Sponsor: Coverity

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Get Whitepaper

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Get Whitepaper

Fuzz Testing Maturity Model

Fuzz testing is an industry-standard technique for locating unknown vulnerabilities in software. Fuzz testing is mandatory portion of many modern secure software development life cycles (SDLCs), such as those used at Adobe, Cisco Systems and Microsoft. This document provides a framework to assess the maturity of your processes, software, systems and devices. At the heart of this document is a vendor-agnostic maturity model for fuzz testing that maps metrics and procedures of effective fuzz testing to maturity levels. The maturity model is a lingua franca for talking about fuzzing, allowing different organizations to communicate effectively about fuzzing without being tied to specific tools.

The Fuzz Testing Maturity Model (FTMM) gives builders and buyers a set of standard levels for communicating about fuzz testing.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

Understanding Verification, Validation and Certification

Cybersecurity and communication robustness have become increasingly bigger concerns as technology has continued to improve and systems have become more complex. Each attempt to expand the networking and communication capabilities of devices have brought new features and convenient solutions for end users, along with new security and robustness challenges.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

What is Fuzzing: The Poet, the Courier, and The Oracle

Fuzzing is well established as an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components. A poet creates the malformed inputs or test cases. A courier delivers test cases to the target software. Finally, an oracle detects if a failure has occurred in the target. Fuzzing is a crucial tool in software vulnerability management, both for organizations that build software as well as organizations that use software.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

Coverity Scan Open Source Report 2014

Managing software security and development risk in today’s evolving market is a difficult yet crucial requirement—one that many organizations are not effectively addressing, as evidenced by the latest headlines disclosing a series of data breaches of personal information.

The 2014 Coverity Scan Open Source Report details the changing landscape of open source and commercial software development, including how established development practices are slowly improving the state of software—and how they can be improved so that companies and individuals can write clean, effective software while minimizing the risk of becoming tomorrow’s headline.

Learn more about these changing dynamics within the open source community and discover how security and quality continue to improve.

Get Whitepaper

Fuzz Testing Maturity Model

Fuzz testing is an industry-standard technique for locating unknown vulnerabilities in software. Fuzz testing is mandatory portion of many modern secure software development life cycles (SDLCs), such as those used at Adobe, Cisco Systems and Microsoft. This document provides a framework to assess the maturity of your processes, software, systems and devices. At the heart of this document is a vendor-agnostic maturity model for fuzz testing that maps metrics and procedures of effective fuzz testing to maturity levels. The maturity model is a lingua franca for talking about fuzzing, allowing different organizations to communicate effectively about fuzzing without being tied to specific tools.

The Fuzz Testing Maturity Model (FTMM) gives builders and buyers a set of standard levels for communicating about fuzz testing.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

Understanding Verification, Validation and Certification

Cybersecurity and communication robustness have become increasingly bigger concerns as technology has continued to improve and systems have become more complex. Each attempt to expand the networking and communication capabilities of devices have brought new features and convenient solutions for end users, along with new security and robustness challenges.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

What is Fuzzing: The Poet, the Courier, and The Oracle

Fuzzing is well established as an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components. A poet creates the malformed inputs or test cases. A courier delivers test cases to the target software. Finally, an oracle detects if a failure has occurred in the target. Fuzzing is a crucial tool in software vulnerability management, both for organizations that build software as well as organizations that use software.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

Development Testing For Java Applications

Learn how the Coverity Development Testing Platform can be used in conjunction with open source solutions to help you fix more of the quality and security issues in your Java code that matter, with your existing resources and a unified process across the enterprise.
Get Whitepaper

Development Testing for C# Applications

Static analysis shouldn’t be about finding loads of coding style or standard issues. It should be focused on finding the most critical defects. Although traditional byte code analysis solutions such as FxCop are useful, they can miss critical, crash causing defects - plus produce a large set of coding style issues, which can slow down the development team. Learn how the Coverity Development Testing Platform can help you:

• Find and fix resource leaks, concurrency problems and null references within Visual Studio

• Eliminate defects such as inconsistent indention issues and copy paste errors that can only be found by understanding the intent of the programmer through source code analysis

• Understand the impact of change to better prioritize and focus your automated testing efforts

Get Whitepaper

Coverity Scan – Big Data Spotlight

This report shows the defect density rates of the most popular big data projects and the most common defects that Coverity found across open source projects. In addition, specific types of defects found in Apache Hadoop, Apache HBase and Apache Cassandra are also released in this report.
Get Whitepaper

Transforming Software Testing Through Automation

"Test your code as you write it.” That’s a common mantra heard in many development teams today. However, for too many, that practice remains a lofty goal as opposed to a business reality. They lack the appropriate metrics and processes to make and measure progress and often underestimate the effort required to manage the cultural change. In this paper you will learn how Coverity:

• Reduced the amount of time for hardening minor releases from 2 weeks to 3 days

• Reduced the number of manual testing days from 17 to 4

• Increased the number of automated tests from 0 to almost 3,500

Get Whitepaper