Coverity's Chou: Bring Security Concerns Up In Development Cycle

(Editor’s Note: This article refers to a video interview shot in San Jose as part of TMCnet’s “On the Road” video series. To view the entire library of videos from Road Shows and other industry shows, as well as product demos and interviews in our in-house studio, visit the TMCnet Videos home page.)

Recently in San Jose, TMC's CEO Rich Tehrani had a chance to sit down and interview Andy Chou, the Chief Architect of Coverity (News - Alert), who said the company has just launched a new partnership with Armorize Software, which works in enterprise malware detection.

"What we really want to do," Chou said, is to take the quality analysis for software, "and combine it with security analysis for software, so you can do both during the development process, and get rid of both crash-causing defects and other problems, as well as security problems in your code before it's released."

When asked by Tehrani if that was a hot button for his customers about now, Chou said he thinks that customers have always cared about quality. "They've always wanted to make sure they ship products that are high quality and deliver the value they're supposed to, in terms of functionality and performance."

Security, he said, "has always been a laggard, in the sense that it's always been done at the very end of the development cycle. And what we'd like to do is bring that into the standard way that developers work, so that they're addressing security problems as they're coding, as they're doing integration testing and other analysis, so you don't have this situation where you have a lot of security defects found at the end of the development cycle, where development doesn't really know how to address them without slowing down a particular product release."