The Samsung Corporation uses Svace software (Security Vulnerabilities and Critical Errors Detector) to detect potential vulnerabilities in the source code of its own Android apps and in Tizen OS, Samsung’s proprietary operating system. Svace analyzes the code written in C/C++/C# and Java, and is being developed at the Institute for Systems Programming of the Russian Academy of Sciences (ISP RAS).
Samsung invested more than $10 million into the development of Svace, but the IP rights belongs to ISP RAS. The South Korean corporation uses Svace free of charge. Samsung became interested in technology back in 2009, and has been using it as the only code analysis tool since 2015.
Why big software projects need code analysis
When a software developer writes a code, there are about 20 bugs per thousand lines of code, on average. For instance, Android OS has about 15 million lines of code. The software is being constantly improved and updated, and at this pace, it is impossible to manually prevent errors sneaking into the code. With Svace, the number of bugs can be significantly reduced. The tool is easy to use, supports various types of warnings and is scalable to analyze software applications with millions of code lines. Svace also shows an acceptable quality of analysis: up to 80% of true positive warnings.
Besides Samsung, ISP RAS provides code analysis services to Hewlett-Packard, Huawei, Intel and other software development companies.
Svace has a few competitors globally, such as US-based Coverity by Synopsys, Klocwork by Wave, Fortify by Hewlett-Packard or Checkmarx from Israel.
For over 10 years GoalEurope has been helping US and EU-based companies establish long-term outsourcing partnerships with vetted software development companies from Eastern Europe. Contact us to discuss your expectations and concerns.
