Coverity Selected in Department of Homeland Security Software Initiative

SAN FRANCISCO, Jan. 11 -- Coverity, Inc., makers of the world's most advanced and scalable source code analysis solution, today announced its flagship product, Coverity Prevent, has been chosen to conduct daily security audits of leading open source software projects under a new federal Homeland Security Advanced Research Project Agency grant designed to help secure cyberspace. The audit results will be published daily on the Web and are intended to help the development community, industry and government both identify and correct security vulnerabilities in some of the most important and widely-used software in the world.

The three-year grant, called the "Vulnerability Discovery and Remediation Open Source Hardening Project," is part of a broad federal initiative by the Department of Homeland Security's Science and Technology Directorate (DHS S&T) to foster the development and deployment of technologies to protect the nation's telecommunications infrastructure, including the Internet and other critical networks that depend on computer systems for their mission.

"The DHS grant is the latest proof of the tremendous traction we are seeing in the market with Coverity Prevent(TM) in the market," said David Park, VP of marketing & business development at Coverity. "In less than two years we have successfully demonstrated the value of our solution by gaining more than 100 customers. What better validation of our technology than to be selected by the federal government for such a critical security initiative. The government has extremely high security standards and we are glad that Coverity meets their requirements."

Coverity Prevent finds more than 20 different types of security vulnerabilities at the source code level. Its static analysis methods provide 100% path coverage and uncover very hard-to-find bugs found in complex code. It can discover so-called "true vulnerabilities" as well as enforce secure coding practices. True vulnerabilities are errors accidentally or intentionally introduced into the software as developers write code, including buffer overflows, file-based race conditions, size and bounds checking errors, and more. Coverity also offers a library of secure coding best practices to help guide developers to produce more secure code.

A 2002 study by the Mitre Corporation for the National Institute of Standards and Technology identified more than 230 open source software packages already in use for critical operations within the federal government.

Professor Dawson Engler of the Computer Science Department at Stanford University, the original author of the technology behind Coverity Prevent, is the lead investigator on the grant.

"We're pleased to have the technology built at Stanford and Coverity recognized by the Department of Homeland Security," Engler said. "We are happy to help improve the security of technologies that run the government's global IT infrastructure."

Under the terms of the grant, Coverity and Stanford will build and maintain a system that automatically analyzes more than 40 open source software projects as a nightly regression and publishes defects it finds in a publicly-available bug database.

Coverity's technology uses static source code analysis to find various types of hidden security errors. Often such errors compromise system security for certain input values but may not crash the software. Coverity pinpoints the exact code location and root cause of each security vulnerability. In addition, static analysis catches errors without running the code. This feature helps to find errors in operating systems, for example, where many of its code paths are difficult and time-consuming to exercise in the testing phase.

Among the more than 40 open source software projects benefiting from the software security analysis from Coverity and Stanford are Apache, FreeBSD, GTK, Linux, Mozilla, MySQL, PostgreSQL, and many more.

About Coverity

Coverity (http://www.coverity.com), makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, is a privately-held company based in San Francisco. Coverity was founded in 2002 by leading Stanford University scientists whose four-year research project resulted in a breakthrough approach for addressing the costliest problem in the software industry. That research breakthrough allows developers to quickly and precisely eliminate software defects and security vulnerabilities in tens of millions of lines of new or legacy code. Today, Coverity's solution is used by more than 85 leading companies to significantly improve the quality of their software, including Juniper Networks, McAfee, Synopsys, NASA, PalmOne, Sun Microsystems and Wind River.

Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Media Contacts

Craig Oda

Page One PR for Coverity

coda@pageonepr.com

650-565-9800 x102

Rob Rachwald

Senior Director of Marketing

rob@coverity.com

415-321-5212

Related Articles

• Wind River Delivers New Solution for Software Defined Radio Applications
  Friday, 13 January 2006



• Brekeke Software Announces Release of OnDO PBX v1.5 With Enhanced Conference Call Features
  Thursday, 12 January 2006



• TeamQuest Corporation Announces FIPS 140-2-Validated Encryption for TeamQuest Performance Software
  Wednesday, 11 January 2006



• Softek Announces Expanded Storage Array Support for Dataset-Level Migration Software
  Monday, 9 January 2006



• Apache Declares Cash Dividends on Common and Preferred Shares
  Sunday, 1 January 2006



• VA Software Announces Sale of Assets of Animation Factory Subsidiary
  Wednesday, 28 December 2005



• Boeing Delivers First Apache Combat Helicopter for Japan and Lockheed Martin Prepares to Deliver Two More New C-130J Aircraft
  Tuesday, 27 December 2005



• Linux Poker Game Software Added to MacOnlinePoker.com
  Tuesday, 27 December 2005



• Univa Ships Beta Release of Enterprise Globus Software
  Tuesday, 20 December 2005



• Open Source Software Makes Inroads at Majority of Corporations, According to Optaros Study
  Tuesday, 20 December 2005



• Run Your Own Web Server Using Linux & Apache -- SitePoint's Latest Release
  Sunday, 18 December 2005



• IntelliNet Technologies Announces Major Enhancements to its Accelero(TM) Application Development Software
  Friday, 16 December 2005



• SGI Expands Portfolio of Available CAE Software for U.S. Department of Defense Applications
  Wednesday, 14 December 2005



• Empower Technologies(TM) Software Development Kit Nominated as Most Promising New Technology at EE Times Award Show
  Tuesday, 13 December 2005



• WIN Enterprises Announces Linux Software Development Program
  Saturday, 10 December 2005