the U.S. Department
of Homeland Security as part of the federal government's 'Open Source
Hardening Project.' In addition to the 11 projects, additional open-source
projects are poised for advancing to rung 2 over the next months. For more
information on advancement criteria for Coverity's Scan ladder, visit:
http://scan.coverity.com/ladder.html
    Projects at rung 2 of the Scan ladder have access to a significant upgrade
of Coverity Prevent. The first projects to use these new capabilities report a
significant increase in the number of identified defects, with some finding as
many as 100 new hard-to-find defects than identified in rung 1 of the Scan
ladder.
    "We applaud the developers responsible for the 11 open source projects
that have advanced to the second rung of code security and quality at the
Coverity Scan site," said David Maxwell, open source strategist for Coverity.
"By progressively enabling new features and functionality in Coverity Prevent
as security and quality defects are eliminated, we provide easy-to-manage sets
of defects for participants while creating an incentive for them to continue
to improve their code."
    Open source projects analyzed at the site include some of the worlds most
widely used applications, including the Apache web server, the Linux operating
system, the Firefox browser and the Samba file and printer sharing system.
    The Coverity Scan site currently analyzes 50 million lines of software in
more than 250 projects and has helped fix over 7,500 software defects since
the site's launch in March of 2006. Hundreds of open source developers have
integrated the use of Coverity's technology into their open source development
process to improve software quality and security. New features available to
rung 2 projects at the site include:
    -- Major enhancement to the core analysis engine to find more defects with
       a low false positive rate
    -- Infrastructure installed for use of Coverity's breakthrough Boolean
       satisfiability (SAT) engine
    -- Trend analysis features with graphs and customized queries to show
       historical states and defect density by component or person
    -- Ability to organize a code base into components by grouping directories
       to easily identify troublesome sections in the codebase


    The Coverity Scan site is freely available to qualified open source
projects at: http://scan.coverity.com
    About Coverity Scan
    The Coverity Scan site was developed by Coverity with support from the
U.S. Department of Homeland Security as part of the federal government's 'Open
Source Code Hardening Project.' The site divides open source projects into
rungs based on the progress each project makes in resolving defects. Projects
at higher rungs receive access to additional analysis capabilities and
configuration options. Projects are promoted as they resolve the majority of
defects identified at their current rung.
    About Coverity
    Coverity (http://www.coverity.com), the leader in improving software
quality and security, is a privately held company headquartered in San
Francisco. Coverity's groundbreaking technology removes the barriers to
writing and delivering complex software by automatically finding and helping
to fix critical software defects and security vulnerabilities as software is
written. More than 350 leading companies choose Coverity because it scales to
tens of millions of lines of code, has the lowest false positive rate while
providing 100 percent path and value coverage. Companies like Juniper
Networks, Symantec, McAfee, Synopsys, NASA, Palm and Wind River rely on
Coverity's tools to find and eliminate critical defects from their
mission-critical code.
    Coverity is a registered trademark, and Coverity Extend and Coverity
Prevent are trademarks of Coverity, Inc. All other company and product names
are the property of their respective owners.
SOURCE  Coverity, Inc.

Media, Jim Shissler, Director, Public Relations of Coverity, Inc.,
+1-415-694-5342, jshissler@coverity.com; or Steve Eisenstadt of Page One PR,
+1-919-781-8096, steve@pageonepr.com, for Coverity, Inc.


More from Reuters

Joint Terminal Attack Controller SSgt Clinton J. Herbison, a U.S. Airman from the 817 Expeditionary Air Support Operations Squadron (EASOS) takes a break during a night mission near Honaker Miracle camp at the Pesh valley of Kunar Province August 12, 2009. Credit: REUTERS/Carlos Barria

Pictures of the Year

A look at the best photos of 2009.  Slideshow 

    PICTURES
    The Dalai Lama jokes with a nasal spray after being asked his opinion on the swine flu during a press conference after his first lecture in Lausanne, Switzerland, August 4, 2009. REUTERS/ Valentin Flauraud

    What a wacky year it's been...

    Um, what's up the Dalai Lama's nose? "Oddly Enough" editor Bob Basler rounds up the goofiest photos of the year.  Full Article 

    Oddly Enough
    A caution sign is seen next to a stock board at the Australian Securities Exchange (ASX) in Sydney September 5, 2008. REUTERS/Daniel Munoz
    Political Risk in 2010:

    Don't say we didn't warn you

    With the financial crisis (mostly) in the past, U.S. investors are eying a fresh start to the coming year. Here's a look at what speedbumps lie ahead.  Full Article 

    Global Markets