Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
Posted on: 05/01/2007 05:17 PM
A pres release from Coverity:
New framework allows rapid expansion of scan.coverity.com — 400 percent Increase in 45 Days
SAN FRANCISCO and MONTREAL, May 1, 2007 – Coverity, Inc., makers of the world’s most advanced source code analysis solution, today announced a major infrastructure upgrade to scan.coverity.com, an open source software quality and security analysis site. The upgrade will enable the rapid expansion of the site, including regular additions of hundreds of new open source software projects. Coverity will use the new infrastructure to add 100 new open source graphics projects to the site on May 4th, coinciding with the start of the open source Libre Graphics Meeting in Montreal, Canada.
This is the first time that Coverity is focusing on improving the quality of end-user professional applications such as the open source Blender 3d suite used to create computer animation in movies. Other projects to be analyzed include the GNU Image Manipulation Program (GIMP), an open source photo retouching package and Inkscape, a vector graphics program. The new expansion is in response to the spread of open source software into all areas of the world economy, including the multi-billion dollar industry around professional graphics software.
The collaborative spirit of the open source development community leads members to work on multiple projects. Bryce Harrington, one of the project leaders for Inkscape, previously used scan.coverity.com when working on testing the performance of NFS.
"Coverity has again showed its good will in now analyzing open source graphics projects as part of their efforts with Scan," said Harrington. "As a test engineer at the Open Source Development Labs, I have been using the defects Coverity reported for Linux NFSv4. The way Coverity's product communicates information about every reported defect is especially valuable. It's rare to find this level of information in tests typically available to open source developers."
The new framework will enable scan.coverity.com to take full advantage of the latest advances in Coverity's recently announced Prevent SQS to further the work that was started in using Coverity Prevent(tm) last year. Last month on March 27, Coverity announced the addition of 100 new key open source libraries and infrastructure components. Today's announcement of an additional 100 open source graphics applications brings the total number of packages under regular analysis to 250.
"With this new infrastructure, we can fully leverage the scalability and precision of Coverity Prevent SQS the same way our commercial customers do. Our analysis of these 250 open source projects and beyond will reduce the global economic impact of catastrophic software failures and security vulnerabilities," said David Maxwell, open source strategist for Coverity. "The success of scan.coverity.com shows that Coverity's static code analysis is easy to use, quickly identifies relevant software defects, and provides a way to effectively improve the quality and security of complex software projects with distributed development teams."
David Maxwell will be providing details about the expansion of the scan.coverity.com site on May 4, 2007 at 11:20am at the Libre Graphics Meeting in Montreal, Canada, located at the Ecole Polytechnique de Montreal. More information on the talk and the conference is available at http://www.libregraphicsmeeting.org
More information about the scan project and a list of the new projects under analysis will be available at http://scan.coverity.com.
Coverity (www.coverity.com), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity’s groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 200 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path coverage. Companies like Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, Palm and Wind River work with Coverity's tools to find and fix security and quality defects from their mission-critical code.
Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.