Click here to receive your FREE subscription to Campus Technology
News
Coverity Adds Java Support to OSS Scan Service
11/27/2007
San Francisco-based Coverity Inc. has expanded its static source-code analysis scanning solution. The solution now supports Java-based open source software (OSS) projects. Developers can check their OSS Java applications for free using Coverity's hosted solution. The solution scans applications and points out security and quality problems in the code without actually running the tested application.
Coverity's scanning site already checks open source applications based on C and C++ code. The site has scanned more than 250 C/C++ solutions, entailing "55 million lines of code," according to an announcement issued by the company. The announcement adds that because of the scans, "more than 7,500 security and quality defects" have been fixed by project administrators.
The new Java code-scanning capability of the site is being enabled, in part, through Coverity's contract with the U.S. Department of Homeland Security. David Maxwell, Coverity's open source strategist, said that Coverity has three-year contract with the government agency. The Coverity solution is tested by Symantec, which also has a contract with the agency, he added.
The Department of Homeland Security issued the contract as part of its security initiatives, Maxwell explained.
"Under their Cybersecurity initiative, [the Department of Homeland Security has] a section which is securing the Internet infrastructure," he said. "A large portion of the Internet is built based on open source software--when you think of the most popular Web server, it's Apache, and obviously Linux is a very popular operating system for servers. Many of the components of the Internet are open source."
Static source-code analysis is a way of checking code before compiling it. Maxwell said that the technology has been around for a while but that Coverity has enhanced a solution that was originally developed at Stanford University. Static source-code analysis complements unit testing and quality assurance efforts because you check the code before running it.
The standard method of dynamically testing code by compiling it can be cumbersome, especially for large projects. Maxwell said that some standard dynamic testing tools can run for weeks and not exhaust finding possible errors in programs.
The Coverity Prevent SQS engine, which underlies Coverity's scanning site, "analyzes software dependencies, key third-party libraries and projects spread across multiple development groups," according to Coverity's announcement.
Coverity's open source scanning solution is available for free -- although with no support -- to OSS developers as a hosted application. The company also offers licenses to commercial software developers, where companies can purchase training and use the solution with as many developers as wanted, Maxwell said. For the commercial environment, Coverity's solution is installed, not hosted, he added.
Developers can access Coverity's OSS code analysis site here.
Kurt Mackie is online news editor, Enterprise Group, at 1105 Media Inc. You can contact Kurt at kmackie@1105media.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
