Coverity

Coverity, Inc.

Type	Private
Industry	Development Testing
Founded	November 2002
Headquarters	San Francisco, CA
Key people	CEO: Anthony Bettencourt CTO: Andy Chou HR: Carol MacKinlay R&D: Andreas Kuehlmann
Products	Coverity 5, Prevent, Thread Analyzer, Architecture Analyzer, Software Readiness Manager, Integrity Center
Employees	200+
Website	coverity.com

Coverity is a software vendor based in San Francisco. It was incorporated in November 2002. It develops static code analysis tools, for C, C++ and other programming languages, used to find defects and security vulnerabilities in source code. The product originated from a Stanford research project.

Products

Coverity Static Analysis is a static code analysis tool for C, C++, C# and Java source code. Coverity commercialized a research tool for finding bugs through static analysis,^[1] the Stanford Checker, which used abstract interpretation to identify defects in source code.^[2]

The most notable use of the tool was under a United States Department of Homeland Security contract, in which it was used to examine over 150 open source applications for bugs.^[3] On March 6, 2007 it was announced that over 6000 bugs across 53 projects found by the scan had been fixed.^[4][5]

Coverity Dynamic Analyzer is a tool used to analyze Java source code. It was released in May 2008.^[6] It observes code as it executes and identifies race conditions, deadlocks, and needless synchronization.

Other products are Coverity Architecture Analyzer, Coverity Build Analyzer and Integrity Center.

History

In early 2008, after spending more than four years as a self-funded, cash-positive startup, Coverity took in a $22 million investment from Benchmark Capital and Foundation Capital.

In June 2008, Coverity announced the acquisition of Solidware Technologies.^[7] The technology gained from this acquisition became the foundation of Coverity Software Readiness Manager for Java.

In October 2008 Seth Hallem won the TR35 prize by Technology Review of MIT.^[8]

In October 2009, Coverity earned a spot on Deloitte’s 2009 Technology Fast 500.^[9] Revenues: 2004 $1.941 million, 2008 $21.918 million.

In October 2011, Coverity earned a spot on Deloitte's 2011 Technology Fast 500.^[10]

Competitors

• GrammaTech CodeSonar — A bug and security vulnerability finding tool for C/C++.
• Kalistick
• Klocwork Insight — Provides security vulnerability, defect detection, architectural and build-over-build trend analysis for C, C++, C#, Java.
• LDRA Testbed — Static analysis, dynamic analysis, and standards checking.
• Monoidics INFER — A sound tool for C/C++ based on Separation Logic.
• Parasoft Analyzes Java (Jtest), JSP, C, C++ (C++test), .NET (C#, ASP.NET, VB.NET, etc.) using .TEST, WSDL, XML, HTML, CSS, JavaScript, VBScript/ASP, and configuration files for security, compliance, and defect prevention.
• PC-Lint A software analysis tool for C/C++.
• PVS-Studio
• Red Lizard Software - Static analysis software which finds deep deficiencies in code for C/C++.

Open Source Alternatives

• Clang — A compiler that includes a static analyzer.
• cppcheck — Open-source tool that checks for several types of errors, including use of STL.
• cpplint Open source, automated checker to make sure a C++ file follows Google's C++ style.
• Eclipse — An IDE that includes a static code analyzer (CODAN).
• Frama-C — A static analysis framework for C

Business Model

The majority of the sales is done according to the LOC (lines of code) license,^[11] the definition of "line of code" is listed on the Coverity web site ^[12]

References

1. "A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World; How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems"
2. Dawson Engler at Stanford University
3. The open source results on scan.coverity.com
4. Open source one year results on scan.coverity.com
5. "LAMP lights the way in open-source security" – ZDNet
6. "Coverity Introduces Thread Analyzer for Java". Theserverside.com. 2008-05-07. http://www.theserverside.com/discussions/thread.tss?thread_id=49316. Retrieved 2011-01-29. 
7. Krill, Paul (2008-06-30). "Coverity buys Solidware to boost code analysis". Infoworld.com. http://infoworld.com/article/08/06/30/Coverity-buys-Solidware-to-boost-code-analysis_1.html. Retrieved 2011-01-29. 
8. "TR35: Seth Hallem, 28". Technology Review. http://www.technologyreview.com/tr35/Profile.aspx?Cand=T&TRID=712. Retrieved 2011-01-29. 
9. "2009 Technology Fast 500 Ranking | Technology Fast 500 | Deloitte LLP". Deloitte.com. 2010-09-23. http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/TMT_us_tmt/us_tmt_Fast500winnersbyrank_101509.pdf. Retrieved 2011-11-28. 
10. http://www.prnewswire.com/news-releases/coverity-named-one-of-the-fastest-growing-companies-in-north-america-on-deloittes-2011-technology-fast-500-132245658.html
11. http://www.coverity.com/html/licensetype.html Coverity License Types
12. http://www.coverity.com/html/line_count_guidelines.html COVERITY'S LINE COUNT GUIDELINES

External links

	Companies portal
	Software Testing portal

• Official website
• Coverity Scan site (scanning of open-source projects)
• Coverity Community Forum (registration required)
• Additional Company Information