© Coverity 2010 Coverity Analysis: Improving Quality in the Software Supply Chain Peter Henriksen, Development Manager for Analysis, Coverity October 1,

Slides:



Advertisements
Similar presentations
SATE 2010 Background Vadim Okun, NIST October 1, 2010 The SAMATE Project
Advertisements

ESEM | October 9, 2008 On Establishing a Benchmark for Evaluating Static Analysis Prioritization and Classification Techniques Sarah Heckman and Laurie.
SE 501 Software Development Processes Dr. Basit Qureshi College of Computer Science and Information Systems Prince Sultan University Lecture for Week 7.
Choosing SATE Test Cases Based on CVEs Sue Wang October 1, 2010 The SAMATE Project 1SATE 2010 Workshop.
A community-maintained data store for descriptions of library resources Global Open Knowledgebase (GOKb)
Roadmap to Continuous Integration Testing and Benefits Gowri Selka, Walgreens Natalie Koltun, Walgreens May 20th, 2014 ©2013 Walgreen Co. All rights reserved.
Use Case Development Social Journey Template. A “Use Case” is simply a defined way of using Yammer to accomplish a goal or complete a task. Define the.
Improving Static Analysis Results Accuracy Chris Wysopal CTO & Co-founder, Veracode SATE Summit October 1, 2010.
Wed 10:30am – SPC152 - Migrating to SharePoint Online in Office Strategy and Best Practices Wed 1:45pm - SPC161 - Office 365 Deployment and.
Rational Tool Overview. Introduction Requirements-Driven Software Development with Rational Analyst Studio. Tafadzwa Nzara Analysis & Design Consultant.
…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.
Independent software testing - new type of outsourcing services Dmitryi Oparin Business Development Director Sunbay Software Crimea Ltd. Ukrainian Outsourcing.
Mike Azocar Sr. Developer Technical Specialist Microsoft Corporation
Accounting Information Systems Chapter Outlines
Swami NatarajanJune 17, 2015 RIT Software Engineering Reliability Engineering.
SE 450 Software Processes & Product Metrics Reliability Engineering.
© Company Confidentialwww.itcinfotech.com Business Case for Test Automation S.Janardhanan Chief Technology Officer ITC Infotech India Limited Business.
Customer Engagement: Imperatives
Creating a world where environmental sustainability and social justice are the normal conditions of business
QArea Windows Phone 8 Development Portfolio Windows Phone 8 Projects Portfolio QArea.NET development Division Development Center:Malta Office:Switzerland.
Planning Iteration Demo Suunto Training Program Planner.
MusalaSoft Quality Process Overview Damyan Kasapov, QA Engineer Tsvetelina Kovacheva, QA Engineer March 15, 2005.
Fall CS-EE 480 Lillevik 480f06-l5 University of Portland School of Engineering Senior Design Lecture 5 Prototype phase Evaluation phase Production.
ISO Tor Stålhane IDI / NTNU. What is ISO ISO 9001 was developed for the production industry but has a rather general structure ISO describes.
Merlin Bar Graph: Problems, Solutions, Progress Status
EECE 310 Software Engineering Lecture 0: Course Orientation.
1 Welcome to the New Madison Chapter of MPUG!. 2 Agenda Welcome Review Survey Feedback & Recommendations View Draft Madison MPUG Website Determine Next.
Marketing Management Online marketing
New Public Debt Committee Website Benjamin Fuentes Castro Superior Audit Office Mexico June 22, 2007 Lisbon, Portugal.
1 SEG4912 University of Ottawa by Jason Kealey Software Engineering Capstone Project Tools and Technologies.
GESS 2005 Great People Campaign. Privileged and Confidential Great People Team Develop and Institutionalize Reward Initiatives Improve Employee Communication.
Smart Social Media: I have LinkedIn/Facebook/Twitter but … April 11, 2012.
Sampleminded® Support Overview Last Updated: 1/22/
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
The Role of International Standards Plenary Session 3: The supporting role of the OECD Guidelines Christian Thorun, Policy Officer at the Federation of.
Curriculum Management
Top Down View of Estimation Test Managers Forum 25 th April 2007.
Statipedia: a platform for collaboration across statistical agencies Peter B. Meyer Office of Productivity and Technology, BLS and James A.
Computing History Milestones
Developed by Cool Pictures & MultiMedia PresentationsCopyright © 2007 by South-Western, a division of Thomson Learning. All rights reserved. Marketing.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
SATE 2010 Analysis Aurélien Delaitre, NIST October 1, 2010 The SAMATE Project
Planning Iteration Demo Suunto Training Program Planner.
Software Engineering Industry in Asia: Trends and Challenges Matthew Dailey Asian Institute of Technology.
Using Service Level Agreements to Manage Outsourcers Dr. Adam Kolawa CEO Parasoft.
© 2002 IBM Corporation Confidential | Date | Other Information, if necessary PTP 2.1 Release Review October 29, 2008.
Sprint 105 Review / Sprint 106 Planning April 22, 2013.
T Project Review WellIT I2 Iteration
Major Release 3.1 Global Webinar
Management Processes Application Bc. Ľubomír Kaplán, Bc. Martin Janočko, Bc. Andrej Mlynčár, Bc. Lukáš Kleščinec, Bc. Tomáš Hermánek, Bc. Tomáš Mikuška.
Good Practices to Reduce Forced and/or Child Labor in Supply Chains Part 2.
JRA1 Meeting – 09/02/ Software Configuration Management and Integration EGEE is proposed as a project funded by the European Union under contract.
Discussion points for 2 nd Interop Event Group Name: TST WG Source: Keebum Kim, TTA, Meeting Date: TP#22.
To protect, promote and improve the health of all people in Florida through integrated state, county and community efforts. Add Local Level Branding.
Copyright © Allyn and Bacon 2006Copyright © Allyn & Bacon 2008 Chapter 1: What is Public Relations? This multimedia product and its contents are protected.
HOW TO REPAIR INCREDIMAIL ERRORS?. Overview  IncrediMail is one of the desktop-based programs which allocate you to share newsletter messages.
Chapter 25 – Configuration Management 1Chapter 25 Configuration management.
Open Source Security Updates Why it's Different; What you Should Know Josh Bressers Friday, 11 May 2007.
Launchpad Bringing projects and community together Christian Reis Joey Stanford Launchpad Engineering Team Canonical Ltd.
Fighting bugs or piling them? Anton Březina
Mobile Application Test Case Automation
Design and Implementation
Download Latest CompTIA CAS-002 Exam Dumps PDF Questions - CAS-002 Best Study Material - Realexamdumps.com
Best Approach And Practices For Software Quality Assurance Companies.
Chapter 13 & 18 Communication, Advertising, Promotion, and Sales
Herding Cats and Security Tools
Chapter 7 –Implementation Issues
Resource: Setting up a performance management system
Project Iterations.
Presentation transcript:

