Static Analysis for Java Open Source Projects Now Available From U.S. Department of Homeland Security and Coverity Extends Commitment to Open Source Community with Support

for Java

Nov 20, 2007, 00:00 ET from Coverity

    SAN FRANCISCO, Nov. 20 /PRNewswire/ -- Coverity, Inc., the leader in
 improving software quality and security automatically, today announced
 expanded capabilities of the company's popular open source code analysis
 site: Beginning today, the open source Scan
 site will provide static source code analysis for Java-based open source
 projects as an extension of Coverity's relationship with the U.S.
 Department of Homeland Security under the 'Vulnerability Discovery and
 Remediation Open Source Hardening Project.'
     By expanding the Scan site to support Java projects from the open
 source community, Coverity will help developers uncover previously
 undetected critical defects, thereby improving the overall security and
 quality of open source software.
     Coverity's Scan site has already made a significant impact on the
 security of open source projects based on C/C++. Currently, more than 250
 C/C++ open source packages are included at the Scan site, representing more
 than 55 million lines of code. To date, open source project maintainers
 have fixed more than 7,500 security and quality defects identified by
 Coverity Prevent SQS (Software Quality System), the technological
 underpinning of the Scan site.
     "As open source software continues to win mindshare with commercial and
 government users, code quality and security are ongoing requirements," said
 David Maxwell, open source strategist for Coverity. "We are eager to share
 the capabilities of Coverity Prevent SQS with open source Java developers
 to help further improve the security and quality of their projects."
     Coverity Prevent SQS checks one hundred percent of the paths and values
 in C, C++ and Java software projects. Coverity's unique combination of
 analysis engines based on dataflow and Boolean satisfiability analyzes
 software dependencies, key third-party libraries and projects spread across
 multiple development groups. Coverity's low false-positive rates, ability
 to find critical must-fix errors, and defect resolution tools make
 developers' lives easier and improves their ability to find and fix
     For information on how to include new C/C++ or Java projects in
 Coverity's Scan site, visit:
     About Coverity
     Coverity (, the leader in improving software
 quality and security, is a privately held company headquartered in San
 Francisco. Coverity's groundbreaking technology removes the barriers to
 writing and delivering complex software by automatically finding and
 helping to fix critical software defects and security vulnerabilities as
 the software is written. More than 300 leading companies choose Coverity
 because it scales to tens of millions of lines of code, has the lowest
 false positive rate and provides 100 percent path and value coverage.
 Companies like Juniper Networks, Symantec, McAfee, Synopsys, Palm and Wind
 River work with Coverity's tools to find and fix security and quality
 defects from their mission-critical code.
     Coverity is a registered trademark, and Coverity Extend and Coverity
 Prevent are trademarks of Coverity, Inc. All other company and product
 names are the property of their respective owners.
      Media Contacts
      Jim Shissler
      Director, Public Relations
      +1 415 694 5342
      Patricia Colby
      Page One PR for Coverity
      +1 415 875 74945

SOURCE Coverity