Eagle Investment Systems: Ensuring Software Quality & Security with Coverity

Eagle Investment Systems is a financial servicestechnology firm.

Our objective is to help our customers to grow their assets efficiently.

We provide data management, accounting and performance solutions to a global client baseand as a result of being wholly owned by BN MELLON? we can offer a number of differentservices from either an on premise solution to a secure private cloud one to a full businessoutsourcing capability.

We wanted to take a holistic view of our SDLC,of our software development lifecycle.

We wanted to work with vendors that were industryexperts, best of breed technologists in their spaces.

Piece those together to really enhancea quality program around how we release software to the marketplace.

And we felt some of thecapabilities and checkers that Coverity provided gave us that.

Working with Coverity duringthat proof of concept, we were very, very impressed by the comprehensive and in-depthnumber of checkers that were available to us for our C++ code.

We were also really impressedby the access to some of the senior engineers that would work with us on a one on one basisto understand how the tool worked and how we can use it to drive our efficiency.

It was a tool built by developers, for developers.

So what that really meant was that we couldcontinue to maintain a good, healthy environment around development but at the same time ensurethat the developers were managing their own quality defects.

One of the things that wereally liked about the Coverity application was its alignment to the CWE, the Common WeaknessEnumeration library.

It helped us in terms of explaining the types of defects to notjust our engineering staff, but our services and support teams.

We have two implementation strategies for how we leverage Coverity.

The first is reallyensuring that there are no new defects in the application.

So as we're doing daily builds,our engineers are getting informed of defects or software coding flaws as early on in thecycle as possible.

The second piece is really around managing defect density and managingtechnical debt.

So if there's an error in our application where we feel we need to focusattention on, we shift resources into that area and drive down the defect density onthat particular subject.

Application security is a key discipline within a software developmentlifecycle, especially as we deliver our software through Eagle Access, our secure private cloud.

A recent extension of our use of Coverity has included checks on the C# code.

And whatthat allows us to do it help our engineers understand common vulnerabilities using theCWE libraries, as well as the OWASP libraries.

So Eagle's an Agile R&D shop.

A couple ofthings that we do and how plug Coverity into them is we build our software at least oncea day.

So what that means is as our engineers get Coverity defect feedback every morning,so whether it's the offshore guys or the onshore team, they're able to evaluate any flaws thatthey may have introduced into the previous day's development.

Quality is crucial to our business.

Our clients rely on our solutions every single day topower their investment decisions.

Really the ROI for us was being able to identify issuesearlier in the lifecycle.

It's fairly well known that the longer that a defect continuesdown that software development lifecycle and literally ends up into production, the morecostly it is for a firm.

What we wanted to do was identify as many of those issues aspossible, as early in the process as possible, so that we can continue to drive efficienciesand continue to deliver quality to our customers.

Source: Youtube