© Coverity 2010 Coverity Analysis: Improving Quality in the Software Supply Chain Peter Henriksen, Development Manager for Analysis, Coverity October 1, 2010

Overview Importance of SATE Coverity results Software certification Recommendations

3 Importance of SATE 3ALL MATERIALS CONFIDENTIAL Helping the Space Mature Important to have broad participation Transparency Pushing the envelope Coverity Participation Significant amount of work (~20 times more than 2009!) C/C++ Track: Chrome, Wireshark & Dovecot Coverity tools freely available for SATE researchers

4 SATE 2010: Listening to the Community 4ALL MATERIALS CONFIDENTIAL Improved Classification Security/Quality/Insignificant/False Positive Broader Language Coverage C, C++ & Java Larger Code Bases Addition of Chrome: large code base, widely used CVE Healthy challenge!

5 Coverity SATE Results: C/C++ Track 5ALL MATERIALS CONFIDENTIAL SATE 2010 Selection: 30-40bugs Improved SATE triage with new Quality classification General agreement on the triage results Number of Bugs Total (estimated TP): ~2300 High & Medium Impact: ~1900 SATE selection: ~1% Triage is hard! Quality of event messages is important Impact assessment is essential

Coverity Integrity Manager

7 The Software Supply Chain 7ALL MATERIALS CONFIDENTIAL The Problem Weakest link in the chain Defects in shared libraries can impact millions of devices (computers, phones, etc) How Coverity Can Help Integrity Report with Integrity Rating Software Certification Upstream Elimination of Defects Open source 3rd party Company wide libraries

Coverity Integrity Report: Software Certification

Coverity Software Integrity Rating

10 How to Use Your Software Integrity Rating 10ALL MATERIALS CONFIDENTIAL Set software integrity standards for your projects, products and teams Audit your software supply chain Promote your commitment to software integrity

11 Next Steps for SATE 11ALL MATERIALS CONFIDENTIAL Defect (& FP) Catalog Select one code base (per language) Fix the version Perform deep & thorough triage Resulting contents: Tools + Manual + CVE + FP Minor Recommendations Improve the CVE triage More time (add 4-6 weeks) Make Ubuntu VmWare VM’s available for C/C++ Track

© Coverity 2010 Q&A Peter Henriksen :

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.