Coverity, a company that analyzes software code for flaws, has raised $22 million in a first round of funding.
Coverity isn’t the only company that helps developers locate critical flaws in their code, locating problems that could lead to crashes, security breaches or just prevent applications from working properly. But chief executive Seth Hallem says there are few competitors who get involved from the very beginning of the development process.
Hallem says software security company Fortify takes a similar approach, but fills a different niche. Coverity looks at the general quality of code for software that is sold to normal consumers, while Fortify is focused on security — namely, preventing banking and financial institutions from being hacked.
San Francisco-based Coverity has other technical advantages, Hallem says — compiler techniques, hardware-level simulation and relatively low cost.
More than 400 customers have enlisted Coverity’s service, he adds. The company isn’t just improving the integrity of normal commercial software, either. The U.S. Department of Homeland Security hired Coverity to improve the open source programs used by the federal government, and Florida State University used Coverity to find flaws in the state’s electronic voting machines. (Scientific American wrote about the voting machine effort here.)
Coverity was founded in 2002. In the aftermath of the dot-com crash, Hallem says the founders decided to bootstrap the company rather than struggle to win over venture firms, and they’ve had positive cash flow every year. But despite the company’s success, Hallem notes that Coverity still only offers one product — Coverity Prevent. By finally seeking outside funding, Coverity will be able to develop products to address other parts of the software lifecycle.