Coverity
Encyclopedia
Coverity is a software vendor based in San Francisco. It was incorporated in November 2002. It develops static code analysis tools, for C, C++ and other programming languages, used to find defects and security vulnerabilities in source code. The product originated from a Stanford research project.
tool for C
, C++
, C# and Java
source code
. Coverity commercialized a research tool for finding bugs through static analysis, the Stanford Checker, which used abstract interpretation
to identify defects
in source code.
The most notable use of the tool was under a United States Department of Homeland Security
contract, in which it was used to examine over 150 open source
applications for bugs. On March 6, 2007 it was announced that over 6000 bugs across 53 projects found by the scan had been fixed.
Coverity Dynamic Analyzer is a tool used to analyze Java
source code. It was released in May 2008. It observes code as it executes and identifies race conditions, deadlocks, and needless synchronization.
Other products are Coverity Architecture Analyzer, Coverity Build Analyzer and Integrity Center.
and Foundation Capital
.
In June 2008, Coverity announced the acquisition of Solidware Technologies. The technology gained from this acquisition became the foundation of Coverity Software Readiness Manager for Java.
In October 2008 Seth Hallem won the TR35 prize by Technology Review of MIT.
In October 2009, Coverity earned a spot on Deloitte’s 2009 Technology Fast 500. Revenues: 2004 $1.941 million, 2008 $21.918 million.
In October 2011, Coverity earned a sport on Deloitte's 2011 Technology Fast 500.
Products
Coverity Static Analysis is a static code analysisStatic code analysis
Static program analysis is the analysis of computer software that is performed without actually executing programs built from that software In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code...
tool for C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
, C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
, C# and Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
. Coverity commercialized a research tool for finding bugs through static analysis, the Stanford Checker, which used abstract interpretation
Abstract interpretation
In computer science, abstract interpretation is a theory of sound approximation of the semantics of computer programs, based on monotonic functions over ordered sets, especially lattices. It can be viewed as a partial execution of a computer program which gains information about its semantics In...
to identify defects
Software bug
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...
in source code.
The most notable use of the tool was under a United States Department of Homeland Security
United States Department of Homeland Security
The United States Department of Homeland Security is a cabinet department of the United States federal government, created in response to the September 11 attacks, and with the primary responsibilities of protecting the territory of the United States and protectorates from and responding to...
contract, in which it was used to examine over 150 open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
applications for bugs. On March 6, 2007 it was announced that over 6000 bugs across 53 projects found by the scan had been fixed.
Coverity Dynamic Analyzer is a tool used to analyze Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
source code. It was released in May 2008. It observes code as it executes and identifies race conditions, deadlocks, and needless synchronization.
Other products are Coverity Architecture Analyzer, Coverity Build Analyzer and Integrity Center.
History
In early 2008, after spending more than four years as a self-funded, cash-positive startup, Coverity took in a $22 million investment from Benchmark CapitalBenchmark Capital
Benchmark Capital is a venture capital firm responsible for the early stage funding of some very successful startups. In 1997, the firm invested $6.7 million in eBay, which became worth more than $5 billion by the spring of 1999. Other high-profile investments include Ariba, Juniper Networks, Red...
and Foundation Capital
Foundation capital
Foundation Capital is a venture capital firm located in Silicon Valley. The firm was founded in 1995, and manages over $2.4 billion in investment capital. It raised its seventh and largest fund of $750 million in April 2008...
.
In June 2008, Coverity announced the acquisition of Solidware Technologies. The technology gained from this acquisition became the foundation of Coverity Software Readiness Manager for Java.
In October 2008 Seth Hallem won the TR35 prize by Technology Review of MIT.
In October 2009, Coverity earned a spot on Deloitte’s 2009 Technology Fast 500. Revenues: 2004 $1.941 million, 2008 $21.918 million.
In October 2011, Coverity earned a sport on Deloitte's 2011 Technology Fast 500.
Competitors
- ParasoftParasoftParasoft is an independent software vendor with headquarters in Monrovia, California. It was founded in 1987 by five graduates of the California Institute of Technology who had been working on Caltech Cosmic Cube....
Analyzes Java (Jtest), JSP, C, C++ (C++test), .NET (C#, ASP.NET, VB.NET, etc.) using .TEST, WSDL, XML, HTML, CSS, JavaScript, VBScript/ASP, and configuration files for security, compliance, and defect prevention. - KlocworkKlocworkKlocwork is a software company with headquarters in Burlington, MA and R&D based in Ottawa, ON, Canada. Klocwork was founded in 2001 as a spin-out of Nortel Networks and has over 850 customers who use its software development tools.-Products:...
Insight — Provides security vulnerability, defect detection, architectural and build-over-build trend analysis for C, C++, C#, Java. - MonoidicsMonoidicsMonoidics is the commercial developer of INFER™, an automatic static analysis tool aimed at proving memory safety for C and C++.The company was founded in 2009 and has offices in the United States, the United Kingdom, and Japan.-References:**...
INFER — A sound tool for C/C++ based on Separation Logic. - KalistickKalistickKalistick is a French based company editing a software radiography platform for Java and C# developments. Its goal is to help test teams improve their efficiency in software testing.-Overview:...
- PC-LintPC-LintPC-lint is a commercial static code analysis software tool produced by Gimpel Software for the C/C++ languages.PC-lint is a command-line tool for developers, indicating suspicious or plain wrong issues in source code...
A software analysis tool for C/C++. - PVS-StudioPVS-StudioPVS-Studio is a commercial static code analysis tool for C\C++\C++0x developed by Program Verification Systems. PVS-Studio is developed on the basis of the open source VivaCore library which itself is based on the OpenC++ library....
Open Source Alternatives
- ClangClangClang is a compiler front end for the C, C++, Objective-C, and Objective-C++ programming languages. It uses the Low Level Virtual Machine as its back end, and Clang has been part of LLVM releases since LLVM 2.6....
— A compiler that includes a static analyzer. - cppcheckCppcheckCppcheck is an open source static code analyzer tool for C/C++ programming languages. It's a versatile tool that can check non-standard code.-Plugins:Plugins for the following IDEs exist* Code::Blocks - integrated.* CodeLite - integrated....
— Open-source tool that checks for several types of errors, including use of STL. - cpplint Open source, automated checker to make sure a C++ file follows Google's C++ style.
- EclipseEclipse (software)Eclipse is a multi-language software development environment comprising an integrated development environment and an extensible plug-in system...
— An IDE that includes a static code analyzer (CODAN). - Frama-CFrama-CFrama-C stands for Framework for Modular Analysis of C programs. Frama-C is a set of interoperable program analyzers for C programs. Frama-C has been developed by Commissariat à l'Énergie Atomique et aux Énergies Alternatives and Inria...
— A static analysis framework for C
Business Model
The majority of the sales is done according to the LOC (lined of code) license , the definition of "line of code" is listed on the Coverity web siteExternal links
- Coverity Scan site (scanning of open-source projects)
- Coverity Community Forum (registration required)
- Additional Company Information