RSS

Security

Coverity Offers Code Governance With "Deep Visibility"

By Adrian Bridgwater, April 26, 2011

Code governance solution works across the software supply chain: in-house, outsourced, and third-party code

New to market this week is Coverity's Integrity Control solution for code governance, code quality, and security policy control. The product is presented as a route for developers to manage, monitor, and report on policies as code is developed and tested.

Providing the option to automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third-party suppliers, Coverity has used upbeat terminology to describe its new product, saying that it provides "deep visibility" into development risks across the software supply chain.


"The lack of governance over the software supply chain has put the revenue and reputations of Global 2000 brands at risk," said Anthony Bettencourt, Coverity CEO. "Coverity Integrity Control is a new means of addressing this problem by enabling companies to govern and manage third party software against the same criteria as your in-house development teams. Coverity extends both our market and technology leadership with this breakthrough new code governance product."


Coverity says that Integrity Control is an integrated solution that leverages code testing results from its own Coverity Static Analysis product and so offers code governance features including: 


Policy Management: To set standard thresholds, SLAs, and policies for code quality and security (such as defect density and number of defects by criticality, type, or impact), as well as productivity and efficiency such as time-to-fix defects and technical debt.

Executive Heat Map Alerts and Code Control Panel: To gain insight into development risk across the supply chain with a single view of code sources by supplier, component, and development team.

Coverity says that this function allows developers to monitor and identify suppliers, components, or teams in violation of code governance policies via alerts that appear with any breach of integrity standards. It then drills down into each policy to pinpoint the full context of the code problem, the specific policy in violation, and where it originated.




Policy Breach Notification: This function will notify third-party suppliers of code governance violations by automatically producing and sending a Coverity-branded software integrity report that summarizes the high-risk defects that exist (if indeed they do) inside their software and components.





Related Reading

News

Commentary

Most Popular

On the Web

Slideshow

Video

More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>
INFO-LINK




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Best of the Web

First C Compiler Now on Github

The earliest known C compiler by the legendary Dennis Ritchie has been published on the repository.

Quick Read

HTML5 Mobile Development: Seven Good Ideas (and Three Bad Ones)

HTML5 Mobile Development: Seven Good Ideas (and Three Bad Ones)

Quick Read

Building Bare Metal ARM Systems with GNU

All you need to know to get up and running... and programming on ARM

Quick Read

Amazon's Vogels Challenges IT: Rethink App Dev

Amazon Web Services CTO says promised land of cloud computing requires a new generation of applications that follow different principles.

Quick Read

How to Select a PaaS Partner

Eventually, the vast majority of Web applications will run on a platform-as-a-service, or PaaS, vendor's infrastructure. To help sort out the options, we sent out a matrix with more than 70 decision points to a variety of PaaS providers.

Quick Read


More "Best of the Web" >>

Security Recent Articles

Most Popular

Stories Blogs

Video

View All Videos

Upcoming Events



Most Recent Premium Content

Digital Issues