Today we’re excited to formally announce the formation of the Coverity Security Research Laboratory. Romain Gaucher and Chris Valasek are top-notch security researchers who bring a wealth of experience and hard-won security knowledge to tackle the complex challenges of secure development.
The lab will have two primary goals: to perform cutting edge security research and to improve the security capabilities of our products. It’s commonly understood that developers have a lot to learn about security, and we intend to help with that. But we also believe that helping the security community better understand development will lead to improved communication, tools, and practices and, ultimately, more secure software.
We believe that Coverity is in a unique position to shape the relationship between security and development. Our customers have traditionally been developers and development organizations, and we’ve learned what it takes to get developers to actually fix problems in software early in the development cycle. We’ve worked with over 1,100 customers, collaborated with over 250 open source projects, analyzed billions of lines of code and fixed millions of defects. In our view, this is the kind of scale required to “make a dent” in security. So while we will research individual vulnerabilities and dive deep into specific exploits, an important goal will be to build security knowledge into our products. That way, hard-won lessons from studying how one line of code goes wrong can be applied to billions of others.
The Coverity Security Research Laboratory is a sign of our commitment to the security market. We believe that this is a critical problem for the entire industry, and as such, it falls squarely within our mission to change the way software is developed.
PS. We’re hiring. If you’ve got experience with code review and pen testing, contact us to learn more.