Software Testing Blog

Software is Everywhere

We live in a world that runs on software. In 2011, Marc Andreesen declared “software is eating the world,” and in the ensuing four years, software has only become more voracious. Software pervades every aspect of our lives, from the things you touch every day (laptops, smart phones, TVs, cars) to the infrastructure of society…

Continue reading »

Comments (0)

Here in my car…

 Image Courtesy of SCMagazine.com On July 24th, 2015 FIAT CHRYSLER CARS announced a recall of 1.4 million vehicles to correct a cybersecurity issue that a Wired reporter unveiled on the world earlier that same week. In his video report, the reporter showed how the enterprising security researchers Charlie Miller and Chris Valasek could remotely hack…

Continue reading »

Comments (0)

Development Challenges on the Internet of Things

Recently, I had the privilege of hosting a webinar with Chris Rommel of VDC Research discussing common development challenges for Internet of Things (IoT) systems. We had many interesting questions during the event—far more than we had time to address—and I’d like to use this post to address some of the common themes and continue…

Continue reading »

Comments (0)

Dissecting a 19-year-old bug

(This article is posted to the Coverity Security Research Lab blog as well.) It was with a bizarre combination of nostalgia and horror that I read this morning about a 19-year-old rather severe security hole in Windows. Nostalgia because every bit of the exploited code is very familiar to me: working on the portion of…

Continue reading »

POODLEs are for Legacy

If you haven’t heard, Bodo Möller, Thai Duong, Krzysztof Kotowicz, of Google released an interesting security issue called POODLE (Padding Oracle On Downgraded Legacy Encryption) with SSL 3.0, with a generalized discussion here. The issue is yet another protocol design flaw with SSL 3.0. Hopefully, this will be the final flaw that breaks the SSL legacy camel’s back, pushing…

Continue reading »

Coverity at the SD Summit – Helsinki.

Coverity, along with local partner Jab were again exhibiting at this year’s SD summit in Helsinki. The event welcomed a vast mix of professionals but mainly included Test Managers or those involved in the QA process with an interest in the adoption of continuous integration methods. This is where our platform was able to demonstrate…

Continue reading »

Comments (0)

Coverity Scan, Application Security and Open Source

We have just upgraded the Coverity Scan service to Coverity 7.5. With this upgrade, we’re now enabling Coverity Scan members to utilize Coverity Security Advisor to help them eliminate security defects in Java web applications. Since Heartbleed, GoToFail bug and recently the shellshock, we have aimed to provide the latest technology that will enable open…

Continue reading »

Better than nothing

Here’s a question I get occasionally: This gives an error stating that U must be a reference type to use it in C<U>. But the outer constraint says that T is a reference type, and the inner constraint says that U is a T, so why doesn’t the compiler know that U is a reference…

Continue reading »

NASDAQ OMX and a Year of Resiliency

Best Practices in Software Testing for Financial Services On September 25th we hosted a networking event at the Breslin’s Liberty Hall at the Ace Hotel in New York, where we featured one of our customers, Ann Neidenbach, SVP, Global Technology Services, NASDAQ OMX (NASDAQ: NDAQ), a leading provider of trading, exchange technology, information and public…

Continue reading »

Comments (0)

ShellShock: Bug or Flaw?

As the repercussions from the ShellShock disclosure ripple through the security and business worlds, I wanted to contribute some thoughts on the issue from Coverity’s point of view. However, before drawing any conclusions, it’s instructive to first consider what type of vulnerability ShellShock actually is: a coding bug?  A design flaw?  Analysis on this is…

Continue reading »

Comments (0)