Coverity Integrity Control Governs Code Risk From Third Party Suppliers

April 27, 2011 - PRLog -- Coverity Integrity Control Governs Code Risk From Third Party Suppliers
New Code Governance Solution Enables Software Executives to Monitor Software Policies Across In-House Teams, Outsourcers, and Third Party Suppliers

London UK - April 26, 2011 – Coverity, Inc., the software integrity leader, announced today the release of Coverity Integrity Control. Coverity Integrity Control is a new solution for code governance that enables software development organisations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested. With Coverity Integrity Control, companies can automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third party suppliers, gaining deep visibility into development risk across the software supply chain.

“The lack of governance over the software supply chain has put the revenue and reputations of Global 2000 brands at risk,” said Anthony Bettencourt, Coverity CEO. “Coverity Integrity Control is a new way to address this problem by enabling companies to govern and manage third party software against the same criteria as your in-house development teams. Coverity extends both our market and technology leadership with this breakthrough new code governance product.”

Coverity Integrity Control is an integrated solution which leverages code testing results from Coverity® Static Analysis, and offers advanced code governance features including:

•         Policy Management: Set standard thresholds, SLAs and policies for code quality and security (such as defect density and number of defects by criticality, type or impact), as well as productivity and efficiency (such as time-to-fix defects and technical debt) across suppliers, outsourcers, open source, and in-house teams.

•         Executive Heat Map Alerts & Code Control Panel: Gain insight into development risk across the supply chain with a single view of code sources by supplier, component and development team. Monitor and identify suppliers, components or teams in violation of code governance policies via alerts that appear with any breach of integrity standards. Drill down into each policy to pinpoint the full context of the code problem, the specific policy in violation, and where it originated.

•         Policy Breach Notification: Notify third party suppliers of code governance violations by automatically producing and sending a Coverity Software Integrity Report that summarises the high risk defects that exist in their software and components.

•         Third Party Supplier SLA Enforcement: OEMs can consistently measure suppliers against standard quality and security SLAs, and automatically audit for SLA violations on-demand. Suppliers can build policies aligned to established SLAs and self-certify their code upon delivery to their supply chain partners.

•         Code Testing & Coverity Integrity Manager Integration:Set policies that evoke priorities for code testing with Coverity Static Analysis. Notify developers of quality or security policy violations within their existing workflow, prioritised by risk and impact, so they know what problems to fix first, and report on progress towards compliance with policies. Produce an updated risk profile with every code iteration and test.

“Defects in code directly contribute to product delays and recalls, impact customer satisfaction, and revenue loss. It is critical for the business to understand what development issues are slowing time to market or which software suppliers may be introducing quality and security risks into their products,” said Ezi Boteach, Coverity VP of Products.“Implementing a process for code governance enables better risk management and brings development into closer concert with overall business priorities.”

“As organisations use software to increase their ability to take advantage of business opportunities, their software solutions become more complex. Open source software, integration with legacy systems, and increased outsourcing complicate the software supply chain,” said Dave West, Principal Analyst at Forrester Research. “Elements of the supply chain will continue to exist outside the deploying organisation’s control, requiring a new way to manage processes and tools within the organisation’s borders as well as information and assets from other companies, individuals, and outsourcing communities.”

“In some cases, more than 70 per cent of the code shipping in products is provided by third party suppliers. Unfortunately, many companies have no means to set policies and manage code integrity from suppliers in a consistent, scalable way. This shines a light on the fact that development is one of the last areas of the business not governed by an automated business process, even though it is one of the highest areas of investment for many Global 2000 brands, said Theresa Lanowitz of Voke. “Coverity is executing on a strategy to fill the code governance gap by providing much needed visibility into development through a new type of ‘early warning system’ for code risk across the supply chain.”


Software Code Governance
Code governance is the process for development organisations to define and test standard software policies for quality, security and efficiency that are aligned to business priorities, as well as manage development risk across the software supply chain. Coverity Integrity Control is a software code governance solution that provides alerts to violations in software policies that can compromise customer satisfaction, time-to-market, or profitability.

Coverity Integrity Control is generally available.

About Coverity
Coverity, Inc. (www.coverity.com), the software integrity leader, is the trusted standard for companies that have a zero-tolerance policy for software failures. More than 1,000 Coverity customers use Coverity's award winning portfolio of testing products to test their code to discover and eliminate software defects in their products. Coverity is a privately held company headquartered in San Francisco. Coverity is funded by Foundation Capital and Benchmark Capital. Follow us on Twitter or check out our blog.

# # #

Founded in 1991, NSPR is a respected, creative and strategic PR agency, with a reputation for delivering results and retaining long term clients in the IT, telecommunications and new media sectors.