MAIN SCAN LADDER FAQ AMANDA CHART
ABOUT SCAN    RUNG 2 - 11 Projects SAMBA CHART
FAQ    RUNG 1 - 86 Projects  
DEVELOPER FAQ    RUNG 0 - 173 Projects
ALL PROJECTS POLICY STATEMENT
 

ACCELERATING OPEN SOURCE QUALITY

In collaboration with Stanford University, Coverity is establishing a new baseline for software quality and security in open source. Under a contract with the Department of Homeland Security, we apply the latest innovations in automated defect detection to uncover some of the most critical types of bugs found in software.
     
       TOTAL NUMBER OF DEFECTS FIXED (SINCE 03/06/2006):  
  8,547  
    

May 20th, 2008: Announcing the Open Source Report 2008

[David Maxwell] - Drawing on over two years worth of the Coverity Scan data, we have prepared a report covering many aspects of the Scan results and software metrics.

The press release about the new Open Source Report is available in pdf form here.

The report can be viewed (pdf) from a link on a dedicated page, here

It is also my pleasure to announce an additional resource that will be helping with maintenance and expansion of the Scan project. Erinn Clark brings many years of open source experience to her new role as an Open Source Engineer at Coverity. In addition to her professional experience as a build and release engineer, she has also been involved in the Debian project since 2004.

January 11th, 2008: Notes on the Rung 2 news coverage

[David Maxwell] - This is a followup on the news coverage, discussions, and emails I've received regarding our announcement of Rung 2.

Developers of Firebird and FreeBSD contacted me about some of the remarks in the stories about Rung 2. Unfortunately, it's not possible to review writers' articles before publication, or to discuss every detail of Scan in a thirty minute phone call.

There are a couple of projects like I would like to offer specific notes regarding.

FreeBSD is unique, in that they have been a Coverity user since before the Scan project started, and their analysis is run outside of the Scan framework. The Scan statistics for FreeBSD have not been pulling in the numbers from that work, though it has been on my to-do list to fix that for some time.

The news coverity also raised an issue which has come up previously, in particular from the Firebird and NetBSD projects. Many open source projects include other open source code as libraries, components, utilities, or elements of their build toolchain. The statistics for a project include analysis for all of the code. New functionality in the software used for Rung 2 will let us break these numbers out on the webpage. I'll write again when that update happens.

If you've sent an email to myself, or scan-admin, and not received a response yet, please be assured it hasn't gone missing, but we have had a surge of requests - and there are still older issues I'm working on as well. Thanks for your patience.

January 8th, 2008: Announcing - Rung 2

[David Maxwell] - On a personal note, I'd like to thank everyone involved in the Scan project for your continued participation. It's a unique pleasure for me to work with so many other professionals who are passionate about code quality and security. On behalf of the Coverity team, and our friends at Symantec and the U.S. Department of Homeland security, I'd like to congratulate all project participants on the improvements you're made to your code over the past year and I look forward to working even more closely with you in 2008. That said, we have some exciting Scan news to share with you today.

Today, Coverity is announcing the release of Coverity Scan, Rung 2. This new level on the Scan ladder includes upgraded analysis based on a more recent version of Coverity Prevent.

Eleven dilligent projects which had resolved all of the defects identified at Rung 1 are the first projects to be upgraded to Rung 2. Those projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL

The version of Prevent in use for Rung 2 provides the projects with a new user interface, with significant usability improvements, and tracking and management functions. The analysis engine has been updated with eighteen months worth of developer effort, and builds a more accurate Software DNA Map than ever before. As a result, it can identify additional defects, not previously found.

See the Rung2 page for the current status of the active C and C++ projects on Scan.

Coffee Cup

November 20th: Announcing - Java on Scan

Since March 2006, the Scan Project has been providing the results of Coverity's static analysis tool, Prevent, to open source C and C++ projects.

Today, Scan is expanding to include open source software written in Java.

You must be a member of the open source project to get access to the results. Submit your Java-based open source project by email, to scan-admin@coverity.com

Projects will be added on a first-come, first-served basis, with those projects who have already submitted Java requests in the past on the front of the queue.

See the Rung1 page for the current status of the active C and C++ projects on Scan.

If you have any questions or would like to suggest additional projects to be added, please email scan-admin@coverity.com


 
     
  “COVERITY'S STATIC SOURCE CODE ANALYSIS HAS PROVEN TO BE AN EFFECTIVE STEP TOWARDS FURTHERING THE QUALITY AND SECURITY OF LINUX.”  
     
     
  ANDREW MORTON,
LEAD KERNEL MAINTAINER
 
 
     
     NEWS
 
  Scan now open to Java projects

 
 
 
  Scan Expanded with Graphics Software at Libre Graphics Meeting  
 
 
  Scan Expanded to 150 projects on its anniversary

 
 
 
  Happy First Birthday, Scan  
 
 
  Coverity Names David Maxwell as Open Source Strategist

 
 
 
  Coverity detects a security hole in X Windows that allows any user with a login to gain root privileges  
 
 
  Amanda releases major version (2.5) of the popular backup and recovery software with milestone of 0 Coverity defects  
 
 
  Scan.coverity.com results in over 1000 patches to projects in the first few weeks  
 
 
  internet.com logo
Coverity Study Ranks LAMP Code Quality
 
 
 
  eweek logo
DHS Funds Open-Source Security Project
 
 

 

©2007 COVERITY INCORPORATED | PRIVACY POLICY