San Francisco, CA, United States
San Francisco, CA, United States

Coverity is a software vendor which develops development testing solutions, including static code analysis tools, for C, C++, Java and C#, used to find defects and security vulnerabilities in source code. Wikipedia.


Time filter

Source Type

News Article | January 28, 2016
Site: www.techtimes.com

Oracle announced that it is putting a life sentence on the Java browser plugin, which was found to often display security problems and require updates that are more frequent than normal. The decision was revealed in a new blog post, where Oracle offered a few details about its plans. "Oracle plans to deprecate the Java browser plugin in JDK 9," said Oracle. "This technology will be removed from the Oracle JDK and JRE in a future Java SE release." Oracle acquired Java along with its purchase of Sun Microsystems in 2010, but the plugin has long been a sore topic. The Java plugin started threatening browsers' security back in 1995 and stirred plenty of controversy ever since. With its latest decision, Oracle is the latest to have joined the "anti-Java plugin" sentiment, something that Chrome, Firefox and Microsoft Edge have already shared ahead of Oracle's announcement. These companies have all expressed that they are either aborted the support for plugins or they are doing that step in the not so distant future. Apart from issues on security and annoying updates, installing the plugin would also lead users to opt for an Ask Toolbar download. Since it becomes automatically integrated with the Java download, users can opt to have either the Ask Search Toolbar or the Ask Shopping Toolbar. Eliminating the plugin may seem like an easy thing to do but in reality, there are a number of issues that should be considered. Andy Chou, founder of Coverity, previously said that he had no idea if it would be possible for Oracle to move Java into a path that is more secure. "It's easy to take potshots from the outside and say that a development organization should just shift to faster patching," said Chou. "Making big changes requires laying new processes down that affect the entire software development process, which may involve hundreds or thousands of people. It takes time, even when the organization is serious about it." One of the alternative options that is being considered by developers of applications is migrating from Java Applets to the Java Web Start technology which is absolutely plug-in free. Oracle also announced the early access releases of JDK 9, which users can now download and start testing. The company also created a short whitepaper which offers additional background and details on the various migration options.


SAN FRANCISCO--(BUSINESS WIRE)--Rainforest QA, creators of the world’s only AI-powered crowdtesting platform for agile and continuous integration software teams, today announced Zack Smocha as vice president of product, Derek Choy as vice president of engineering and Peter Farago as vice president of marketing. Together, the new executive additions bring extensive experience in scaling software businesses as well as in crowdsourcing and testing, including Mercury Interactive, Sauce Labs and HackerOne. Smocha, Choy and Farago will all be based in Rainforest QA’s San Francisco office. “There is enormous demand for smarter ways to do QA and testing within agile environments, and Rainforest’s rapid growth is a testament to that,” said Fred Stevens-Smith, CEO of Rainforest QA. “Zack, Derek and Peter are all proven leaders scaling successful software businesses. They will play a critical role in our effort to meet the increasing demand for Rainforest’s testing platform, as we continue to see development teams struggle in their ability to balance the right level of speed versus quality.” With the growth of agile and continuous integration, engineering teams are under more pressure than ever to build and release software faster. Yet, QA and testing remain a significant bottleneck, often performed manually and taking days — if not weeks — to get right. According to a recent report from CapGemini, 99% of companies expressed they have challenges testing in agile environments. The additions of Smocha, Choy and Farago to the Rainforest QA team come on the heels of strong company momentum in 2016, including a $12M Series A funding round led by Bessemer Venture Partners, growing 2016 revenue by 2.4X. In 2017, Rainforest QA is well-poised to continue this trajectory, with revenues expected to more than double once again, and regression test steps executed across the platform to triple. Details on each new executive are as follows: As vice president of product, Zack Smocha will drive the roadmap for new and existing products. Smocha has more than 15 years of experience generating growth at leading companies in the application life cycle industry. At Mercury Interactive, acquired by HP for $4.5 billion, Smocha helped ramp company revenue from $50 million to $900 million. Over his tenure, he held senior positions in development and product management for Loadrunner, the company’s flagship product. At Sauce Labs, Smocha was instrumental in defining the company’s initial strategy, and at Coverity, acquired by Synopsis for $375 million, Smocha drove a product roadmap that delivered 2.5X revenue growth. At Rainforest, Derek Choy is responsible for driving technical innovation and scaling Rainforest’s globally distributed engineering team. Choy joins Rainforest QA from Aria Systems, where he was vice president of engineering, scaling a similarly distributed engineering team by 10X, which supported revenue growth of more than 20X. Prior to Aria Systems, Choy was director of software development at eBay, where he led product development for its billing platform, and was responsible for streamlining processes across several teams. Choy has also held senior engineering and management positions at Accenture and AT&T. Peter Farago oversees marketing, including branding, communications, product marketing and demand generation. He brings more than 15 years of experience building marketing across companies with successful exits. Farago most recently built and led marketing for HackerOne, the world’s leading bug bounty platform, where he helped increase revenue by 4X and customer adoption by 3X. Prior to this, Farago was CMO at Acompli, leading the company to its $200 million acquisition by Microsoft Corporation after only one round of funding. Earlier, Farago led marketing for over five years at Flurry, acquired by Yahoo! for $300 million. Farago has also held senior marketing positions at Electronic Arts, Digital Chocolate and Microsoft. Rainforest QA helps agile and continuous delivery engineering teams move faster with the industry’s only AI-powered crowdtesting platform. Our platform leverages 50,000 qualified testers to deliver on-demand, comprehensive and machine learning verified regression test results. Rainforest customers spend less time and money testing so they can ship better applications faster. For more information on Rainforest, visit https://www.rainforestqa.com.


