Click here to receive your FREE subscription to Campus Technology
News
Coverity Adds Java Support to OSS Scan Service
11/27/2007
San Francisco-based Coverity Inc. has expanded its static source-code analysis scanning solution. The solution now supports Java-based open source software (OSS) projects. Developers can check their OSS Java applications for free using Coverity's hosted solution. The solution scans applications and points out security and quality problems in the code without actually running the tested application.
Coverity's scanning site already checks open source applications based on C and C++ code. The site has scanned more than 250 C/C++ solutions, entailing "55 million lines of code," according to an announcement issued by the company. The announcement adds that because of the scans, "more than 7,500 security and quality defects" have been fixed by project administrators.
The new Java code-scanning capability of the site is being enabled, in part, through Coverity's contract with the U.S. Department of Homeland Security. David Maxwell, Coverity's open source strategist, said that Coverity has three-year contract with the government agency. The Coverity solution is tested by Symantec, which also has a contract with the agency, he added.
The Department of Homeland Security issued the contract as part of its security initiatives, Maxwell explained.
"Under their Cybersecurity initiative, [the Department of Homeland Security has] a section which is securing the Internet infrastructure," he said. "A large portion of the Internet is built based on open source software--when you think of the most popular Web server, it's Apache, and obviously Linux is a very popular operating system for servers. Many of the components of the Internet are open source."
Static source-code analysis is a way of checking code before compiling it. Maxwell said that the technology has been around for a while but that Coverity has enhanced a solution that was originally developed at Stanford University. Static source-code analysis complements unit testing and quality assurance efforts because you check the code before running it.
The standard method of dynamically testing code by compiling it can be cumbersome, especially for large projects. Maxwell said that some standard dynamic testing tools can run for weeks and not exhaust finding possible errors in programs.
The Coverity Prevent SQS engine, which underlies Coverity's scanning site, "analyzes software dependencies, key third-party libraries and projects spread across multiple development groups," according to Coverity's announcement.
Coverity's open source scanning solution is available for free -- although with no support -- to OSS developers as a hosted application. The company also offers licenses to commercial software developers, where companies can purchase training and use the solution with as many developers as wanted, Maxwell said. For the commercial environment, Coverity's solution is installed, not hosted, he added.
Developers can access Coverity's OSS code analysis site here.
Kurt Mackie is online news editor, Enterprise Group, at 1105 Media Inc. You can contact Kurt at kmackie@1105media.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- College of Southern Nevada Implementing Angel To Run Online Courses
The College of Southern Nevada (CSN), a community college in Las Vegas with 41,000 students, has adopted the Angel Learning Management Suite (LMS) to support its online course offerings. In Spring 2008 CSN began evaluating alternatives to WebCT, which it currently runs, and made the decision to adopt Angel in the fall. In January 2009, CSN's 865 sections of online enrollment will be delivered using the Angel LMS.
- Toshiba Brings DisplayLink to Docking Station
Toshiba has introduced a new USB docking station that incorporates DisplayLink--a technology that allows computers to connect to projectors and other types of displays through USB 2.0.
- Mitsubishi Ships SXGA+ Projector with DICOM Simulation
Mitsubishi has begun shipping a new LCD-based SXGA+ projector aimed at higher education, specifically medical schools. The new MH2850U, according to Mitsubishi, is "specially engineered for projecting DICOM simulation images for use in medical education and training."
- First Look: Komodo IDE 5.0
Last month, ActiveState released Komodo IDE 5.0, the company's latest integrated development environment (IDE). Komodo supports multiple programming and markup languages, including HTML, JavaScript, PHP, Perl, Java, Python, C++ and more. It does not support some .NET languages at present, such as ASP/ASP.NET, C# and VB.NET.
- IBM Offers Cloud Computing Help
IBM last week announced consulting services specifically designed to help organizations assess their options in using cloud computing technology. "Cloud computing" is a much argued term, but it typically refers to solutions delivered over the Internet, rather than via customer premises-installed software.
- Hollins U Chooses Omnilert for Emergency Notification Ahead of VA Deadline
Hollins University, among other higher ed institutions in Virginia, has implemented Omnilert's e2Campus emergency notification system (ENS) just ahead of a state-mandated deadline requiring them at every public institution of higher education by Jan. 1. Hollins itself isn't a public campus, but wished to implement an ENS before the end of the year, the school said in a company statement.
