Static Analysis for Java Open Source Projects Now Available from U.S. Department of Homeland Security and Coverity
Share:
Scan.Coverity.com Extends Commitment to Open Source Community with Support for Java
SAN FRANCISCO, Nov. 20 / -- Coverity, Inc., the leader in improving software quality and security automatically, today announced expanded capabilities of the company's popular open source code analysis site: www.scan.coverity.com/. Beginning today, the open source Scan site will provide static source code analysis for Java-based open source projects as an extension of Coverity's relationship with the U.S. Department of Homeland Security under the 'Vulnerability Discovery and Remediation Open Source Hardening Project.'
By expanding the Scan site to support Java projects from the open source community, Coverity will help developers uncover previously undetected critical defects, thereby improving the overall security and quality of open source software.
Coverity's Scan site has already made a significant impact on the security of open source projects based on C/C++. Currently, more than 250 C/C++ open source packages are included at the Scan site, representing more than 55 million lines of code. To date, open source project maintainers have fixed more than 7,500 security and quality defects identified by Coverity Prevent SQS (Software Quality System), the technological underpinning of the Scan site.
"As open source software continues to win mindshare with commercial and government users, code quality and security are ongoing requirements," said David Maxwell, open source strategist for Coverity. "We are eager to share the capabilities of Coverity Prevent SQS with open source Java developers to help further improve the security and quality of their projects."
Coverity Prevent SQS checks one hundred percent of the paths and values in C, C++ and Java software projects. Coverity's unique combination of analysis engines based on dataflow and Boolean satisfiability analyzes software dependencies, key third-party libraries and projects spread across multiple development groups. Coverity's low false-positive rates, ability to find critical must-fix errors, and defect resolution tools make developers' lives easier and improves their ability to find and fix defects.
For information on how to include new C/C++ or Java projects in Coverity's Scan site, visit: www.scan.coverity.com/.
About Coverity
Coverity (http://www.coverity.com/), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity's groundbreaking technology removes the barriers to writing and delivering complex software by automatically finding and helping to fix critical software defects and security vulnerabilities as the software is written. More than 300 leading companies choose Coverity because it scales to tens of millions of lines of code, has the lowest false positive rate and provides 100 percent path and value coverage. Companies like Juniper Networks, Symantec, McAfee, Synopsys, Palm and Wind River work with Coverity's tools to find and fix security and quality defects from their mission-critical code.
Source: Coverity
CONTACT: Jim Shissler, Director Public Relations of Coverity,
+1-415-694-5342, jshissler@coverity.com; or Patricia Colby of Page One PR,
+1-415-875-7494, patricia@pageonepr.com, for Coverity
Web site: www.coverity.com/
http://www.scan.coverity.com/
