Software Testing Blog

Development Challenges on the Internet of Things

Recently, I had the privilege of hosting a webinar with Chris Rommel of VDC Research discussing common development challenges for Internet of Things (IoT) systems. We had many interesting questions during the event—far more than we had time to address—and I’d like to use this post to address some of the common themes and continue…

Continue reading »

Comments (0)

Dissecting a 19-year-old bug

(This article is posted to the Coverity Security Research Lab blog as well.) It was with a bizarre combination of nostalgia and horror that I read this morning about a 19-year-old rather severe security hole in Windows. Nostalgia because every bit of the exploited code is very familiar to me: working on the portion of…

Continue reading »

POODLEs are for Legacy

If you haven’t heard, Bodo Möller, Thai Duong, Krzysztof Kotowicz, of Google released an interesting security issue called POODLE (Padding Oracle On Downgraded Legacy Encryption) with SSL 3.0, with a generalized discussion here. The issue is yet another protocol design flaw with SSL 3.0. Hopefully, this will be the final flaw that breaks the SSL legacy camel’s back, pushing…

Continue reading »

Coverity at the SD Summit – Helsinki.

Coverity, along with local partner Jab were again exhibiting at this year’s SD summit in Helsinki. The event welcomed a vast mix of professionals but mainly included Test Managers or those involved in the QA process with an interest in the adoption of continuous integration methods. This is where our platform was able to demonstrate…

Continue reading »

Comments (0)

Coverity Scan, Application Security and Open Source

We have just upgraded the Coverity Scan service to Coverity 7.5. With this upgrade, we’re now enabling Coverity Scan members to utilize Coverity Security Advisor to help them eliminate security defects in Java web applications. Since Heartbleed, GoToFail bug and recently the shellshock, we have aimed to provide the latest technology that will enable open…

Continue reading »

Better than nothing

Here’s a question I get occasionally: This gives an error stating that U must be a reference type to use it in C<U>. But the outer constraint says that T is a reference type, and the inner constraint says that U is a T, so why doesn’t the compiler know that U is a reference…

Continue reading »

NASDAQ OMX and a Year of Resiliency

Best Practices in Software Testing for Financial Services On September 25th we hosted a networking event at the Breslin’s Liberty Hall at the Ace Hotel in New York, where we featured one of our customers, Ann Neidenbach, SVP, Global Technology Services, NASDAQ OMX (NASDAQ: NDAQ), a leading provider of trading, exchange technology, information and public…

Continue reading »

Comments (0)

ShellShock: Bug or Flaw?

As the repercussions from the ShellShock disclosure ripple through the security and business worlds, I wanted to contribute some thoughts on the issue from Coverity’s point of view. However, before drawing any conclusions, it’s instructive to first consider what type of vulnerability ShellShock actually is: a coding bug?  A design flaw?  Analysis on this is…

Continue reading »

Comments (0)

Code Spotter Beta: Now Available For Everyone!

Starting today, we are opening up our beta for Code Spotter to anyone interested in trying out this one of a kind cloud-based platform for finding defects in Java code. Use of the Code Spotter service remains entirely free for the duration of this ongoing beta with absolutely no strings attached or restrictions imposed. So…

Continue reading »

Comments (0)

Spot the defect: randomness

Today on Ask The Bug Guys I’m going to turn things around a bit and ask you to find and explain the bug. Suppose we want to generate a series of pseudo-random integers between 1 and 6 (inclusive) to simulate rolling a fair die. In the class library there is the useful random.Next(min, max) method…

Continue reading »