Development Testing Blog

Coverity and Heartbleed, part 2

Heartbleed_Defect

There has been a lot of concern about the Heartbleed vulnerability in OpenSSL lately. In earlier posts, we’ve talked about how Coverity does not find Heartbleed in its stock configuration.

We’ve been feverishly working to protect our users from this type of problem, and have identified a few possibilities. Using existing releases, we can find…

Continue reading »

Comments (0)

Throwback Thursday: DHS and Coverity Scan

tbt

On Tuesday, we released the annual Coverity Scan Report, which revealed the analysis of more than 750 million lines of code from open source and commercial C/C++ projects and almost 50 of our most active Java projects in the world. What we found was that, for the first time, the quality in the open source projects…

Continue reading »

Hot Off the Presses: Coverity Scan Report 2013

Cloudstack_logo

If software is eating the world, then open source software is leading the charge. Interest in open source and the adoption of our Scan service has never been higher. We now have more than 1,500 projects participating in the Scan service and we’re seeing that these projects are raising the bar for the entire industry when it comes to software quality. Almost 50,000…

Continue reading »

Coverity and “Heartbleed”

Heartbleed_Defect

A lot of people have been asking whether and how static analysis can help you avoid problems like the so-called Heartbleed vulnerability in your own code. The answer, unsurprisingly, is that it depends.

Finding potential defects through static analysis is a great idea. In fact, a lot of tools try to do exactly that with varying levels of success. The difficult…

Continue reading »

Comments (0)

Why does C# use UTF-16 for strings?

C sharp logo

Today on ATBG a langauge design question from reader Filipe, who asks:


Why does C# use UTF-16 as the default encoding for strings instead of the more compact UTF-8 or the fixed-width Continue reading »

A customer focused event with a difference

On March the 20th, we hosted our first UK Customer Theatre and where better to host this than in Theatre-land itself, Leicester Square. The day saw customers come from far and wide to network and to hear the latest and greatest regarding our latest release from the Coverity development team. It started with an introduction from Coverity discussing the recent Synopsys…

Continue reading »

Testing What Matters Most

Ace_Logo

Last summer, Johnny Willemsen, CTO for Remedy IT, delivered a webinar for SD Times to share how the ACE open source project began to implement Coverity as part of their automated testing. ACE, an open source framework that implements many core…

Continue reading »

真假死循环-Coverity的嵌入式支持

Snake

在产品设计中,小细节往往体现大智慧,最近笔者在实际的客户现场试用过程中,就遇到了一个看来简单但结果让人诧异的死循环,仔细研究后发现其中大有千秋,示例代码如下:

很简单的死循环,但使用Coverity对其进行检测的时候,默认的指令cov-analyze…

Continue reading »

I’ll Never Look at Security and Agile The Same Way Again

A couple of weeks ago, I attended the Keep Austin Agile event in—unsurprisingly—Austin, Texas. And while I had several compelling conversations with local practitioners about the Austin software culture and the progression of Agile environments in the workplace, there was one recurring theme that came up: the difficulty of tying security into an Agile process. More…

Continue reading »

NYSE shares best practices for using Coverity across Development & QA teams

nyselogo

On March 5th we hosted a networking event at Del Frisco’s in New York, where we featured one of our customers, Dikshitulu (Tulu) Pulupula, Vice President of Quality Assurance at NYSE Euronext, Inc. , a wholly-owned subsidiary of IntercontinentalExchange (NYSE: ICE). NYSE Euronext operates global financial markets…

Continue reading »