But there are cases, there's certainly cases where people sent us examples of
defects which we'd give up on, right?
And you know, they just either not detectable easily with static analysis or
we don't have the time to get to them or
the false positive read might be too high, right?
In the latter case we also do things like have optional flags that essentially
allow only certain customers to turn those on because they really want it.
But if you, if you did it with everybody's code you'd end up
with a lot of false positives so there, there's that option as well.
>> Are you able to,
to trial run your detectors on your existing customer's code?
In other words, let's say that customer A requests a particular feature.
And you want to decide, okay is it going to work with the you know,
false positives and so on.
I imagine you could certainly use the scan project to help you out with that.
You have all this open source code to help you determine false alarms.
Are you also able to ask your other customers to trial run these ideas and
see how well they, they pan out?
>> Right, so we, we have a couple of mechanisms for that.
One is we can help the specific customers that ask for
it to try out you know, a beta version of the analysis.
Another thing that we do is we run a lot tryouts, right?
So these are cases where we go out to cust, to, not customers yet.
Prospects I would say.
And we give them a chance to run our analysis and see the results.
And sometimes as part of trials the the sales engineer that we
have that helps with the trial will kind of let them know if they're,
if they're interested in a particular kind of defect that we know we have you know
prototype for we might turn it on.
And, and give them an opportunity to see what the results might look like.
Alright so they actually use that.
So that does happen as well and
it gets us some feedback about, about things that would be hard to gather
otherwise as you might imagine since these code bases are mostly proprietary.
>> Yeah I was thinking that,
I believe it's the case that, I'm forgetting the name of the company.
They have, they have the business model where you send them the code and
they run the analysis on it and send you back a report.
>> Right. Right.
Veracode. That's the one.
>> Yeah, Veracode.
That's it.
So they would have the benefit of they have access to all of this code.
Whereas I suppose if your, you send to your product to your customer you,
you give them the option of whether they send data back to you or not.
>> Right so we so one of the differences between Vericode and,
and us is that they analyze binaries right.
And so as a result they don't actually need the source code or at least not
the full source code of the application whereas we're elementing the source code.
So, it's the one difference and, and the net effect of that is that we send our
product to the customer and they run it on >> So
Coverity was founded wow, I mean, I was looking on your web page, 2003, it's been.
>> 2002 >> Sorry, 2002.
It's been, yeah, I guess 12 years.
So 11, 12 years now.
Yes.
>> Yeah, wow.
So time flies.