SOFTWARE TOOLS - Coverity 5 mitigates business impact of software changes -

SOFTWARE TOOLS – Coverity 5 mitigates business impact of software changes


San Francisco, Calif. – Coverity, Inc., has introduced Coverity 5, claiming it to be the industry's first software integrity product that automatically scans, prioritizes and maps the impact of defects introduced by software changes.

The new software is designed to help development organizations mitigate the business risk of software changes across their entire product portfolio.

Coverity 5 is the next generation of the Coverity software integrity product line, including Coverity Static Analysis.

As part of this launch, Coverity is showcasing two major innovations. The new Coverity 5 defect impact mapping capability is the first to enable developers to automatically map and identify how a single defect impacts multiple code bases, projects and products across the portfolio. Previously, mapping impact of defects was a highly manual, inaccurate and time-consuming process.

The second innovation is that the new Coverity 5 unified defect management interface is the first to enable developers and management to review, prioritize and triage their C/C++, Java and C# defects in a single workflow, providing a single version of the truth for the state of integrity across the entire product portfolio.

Software changes introduce defects that can seriously damage products in the portfolio that share the same code. Using traditional software analysis approaches, it is difficult, if not impossible, for developers to know exactly which projects, teams and products are impacted by new defects introduced by software changes. Coverity 5 enables developers to automatically scan software for new defects introduced by changes, instantly prioritize defect severity and map impact to all products sharing the same code.

Seth Hallem, Coverity CEO, said “Our new defect impact management capabilities mark the most significant innovation in the software integrity market since our introduction of commercial static analysis. Coverity 5 delivers an unprecedented level of defect impact visibility to developers so they can make highly informed business decisions on how they prioritize and triage software problems.”

Coverity 5 provides defect impact mapping, a turnkey way for developers to know all other code bases, teams, projects and products that are affected by a single defect. The unified defect impact management console is a rich web-based interface that allows developers to manage their C/C++, C# and Java defects in a single interface.

A defect knowledge base gives developers detailed information on every defect discovered by Coverity, including plain language defect explanations and an assessment of the potential impact of the defect from both Coverity's proprietary defect index and the industry standard Common Weakness Enumeration (CWE).

Automatic severity filtering guides developers to high impact defects, cutting the guesswork out of triage prioritization.

A new state-of-the-art code browser provides advanced defect drill-down capabilities, easy to use defect markers, shared views and in-line expansion into inter-procedural defect details.

Advanced defect reporting provides developers and managers an easy way to track defects fixed, defect trends, the overall state of integrity across the entire product line and evidence for defect remediation for compliance reporting.

Robust scalability enhancements enable more concurrent users and simultaneous analysis commits, all powered by an industrial strength relational database.

Coverity Static Analysis and Coverity Dynamic Analysis now share a powerful interface to enable customers to manage all of their defects in the same workflow.

Coverity Architecture Analysis now has new call graph and class hierarchy visualization that makes it easier for developers to see the internal structure of their program for program understanding and maintenance.

Coverity Build Analysis has new build reports that show build processes and file inputs and outputs so build engineers know if any unauthorized files are being accessed or whether processes are being run that could compromise the security or behavior of the end product.

“Static analysis has emerged as a best practice for identifying software defects within many embedded markets,” said Chris Rommel, Analyst at VDC Research Group. “However, the ability to address detected issues while also mitigating any risk from software change within a company's broader portfolio of products and code assets is becoming increasingly important to controlling the ultimate operational impacts of the software defects.”

Coverity 5 will be generally available by the end of the first quarter of 2010. Coverity 5 is the new version of the entire Coverity software integrity product line. Pricing and packaging do not change.

For more information, visit at

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.