Coverity Releases Security Spotlight Report on Critical Security Defects in Open Source Projects

OWASP and C# Capabilities in Coverity Scan Expanded to Support Open Source Community

MOUNTAIN VIEW, Calif., Oct. 15, 2014 — (PRNewswire) — Coverity, Inc., a Synopsys company (Nasdaq: SNPS), today announced the release of its latest Coverity Scan™ Project Spotlight, which analyzed the security defects detected by its open source software scanning service. In conjunction with the release of the report, Coverity also announced that it would enhance the Coverity Scan service by including the Coverity® Security Advisor solution to the service so projects can now find critical Open Web Application Security Project (OWASP) Top 10 issues. The service has also been expanded to now include C# open source projects.

Recent high-profile vulnerabilities in open source code, including Shellshock, the OpenSSL Heartbleed and GoToFail vulnerabilities, have highlighted the importance of code quality and security for organizations. The Coverity Scan Security Spotlight identifies several common defects and exposures (CVEs) in open source code, and identifies that the GoToFail vulnerability could have been detected in Scan.

Since the inception of the Coverity Scan service in 2006, Coverity has enabled open source projects to find and fix critical security issues, including buffer overflows, integer overflows, and format string errors in C/C++ code. With today's announcement, the company is now enabling Java developers to find and fix security issues in their software code, including all of the OWASP Top 10 and other web application security issues.

The OWASP Top 10 presents the most critical threat to open source code. In the short time since Coverity Scan has been able to detect web application security defects in Java, the service has identified 688 OWASP Top 10 issues in 37 open source projects, including big data, network management, and blog server projects.  The following are the specific number of OWASP Top 10 issues found:



Number of Issues Found





Broken Authentication and Session Management



Cross-site Scripting (XSS)



Insecure Direct Object References



Security Misconfiguration



Sensitive Data Exposure



Missing Function Level Access Control



Cross-Site Request Forgery (CSRF)



Using Components with Known Vulnerabilities



Unvalidated Redirects and Forwards


"The road to application quality and security starts in development," said Zack Samocha, senior director of products at Coverity. "With three major security issues related to open source code defects this year, it's imperative that open source developers design code security into their projects starting as early as possible and utilize security experts to help them understand vulnerable areas in the code and potential attack vectors. Open source developers should leverage some of the best practices for application security employed by proprietary projects such as using static analysis and conducting regular security audits."

During the past eight years, the Coverity Scan service has analyzed several hundreds of millions of lines of code from more than 1,500 open source projects – including C/C++ projects such as NetBSD, FreeBSD, LibreOffice and Linux, and Java projects such as Apache Hadoop, HBase and Cassandra. The Scan service has helped developers find and fix more than 94,000 defects since 2006. Nearly 50,000 defects were fixed in 2013 alone – the largest single number of defects fixed in a single year by Scan users. More than 11,000 of these defects were fixed by the four largest projects in the service: NetBSD, FreeBSD, LibreOffice and Linux.

Online Resources:

About Coverity Scan
In 2006, the Coverity Scan service was initiated with the U.S. Department of Homeland Security as a public-private sector research project, focused on open source software quality and security. Coverity now manages the project, providing its development testing technology as a free service to the open source community to help them build quality and security into their software development process. Register your open source project for the Coverity Scan service, and follow us on Twitter to get the latest updates.

About Coverity
Coverity, Inc., a Synopsys company (Nasdaq: SNPS), is a leading provider of software quality and security testing solutions. Coverity's award-winning development testing platform helps developers create and deliver better software, faster, by automatically testing source code for software defects that could lead to product crashes, unexpected behavior, security breaches or catastrophic system failure. The world's largest brands rely on Coverity to help ensure the quality, safety and security of their products and services. For more information, visit, follow us on Twitter or check out our blog.

SOURCE Coverity, Inc.

Coverity, Inc.
Kristin Brennan, Coverity
Phone: +1.415.321.5230
Email Contact
Michelle Kincaid, LEWIS PR for Coverity
Phone: +1.415.432.2467
Email Contact

Review Article Be the first to review this article

Featured Video
Peggy AycinenaWhat Would Joe Do?
by Peggy Aycinena
H-1B Visa: de Geus’ tragedy looms large
Peggy AycinenaIP Showcase
by Peggy Aycinena
IP for Cars: Lawsuits are like Sandstorms
More Editorial  
Technical Support Engineer for EDA Careers at Freemont, CA
Technical Support Engineer EU/Germany/UK for EDA Careers at N/A, United Kingdom
Lead Java Platform Engineer IOT-WEB for EDA Careers at San Francisco Area, CA
Mechanical Designer/Engineer for Palo Alto Networks at Santa Clara, CA
Staff Software Engineer - (170059) for brocade at San Jose, CA
ASIC/FPGA Design Engineer for Palo Alto Networks at Santa Clara, CA
Upcoming Events
Embedded Systems Conference ESC Boston 2017 at Boston Convention & Exhibition Center Boston MA - May 3 - 4, 2017
2017 GPU Tech Conference at San Jose McEnery Convention Center 150 West San Carlos Street San Jose CA - May 8 - 11, 2017
High Speed Digital Design and PCB Layout at 13727 460 Ct SE North Bend WA - May 9 - 11, 2017
Nanotech 2017 Conference & Expo at Gaylord National Hotel & Convention Center WA - May 14 - 17, 2017

Internet Business Systems © 2017 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy