Sramana Mitra: The automotive industry seems like a good fit for Coverity because it historically does not do a very good job with software.
Andy Chou: If you look at the [Mercedes-Benz] S Class coming out next year, you will see that the driver assist module has 25 million lines of code. Automotive applications are very large.
Sramana Mitra: I know of some Indian outsourcing companies that focus only on embedded software for automotive companies. Those are very large applications. They are doing very well in that niche.
Andy Chou: It is amazing how much software is in a modern automobile. Estimates range from 10 million to 100 million lines of code in a modern automobile. That is enormous. That is as much as you will find in Microsoft Windows. Our focus on embedded software reflects that demand and we have a clear dominant play there. Source code never gets smaller. Our product is very sticky because the false positive rate is so low. The alerts we come back with are accurate and actionable. We will typically start out with a single deal with a company and then conduct three or four more transactions with that companies over the next couple of months. The developers really like our tools.
Sramana Mitra: I have not heard you mention software as a service as a category you are doing a lot of work in. That seems to be dependent on uptime and reliability. Are you seeing any traction in that category?
Andy Chou: We do have customers in the cloud services space. That is one of the verticals that we are looking at. If you look at our strategy for expansion, you will see that we have a good brand and great core technology. We know that businesses need our product to enable delivery of complex software, which saves time and money.
We also want to look at what we can explore beyond static analysis. First, we want to explore how to bring in information from your test organization so that we can analyze that as well. We want to know what the test organization is doing in terms of measuring the functionality of your product and understanding how good their software test coverage is. Most organizations do not understand that very well, but it is critical to delivering high-quality software.
Second, we want to look at security. Obviously, that is a big concern that is growing quickly. We want to explore it further. At the end of the day, software security bugs are defects in the code. Our perspective is that developers should be able to understand, find, and fix these defects just like any other errors they find in their software. Many of the defects we already find are security problems today.
Sramana Mitra: How do you verticalize security? Do you segment it to software vendors working in security, or do you want to sell to enterprises and governments that are buyers of security?
Andy Chou: It is really for enterprises and is not much different from our current product set. Our focus is development testing, quality, security, and test coverage analysis. It is a suite. At the very top end, we can begin to define policies to govern your code base and define your supply chain in such a way that you can set parameters for defect density, complexity of the code, remediation of defects, and those kinds of things. For us it is a platform as well as a process.