Coverity Calls a Halt to Unsafe Software

SAN FRANCISCO, March 15, 2010 - — Provides Coverity Software Integrity Audits to Qualified Global 2000
Companies

— Extends Offer to Select Suppliers of Global 2000 Companies to Audit
Software Integrity Supply Chain

Coverity, Inc., the software integrity market leader, today announced
that it will provide software integrity audits to qualified Global 2000
companies with safety-critical software concerns. The Coverity Software
Integrity Audit can expose software defects that could change the behavior,
freeze the operation or impair the performance of safety-critical devices or
products. Coverity will also extend this offer to select suppliers to
participating Global 2000 companies to help expose software integrity supply
chain problems in third-party components, devices and products. Program
details can be found at www.coverity.com.

(Photo: www.newscom.com/cgi-bin/prnh/20100315/SF70243-a)

(Photo: www.newscom.com/cgi-bin/prnh/20100315/SF70243-b)

(Photo: www.newscom.com/cgi-bin/prnh/20100315/SF70243-c)

(Photo: www.newscom.com/cgi-bin/prnh/20100315/SF70243-d)

The Coverity Software Integrity Audit can help Global 2000 executives
answer two critical questions:

    - "Are there safety-critical software defects shipping in my products?"
    - "Are there safety-critical software defects in my supplier's products?"

"Software complexity is creating an entirely new class of business risk
for Global 2000 companies with safety-critical products across their entire
software supply chain," said Seth Hallem, Coverity CEO. "Now companies are
accountable for both the software shipping in their products and the software
from their third-party providers. Coverity is providing this offer to help
Global 2000 companies who have safety concerns get the visibility they need
to assess whether they are shipping safe software to their customers."

The result of the Coverity Software Integrity Audit will provide
executives and development teams with critical software integrity information
such as:

    - A list of software defects in the code that operates their
      safety-critical devices, components and products;
    - The potential impact those software defects can have on the behavior,
      operation or performance of their products; and
    - The overall Coverity Integrity Rating of their audited product or code
      base, comparing their software integrity against industry averages.

Why Software Complexity Creates Business Risk

Coverity has deep history in mitigating the risk of software defects with
consumers and in business. Since 2003, Coverity has helped more than 750
commercial customers and 250 open source projects analyze billions of lines
of code and expose millions of software defects. According to the 2009
Coverity Scan Open Source Report, more than 11,200 open source defects were
eliminated as a result.

"The challenge of software integrity can be attributed to many issues,
but combinatorial path complexity and test coverage complexity are two of the
primary problems that companies face," said Andy Chou, Coverity Chief Science
Officer and co-founder. "This can be particularly challenging for companies
that integrate multiple software components from different companies and
suppliers."

    - Combinatorial path complexity: Each software component has
      combinatorial path complexity of its own. For example, a code base of 1
      million lines of code can have more than a trillion possible paths to
      defects. When combined with another software component, the complexity
      rises dramatically because the interaction between the components can
      cause new and unexpected behaviors that would not exist before
      integration. This problem compounds even more when integrating
      components from different suppliers that use different forms of testing
      and integrity analysis.
    - Test coverage complexity: Test coverage complexity is also a
      significant challenge in large code bases. Typical manual code review
      can cover only small fragments of a code base. Situational testing such
      as functional testing, unit testing, performance testing and security
      testing can cover significant portions of the code lines but almost
      never a significant portion of the combinatorial paths. Automated
      software integrity analysis is required to test the entire code base
      and comprehensively exercise all the possible paths that may contain
      defects.

"The magnitude of software complexity in today's modern automobiles,
aircraft and safety-critical systems is staggering," said Theresa Lanowitz,
analyst at voke, Inc. "Traditional manual code review and scenario testing
are still required but are not sufficient to expose all the possible risk in
the software code. Complex modern systems require transformational practices
that leverage automation to ensure code quality before testing begins.
Coverity has been at the leading edge of providing a new way to solve these
problems with their automated software integrity analysis capabilities that
can analyze complex code bases in excess of 100 million lines of code."

This problem was also illustrated in a Coverity report on software
safety. Andreas Gerstinger, Software Quality and Safety Engineer at
Frequentis, a global market leader in communications and information
solutions for safety-critical applications, stated: "Due to our products
being used in mission-critical fields, Frequentis must adhere to the highest
standards of safety and integrity. Coverity is now another critical pillar of
our quality process. Coverity Static Analysis finds software defects that are
difficult, if not impossible, to find during testing and manual code reviews.
Coverity is a great complement to our existing processes and tools, and is a
productivity enhancing solution that has been eagerly adopted by our entire
development organization."

Interested Global 2000 companies can sign up for the Coverity Software
Integrity Audit by visiting www.coverity.com.

About Coverity

Coverity (www.coverity.com), the software integrity leader, is the
trusted standard for companies that have a zero-tolerance policy for software
failures. Coverity's award-winning portfolio of software integrity products
discovers software defects in development before they can impact the
business. More than 900 customers rely on Coverity to help them deliver
high-integrity software. Coverity is a privately held company headquartered
in San Francisco.

Chantal Yang, Page One Public Relations, +1-415-875-7494, overity at pageonepr.com