Coverity is readying an evaluation edition of a security analysis package pre-configured for Wind River Workbench and Wind River Linux. Coverity Static Analysis for Wind River Workbench integrates security within the embedded development process, identifying vulnerabilities as code is written, according to Wind River.

Software integrity firm Coverity offers a variety of software development analysis software packages designed to fix defects and security vulnerabilities. Now one of them — Coverity Static Analysis - has been tailored to work hand in hand with Wind River Workbench in versions compatible with Wind River Linux and Wind River's VxWorks real-time operating system (RTOS).

Coverity Static Analysis

Wind River Workbench is an integrated development environment (IDE) billed as "a fully integrated end-to-end, open standards-based collection of tools for device software design, development, debugging, testing and management." By integrating Wind River Workbench with the Coverity software, development teams can build security directly into the embedded software development process and address security vulnerabilities as software code is written, says Intel subsidiary Wind River.

Coverity Static Analysis is said to automatically scan C/C++, Java, and C# source code for security and quality defects, exposing them in the developer's existing workflow. As a result, developers can detect and fix errors before passing applications to quality assurance teams.

At that point, developers can then turn to Wind River Test Management — a test automation system designed to work closely with Wind River Workbench. Test Management can be used during the quality assurance phase of the lifecycle to test specific packages for security, says Wind River.

Coverity Static Analysis can scale to hundreds of users, thousands of defects, and millions of lines of code in a single analysis, which can be run on up to eight cores simultaneously, says Coverity. The software is claimed to offer the most accurate analysis and lowest false positive rate in the industry.

Parallel and incremental analyses for C/C++ allow code to be analyzed in minutes, and users can choose to limit analysis to files which have been changed or were impacted by a change, says the company. The software integrates a Coverity Integrity Manager user interface that lets developers quickly find code defects, easily understand defects and their impact, prioritize defects based upon severity, and identify all of the places a defect exists across projects and products, according to Coverity.

Stated Marc Brown, vice president of Tools and Marketing Operations, Products Group at Wind River, "Increased security threats and continued growth of embedded device connectivity create an urgent need to address security during development."

Availability

No pricing or availability information was provided for the Coverity Static Analysis for Wind River Workbench evaluation software. More information and availability notification signup may be found on this Wind River Coverity web-page, as well as Coverity's Coverity Static Analysis page.

Coverity and Wind River will be discussing their joint solution at RSA 2012 — which features a keynote from former British Prime Minister Tony Blair — to be held Feb. 27 through March 3, at the Moscone Center in San Francisco, Booth #555.

Eric Brown can be reached at [email protected].

---

This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.