Patent
Coverity | Date: 2011-06-07

Updating a set of items is disclosed. A set of items is received. The set of items is partitioned into groups. Group dependency information for the groups is calculated. Optionally, a dependency report is produced. Optionally, groups are updated. Optionally, change impact analysis is performed.


A method is provided to infer taintedness in code expressions encoded in a computer readable device comprising: configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; determine whether an identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; determine whether a structured data type casted to is associated with indicia of externalness; designating data addressed by that pointer as tainted; and determine whether data designated as tainted is consumed by an operation in the computer program that acts as a taintedness sink.


Grant
Agency: Department of Homeland Security | Branch: | Program: SBIR | Phase: Phase I | Award Amount: 100.00K | Year: 2009

While modern static analysis tools have progressed significantly, barriers to adoption still exist due to the turnaround time between submitting code and producing analysis results, and due to the inability to model code paths which traverse externally supplied codeblocks, such as 3rd party library functions. This submission targets these two challenges from a number of directions, with intended deployment through the Open Source Hardening Project - Coverity Scan system.


Patent
Coverity | Date: 2013-09-26

A method is provided to prioritize testing of computer program code comprising: determining first test coverages of items within a first source code version for multiple tests; storing in a non-transitory storage device, a first history that indicates the determined first test coverages of the items within the first source code version; identifying occurrences of the items within a second source code version; determining first weights associated with tests, wherein a respective weight associated with a respective test is indicative of a respective number of respective items within the second source code version that are covered by the respective associated test according to the first history; and prioritizing the multiple respective tests based at least in part upon the determined first weights.


A method is provided to infer taintedness in code expressions encoded in a computer readable device comprising: configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; determine whether an identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; determine whether a structured data type casted to is associated with indicia of externalness; designating data addressed by that pointer as tainted; and determine whether data designated as tainted is consumed by an operation in the computer program that acts as a taintedness sink.


Patent
Coverity | Date: 2013-03-15

A method is provided to remediate defects in first computer program code that can be used to configure a computer to produce code for use by the same or a different computer configured using second computer program code to use the produced code to produce output information, the method comprising: configuring a computer to perform static analysis of the first program to produce an information structure in a non-transitory computer readable storage device that associates a respective code statement of the first program code with a respective context, wherein the context associates a parser state with a potential defect in the produced code; identify a defect in the first computer program code that is associated with the respective code statement; and determining a remediation for the identified defect.


Methods are provided that allow a false path pruner to traverse a directed acyclic graph in conjunction with one or more checker programs that are analyzing a program for defects or other artifacts of interest. While the checkers may have ways of avoiding re-traversal of portions of the graph that have already been traversed, the false path pruner may override such decisions made by the checkers as a result of a false path in order to allow re-traversal during a future different traversal when that same defect or artifact may not lie along a false path, and therefore avoid missing a valid defect or artifact. Computer programs stored on tangible media are provided that implement the methods of the invention.


A method is provided method to evaluate impact of a change in code of a depended upon component of a system stored in a non-transitory computer readable storage device, upon a dependent component of the system, the method comprising: identifying a dependency relationship between a first component stored in a storage device and a second component stored in the storage device; in response to a determination that the second component depends upon the first component, configuring a computer system to obtain a first property evaluation corresponding to the first component; and in response to obtaining the first property evaluation corresponding to the first component, configuring the computer system to associate the first property evaluation with the second component, and determine a second property evaluation corresponding to the second component, is the second component being associated with the first property evaluation.

Loading Coverity collaborators
Loading Coverity collaborators