Software Testing Blog

Delivering more value for QA Teams with Kalistick

logo

I’m very excited to share the news that Coverity has acquired Kalistick, the maker of an innovative cloud-based testing solution designed to help QA teams improve the effectiveness of their manual and automated testing efforts. With Kalistick, QA teams can focus their test execution efforts, such as regression testing and system level testing, based on…

Continue reading »

Gamifying Software Development at Intuit

Intuit_Logo

John Ruberto, Product Development Leader for Quickbooks Enterprise Solutions at Intuit and long-time Coverity customer, uses the Coverity platform across his development team coding in Java, C# and C/C++. Ruberto recently provided us with a little insight into a common challenge many enterprises face today: how to keep a diverse team of developers engaged, motivated…

Continue reading »

Why does my code not crash?

For a bit of a change of pace, today on ATBG I’ll talk about mostly C and C++, with a little Java and C# thrown in at the end. A very common question I see on StackOverflow in the “C” and “C++” tags is “here’s a clearly buggy program that I wrote; why does it…

Continue reading »

Coverity发布2013年度代码检测报告

假设软件最终将占领整个世界,那开源代码一定是整场战役的灵魂与核心。当前环境下,我们对开源代码和Coverity检测服务(Coverity Scan Service)的接受程度已经达到了一个前所未有的高度。超过1,500个项目正在使用Coverity 的代码检测服务,所有人都能够非常清晰的看到这些项目提高了整个软件行业的代码质量。近50,000个缺陷在2013年被Coverity的扫描代码检测服务修复。由于代码检测服务已经成为非常流行的需求,Coverity允许任何人注册并成为项目观察者(Project…

Continue reading »

Comments (0)

Who will win the Coverity Derby (for worst race condition of all time)?

Race

It’s derby time – which means it’s time to talk about big races. But we’re not talking about races that involve jockeys on horses. We’re talking about race conditions: multiple threads that access the same shared data without the appropriate locks to protect access points. Race conditions become vulnerabilities when events don’t happen in the…

Continue reading »

How will software security historians judge Spring 2014?

Wow, this Spring is tough from a security perspective: we had Apple’s “goto fail” vulnerability which affected basically all iOS and Mac OS X users, the Heartbleed vulnerability in OpenSSL which affected about two thirds of the internet, and now our friends at FireEye report that Microsoft Internet Explorer is susceptible to an exploit estimated…

Continue reading »

3 Hurdles to Getting CSRF Protection Correct

Preventing cross-site request forgery (CSRF) is a challenge for enterprise web applications.  A CSRF attack is executed when a user loads some malicious web content that silently hijacks their browser to perform unwanted actions on the target (i.e. your) website. An attack can even leverage the user’s active session cookies to bypass authentication checks. See…

Continue reading »

能否忽略Lock读取整型变量?

C sharp logo

原作者:Eric Lippert ,地址:Can I skip the lock when reading an integer? 今天的问题由我在Coverity的同事Ian从第三方开发者收集: 精简后的代码示例: public class TestLock { private object threadLock = new object(); private int value = 0; public void Start() { lock (threadLock) { value = 100; } } public void Finish() { lock (threadLock) { if (value != 0 ) value = 0;…

Continue reading »

Move Legacy Projects to Agile With This Simple, Shocking Move

I recently had a discussion with someone at an event about how challenging it can be to transition to an Agile software development process on an existing project. The most common approach seems to be focused on going Agile with the new code and leaving old code in its current state. This avoids the distraction…

Continue reading »

Warnings vs errors

C sharp logo

Today on Ask the Bug Guys, reader Raghavendra has a question about this bug: if someValue is of a non-nullable value type that defines an equality operator — like, int or Guid — then this code is legal, but almost certainly wrong, since the condition will always be true. Raghavendra’s question is why should the…

Continue reading »