Development Testing Blog

Coverity and Heartbleed, part 2


There has been a lot of concern about the Heartbleed vulnerability in OpenSSL lately. In earlier posts, we’ve talked about how Coverity does not find Heartbleed in its stock configuration.

We’ve been feverishly working to protect our users from this type of problem, and have identified a few possibilities. Using existing releases, we can find…

Continue reading »

Comments (0)

Throwback Thursday: DHS and Coverity Scan


On Tuesday, we released the annual Coverity Scan Report, which revealed the analysis of more than 750 million lines of code from open source and commercial C/C++ projects and almost 50 of our most active Java projects in the world. What we found was that, for the first time, the quality in the open source projects…

Continue reading »

Hot Off the Presses: Coverity Scan Report 2013


If software is eating the world, then open source software is leading the charge. Interest in open source and the adoption of our Scan service has never been higher. We now have more than 1,500 projects participating in the Scan service and we’re seeing that these projects are raising the bar for the entire industry when it comes to software quality. Almost 50,000…

Continue reading »

Coverity and “Heartbleed”


A lot of people have been asking whether and how static analysis can help you avoid problems like the so-called Heartbleed vulnerability in your own code. The answer, unsurprisingly, is that it depends.

Finding potential defects through static analysis is a great idea. In fact, a lot of tools try to do exactly that with varying levels of success. The difficult…

Continue reading »

Comments (0)

Why does C# use UTF-16 for strings?

C sharp logo

Today on ATBG a langauge design question from reader Filipe, who asks:

Why does C# use UTF-16 as the default encoding for strings instead of the more compact UTF-8 or the fixed-width Continue reading »

A customer focused event with a difference

On March the 20th, we hosted our first UK Customer Theatre and where better to host this than in Theatre-land itself, Leicester Square. The day saw customers come from far and wide to network and to hear the latest and greatest regarding our latest release from the Coverity development team. It started with an introduction from Coverity discussing the recent Synopsys…

Continue reading »

Testing What Matters Most


Last summer, Johnny Willemsen, CTO for Remedy IT, delivered a webinar for SD Times to share how the ACE open source project began to implement Coverity as part of their automated testing. ACE, an open source framework that implements many core…

Continue reading »





Continue reading »

I’ll Never Look at Security and Agile The Same Way Again

A couple of weeks ago, I attended the Keep Austin Agile event in—unsurprisingly—Austin, Texas. And while I had several compelling conversations with local practitioners about the Austin software culture and the progression of Agile environments in the workplace, there was one recurring theme that came up: the difficulty of tying security into an Agile process. More…

Continue reading »

NYSE shares best practices for using Coverity across Development & QA teams


On March 5th we hosted a networking event at Del Frisco’s in New York, where we featured one of our customers, Dikshitulu (Tulu) Pulupula, Vice President of Quality Assurance at NYSE Euronext, Inc. , a wholly-owned subsidiary of IntercontinentalExchange (NYSE: ICE). NYSE Euronext operates global financial markets…

Continue reading »