Time filter

Source Type

San Francisco, CA, United States

Coverity is a software vendor which develops development testing solutions, including static code analysis tools, for C, C++, Java and C#, used to find defects and security vulnerabilities in source code. Wikipedia.

With the increasing complexity of software applications, shrinking IT budgets and the spiraling cost of developing software, many organizations in both the public and private sectors are turning to third-party software suppliers including outsourced teams, partners and open source to develop their applications. According to a recent study conducted by Forrester Consulting and Coverity [1], almost all organizations are using some form of third-party code in their products, and over 40% rely on software from three to five different software suppliers.

Coverity | Date: 2011-06-07

Updating a set of items is disclosed. A set of items is received. The set of items is partitioned into groups. Group dependency information for the groups is calculated. Optionally, a dependency report is produced. Optionally, groups are updated. Optionally, change impact analysis is performed.

Methods are provided that allow a false path pruner to traverse a directed acyclic graph in conjunction with one or more checker programs that are analyzing a program for defects or other artifacts of interest. While the checkers may have ways of avoiding re-traversal of portions of the graph that have already been traversed, the false path pruner may override such decisions made by the checkers as a result of a false path in order to allow re-traversal during a future different traversal when that same defect or artifact may not lie along a false path, and therefore avoid missing a valid defect or artifact. Computer programs stored on tangible media are provided that implement the methods of the invention.

A method is provided to infer taintedness in code expressions encoded in a computer readable device comprising: configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; determine whether an identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; determine whether a structured data type casted to is associated with indicia of externalness; designating data addressed by that pointer as tainted; and determine whether data designated as tainted is consumed by an operation in the computer program that acts as a taintedness sink.

Coverity | Date: 2013-03-15

A method is provided to remediate defects in first computer program code that can be used to configure a computer to produce code for use by the same or a different computer configured using second computer program code to use the produced code to produce output information, the method comprising: configuring a computer to perform static analysis of the first program to produce an information structure in a non-transitory computer readable storage device that associates a respective code statement of the first program code with a respective context, wherein the context associates a parser state with a potential defect in the produced code; identify a defect in the first computer program code that is associated with the respective code statement; and determining a remediation for the identified defect.

Discover hidden collaborations