Synopsys 2017 Coverity Scan Report: Adoption Increasing for Secure Practices in OSS Projects

Synopsys released the 2017 Coverity Scan Report, looking at Open Source Software (OSS) quality and security data collected over the past decade through Coverity Scan. The report finds significant adoption of secure software development practices and underscores the importance of managing OSS risk.

Synopsys Software Integrity Group released the 2017 Coverity Scan Report which examines open source software (OSS) quality and security collected over the last 10 years. The report tracked 760 million lines of code in 4,600 OSS projects that uses Coverity Scan, a free static analysis solution from Synopsys.

“Due to the ubiquity of open source and the vital role it plays in virtually all types of software, understanding and managing its risks can no longer be optional,” said Andreas Kuehlmann, senior vice president and general manager of the Synopsys Software Integrity Group.

Key findings from the Coverity Scan Report:

  • Active projects within Scan show significant adoption of secure software development practices. Since January 2016, 4,117 active projects have submitted builds for analysis. Of those, nearly 50% use Travis CI, indicating using of continuous integration/continuous deployment (CI/CD) practices. Other 2,509 projects have been triaged, which require developers to have intimate knowledge of the codebase. Additionally, 1,120 projects were configured to make use of modelling, a mechanism for improving the quality of their analysis results.
  • Key behaviours indicate increasing maturity of OSS projects. The adoption of CI/CD and remediation of actionable defects by developers highlight the value of static analysis to the OSS ecosystem. Other measures of maturity such as development and community metrics are required to characterise the risks associated with OSS consumption.
  • Commercial and OSS ecosystems are converging. According to some of the largest commercial users of Coverity, software shipped to customers can contain up to 90% open source code. In addition, there are now companies founded entirely on OSS proving that OSS is now the norm.

Synopsys Coverity Scan helps reduce risk and lower overall project cost by identifying critical quality defects and potential security vulnerabilities during the software development. Synopsys manages the Coverity Scan project and provides Static Application Security Testing (SAST) as a free service to the open source community to help them build quality and security into their software lifecycle.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

MH Platinum 2 Residences Gallery Remains Open With Strict SOP

MH Property and Platinum Victory latest joint venture project, the MH Platinum 2 Residences, situated in a 4.72-acre project in Setapak will...

iBiZZ Cloud to offer financial assistances in SMEs in Malaysia

iBiZZ Cloud Sdn. Bhd., a cloud-based taxation system, has been appointed as one of the Technology Solution Providers (TSP) under the government’s...

H3C aims to create a digitalised Government

H3C, one of China’s digital solutions companies, aims to build efficient and service-oriented digital solutions for governments to promote economic development.  

Sarawak Energy secures RM100 million sustainability-linked loan from CIMB

Sarawak Energy Berhad (“Sarawak Energy”) has secured an RM100 million sustainability-linked loan (“SLL”) in the form of a revolving credit facility from...

Bank Muamalat announces strategic partnership with EzCab

Bank Muamalat Malaysia Berhad (Bank Muamalat) has announced a strategic partnership with EzCab Sdn Bhd (EzCab) to accept cashless payments via Bank...

Must read

How today’s technology is key to industrial and manufacturing sector business continuity in a post-Covid-19 world

By  Dr. Ravi Gopinath, Chief Product Officer AVEVA , How the world does business was changing before the outbreak...

Prioritising digital resiliency in the road to recovery

By Maria Dzhanan, Vice President, Oracle Digital, JAPAC With sixty-one percent of small and medium businesses (SMBs) in Asia Pacific...

Is WFH Stifling Innovation?

Many companies are adopting ‘work from home’ models for employees following their success during COVID-19. The pandemic-induced economic downturn may not necessarily...

Agricultural industrialisation as key to food safety, security & sovereignty

By Jason Loh, Emir Research’s Q3 2020 Focus Group Discussion (FGD) findings has highlighted concerns over food safety, security...