Channels ▼

JVM Languages

Coverity.Scan Now Includes Java

Since it was launched nearly two years ago, the U.S. government's Department of Homeland Security "Vulnerability Discovery and Remediation Open Source Hardening Project" has been doing daily security and reliablity audits on more than 250 open source C++ packages representing more than 55 million lines of code.

The lynchpin in the project has been Coverity which, in conjunction with Stanford University and Symantec, performs automated source-code analysis via its web site. In its first year of operation, developers fixed an average of 16 defects a day. Many of the new projects are so widely used that a single serious defect could affect millions of people. For example, Coverity added regular scans of zlib, a compression program used in more than 500 applications, including MSN Messenger, Microsoft Office, QuickTime and Apache. Other new projects include FreeRADIUS, a software application that provides secure authentication to 100 million users on the Internet and on business networks. To date, open source project maintainers have fixed more than 7,500 security and quality defects identified by Coverity Prevent SQS (Software Quality System).

But the news of the day is that Coverity has announced that it has now expanded the program to include open source Java-based projects.

"As open source software continues to win mindshare with commercial and government users, code quality and security are ongoing requirements," said David Maxwell, open source strategist for Coverity. "We are eager to share the capabilities of Coverity Prevent SQS with open source Java developers to help further improve the security and quality of their projects."

Coverity Prevent SQS checks 100 percent of the paths and values in C, C++, and Java software projects.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.