Coverity Calls a Halt to Unsafe Software

SAN FRANCISCO, March 15 /PRNewswire-Asia/ —

Coverity, Inc., the software integrity market leader, today announced that it will provide software integrity audits to qualified Global 2000 companies with safety-critical software concerns. The Coverity Software Integrity Audit can expose software defects that could change the behavior, freeze the operation or impair the performance of safety-critical devices or products. Coverity will also extend this offer to select suppliers to participating Global 2000 companies to help expose software integrity supply chain problems in third-party components, devices and products. Program details can be found at http://www.coverity.com .

The Coverity Software Integrity Audit can help Global 2000 executives answer two critical questions:

– “Are there safety-critical software defects shipping in my products?”

– “Are there safety-critical software defects in my supplier’s products?”

“Software complexity is creating an entirely new class of business risk for Global 2000 companies with safety-critical products across their entire software supply chain,” said Seth Hallem, Coverity CEO. “Now companies are accountable for both the software shipping in their products and the software from their third-party providers. Coverity is providing this offer to help Global 2000 companies who have safety concerns get the visibility they need to assess whether they are shipping safe software to their customers.”

The result of the Coverity Software Integrity Audit will provide executives and development teams with critical software integrity information such as:

– A list of software defects in the code that operates their

safety-critical devices, components and products;

– The potential impact those software defects can have on the behavior,

operation or performance of their products; and

– The overall Coverity Integrity Rating of their audited product or code

base, comparing their software integrity against industry averages.

Why Software Complexity Creates Business Risk

Coverity has deep history in mitigating the risk of software defects with consumers and in business. Since 2003, Coverity has helped more than 750 commercial customers and 250 open source projects analyze billions of lines of code and expose millions of software defects. According to the 2009 Coverity Scan Open Source Report, more than 11,200 open source defects were eliminated as a result.

“The challenge of software integrity can be attributed to many issues, but combinatorial path complexity and test coverage complexity are two of the primary problems that companies face,” said Andy Chou, Coverity Chief Science Officer and co-founder. “This can be particularly challenging for companies that integrate multiple software components from different companies and suppliers.”

– Combinatorial path complexity: Each software component has

combinatorial path complexity of its own. For example, a code base of 1

million lines of code can have more than a trillion possible paths to

defects. When combined with another software component, the complexity

rises dramatically because the interaction between the components can

cause new and unexpected behaviors that would not exist before

integration. This problem compounds even more when integrating

components from different suppliers that use different forms of testing

and integrity analysis.

– Test coverage complexity: Test coverage complexity is also a

significant challenge in large code bases. Typical manual code review

can cover only small fragments of a code base. Situational testing such

as functional testing, unit testing, performance testing and security

testing can cover significant portions of the code lines but almost

never a significant portion of the combinatorial paths. Automated

software integrity analysis is required to test the entire code base

and comprehensively exercise all the possible paths that may contain

defects.

“The magnitude of software complexity in today’s modern automobiles, aircraft and safety-critical systems is staggering,” said Theresa Lanowitz, analyst at voke, Inc. “Traditional manual code review and scenario testing are still required but are not sufficient to expose all the possible risk in the software code. Complex modern systems require transformational practices that leverage automation to ensure code quality before testing begins. Coverity has been at the leading edge of providing a new way to solve these problems with their automated software integrity analysis capabilities that can analyze complex code bases in excess of 100 million lines of code.”

This problem was also illustrated in a Coverity report on software safety. Andreas Gerstinger, Software Quality and Safety Engineer at Frequentis, a global market leader in communications and information solutions for safety-critical applications, stated: “Due to our products being used in mission-critical fields, Frequentis must adhere to the highest standards of safety and integrity. Coverity is now another critical pillar of our quality process. Coverity Static Analysis finds software defects that are difficult, if not impossible, to find during testing and manual code reviews. Coverity is a great complement to our existing processes and tools, and is a productivity enhancing solution that has been eagerly adopted by our entire development organization.”

Interested Global 2000 companies can sign up for the Coverity Software Integrity Audit by visiting http://www.coverity.com .

About Coverity

Coverity (http://www.coverity.com ), the software integrity leader, is the trusted standard for companies that have a zero-tolerance policy for software failures. Coverity’s award-winning portfolio of software integrity products discovers software defects in development before they can impact the business. More than 900 customers rely on Coverity to help them deliver high-integrity software. Coverity is a privately held company headquartered in San Francisco.