Previous
Meeting the software development challenge with static source code analysis
White Papers This white paper highlights key business and technology issues facing large software development teams and discusses how Coverity's groundbreaking static source code analysis technology enables them to detect and fix critical defects and security...
[January 31, 2008, 13:47]
Static vs. Dynamic Source Code Analysis: Finding the Right 'Bug Spray'
White Papers In this on-demand Webcast, Coverity CTO Ben Chelf reviews the relative merits of static and dynamic source code analysis tools, and the types of defects which can be found at compile time vs.at run time.
[January 31, 2008, 13:47]
Integration of Runtime Profiling and Static Code Analysis in Linux
White Papers Employing of various tools used to profile the case study application leads to the conclusion of increasing importance for integrating code analysis with runtime collected data. Based on runtime profiling results, the bottleneck source code gets...
[April 3, 2007, 1:00]
Apply Visual Studio Code Analysis to Beef Up Security
White Papers Source code reviews and inspections have long been considered economical methods for rooting out functional and design flaws in code even before applications make their way to testing. As security has grown in importance, and with the advent of web...
[December 22, 2008, 0:00]
Protecting Web Services From Remote Exploit Code: A Static Analysis Approach
White Papers This paper proposes STILL, a real-time, out-of-the-box, signature-free, remote exploit binary code injection attack blocker to protect web servers. STILL is motivated by an important observation that the request messages to web servers are...
[November 25, 2008, 23:00]
Impeding Malware Analysis Using Conditional Code Obfuscation
White Papers State-of-the-art malware analyzers discover code guarded by triggers via multiple path exploration, symbolic execution, or forced conditional execution, all without knowing the trigger inputs. Their technique automatically transforms a program by...
[June 20, 2009, 1:21]
Ensuring Code Quality in Multi-Threaded Applications: How to Eliminate Concurrency Defects With Static Analysis
White Papers Because they are nearly impossible to replicate in dynamic testing environments, static analysis is uniquely suited to play an important role in eliminating concurrency defects early in the software development lifecycle.
[August 22, 2009, 1:24]
MySQL gets gold star on bug test
News A source-code analysis of MySQL, a popular open source program at the heart of many Web sites, revealed few bugs compared with the number found in commercial code, testing company Coverity said Friday.
[February 7, 2005, 8:50]
E-voting source code posted online
News VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes.
[April 7, 2004, 10:55]
Open-source security moves to next step
News Source code analysis expert Coverity has found and helped fix more than 7,500 security flaws in open-source software, and published a list of the 11 open-source projects working fastest to sort them out.
[January 11, 2008, 14:19]
Reverse Engineering of Design Patterns From Java Source Code
White Papers Recovering design patterns can enhance existing source code analysis tools by bringing program understanding to the design level. The authors' approach uses lightweight static program analysis techniques to capture program intent.
[January 16, 2009, 0:00]
Microsoft hints at future SQL Server features
News Another code-name, 'Project Gemini', has been assigned to a set of analysis tools that will be included in Kilimanjaro. Microsoft has said the next version of its SQL Server database software will include self-service analysis and reporting...
[October 7, 2008, 16:47]
MacA&D
Downloads MacA&D is a comprehensive tool for system analysis, requirement specifications, software design and code generation. Popular modeling notations andsupported methods include object-oriented analysis and design with UML or structured analysis and...
[October 26, 2004, 8:00]
Linux 'better than proprietary software'
News The conclusion is the result of a four-year research project conducted by code-analysis company Coverity, which plans to release its report on Tuesday. Code-analysis tools typically use software-design principles to analyse a program's source code...
[December 14, 2004, 10:30]
Electronic voting 'insecure,' say researchers
News University researchers delivered a serious blow to the current crop of electronic voting systems in an analysis of one such system's source code in which they concluded that a voter could cast unlimited ballots without detection.
[July 25, 2003, 11:52]
Linux kernel bugs squished
News In July, the code analysis company scanned the latest version of the Linux kernel, version 2.6.12, and found no such programming errors, Coverity chief executive Seth Hallem said. The results of the analysis are a sign that Linux is maturing as an...
[August 4, 2005, 9:00]
Avinux: Towards Automatic Verification of Linux Device Drivers
White Papers The paper has successfully used Avinux for the automatic analysis of Linux device drivers reducing the immense overhead of manual code preprocessing that other projects incurred. Avinux is a tool that facilitates the automatic analysis of Linux and...
[February 4, 2009, 23:00]
Hackers' code exploits Sendmail flaw
News The code, released less than a day after the Sendmail flaw's public announcement, allows an attacker to remotely exploit a Red Hat or Slackware Linux computer running a vulnerable version of the mail server, the group -- known as the Last Stage of...
[March 5, 2003, 7:55]
US Government to fund open source bug hunt
News Through its Science and Technology Directorate, the department has given $1.24m (£702,000) in funding to Stanford University, Coverity and Symantec to hunt for security bugs in open source software and to improve Coverity's commercial tool for...
[January 11, 2006, 9:05]
Open Source Report: 2008
White Papers Findings are based on analysis of over 55 million lines of code on a recurring basis from more than 250 open source projects, representing 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analyzed.
[July 10, 2009, 1:51]
