Leading development testing specialist, Coverity has announced the formation of the Coverity Security Research Laboratory (SRL) as part of the Office of the Chief Technology Officer (CTO).
The Coverity SRL will focus on advances in security vulnerability research, investigating and uncovering the root cause of new and existing vulnerability-causing defects in software code. This knowledge will be built into the Coverity technology portfolio to better enable organisations build security into the development process.
To be led by veteran information security researchers Chris Valasek and Romain Gaucher, the SRL features a unique combination of deep industry expertise including security assessment and development leaders from Barclays, Cigital, Accuvant LABS, IBM Internet Security Systems, Imperva, and Tablus (now RSA, the security division of EMC), working side-by-side with technology experts from the top computer science Ph.D. programs including Stanford and UC Berkeley.
Coverity Co-Founder and CTO Andy Chou explains that software is constantly under attack by hackers looking to profit from stealing sensitive information or take down entire systems, but most security research is approached from looking from the outside in, or how to break into a system or application.
The Coverity Security Research Laboratory is taking a ‘defender’ approach by looking from the inside out, starting with the code itself. The SRL’s mission is to help companies developing software effectively build more secure software from the beginning while its research team will help organisations understand the root cause of software defects that could potentially lead to major security events.
Prior to Coverity, Chris Valasek was a Senior Research Scientist at Accuvant LABS and IBM Internet Security Systems with his research experience spanning vulnerability discovery, exploitation techniques, and reverse engineering.
Romain Gaucher was a senior security consultant at Cigital prior to Coverity, responsible for leading and delivering secure code review, penetration testing, threat modelling, and architecture risk analysis.
Coverity’s products are available in Australia from Embedded Logic Solutions , a leading distributor of PCB prototypes and design solutions, embedded development tools, single board computers, model driven development tools, CAN tools and USB/PCI device driver development tools.