ils try emailing [EMAIL PROTECTED] - or maybe we
> could getsome other vendor to donate their product and/or time
>
> -Original Message-
> From: Mark Thomas <[EMAIL PROTECTED]>
> Sent: Saturday, September 27, 2008 5:58 AM
> To: Tomcat Developers List
> Sub
t: Saturday, September 27, 2008 5:58 AM
To: Tomcat Developers List
Subject: Re: Findbugs results when run against Tomcat6
Jim Manico wrote:
> Findbugs does a real bad job of findings real security bugs - I would
> recommend running the codebase against Fortify + include the new Cigital
&g
Jim Manico wrote:
> Findbugs does a real bad job of findings real security bugs - I would
> recommend running the codebase against Fortify + include the new Cigital
> rulepack.
>
> Or take a look at the results of the Fortify Open Source Analysis project
>
> https://opensource.fortify.com/teamser
Hello sebb,
just out of curiosity, could you setup a webpage with your results or
make them available via email or download ?
Leon
On Sat, Sep 27, 2008 at 12:00 AM, sebb <[EMAIL PROTECTED]> wrote:
> Just out of curiosity, I ran Findbugs 1.3.5 on Tomcat 6.0.18. The
> default settings generated so
You can also set this up to run as part of the Gump build and get the
warnings/errors
etc... recorded as part of a standard build.
Jon.
2008/9/26 sebb <[EMAIL PROTECTED]>
> Just out of curiosity, I ran Findbugs 1.3.5 on Tomcat 6.0.18. The
> default settings generated some 1400 warnings about po
Findbugs does a real bad job of findings real security bugs - I would
recommend running the codebase against Fortify + include the new Cigital
rulepack.
Or take a look at the results of the Fortify Open Source Analysis project
https://opensource.fortify.com/teamserver/welcome.fhtml
- Jim
Jus
Just out of curiosity, I ran Findbugs 1.3.5 on Tomcat 6.0.18. The
default settings generated some 1400 warnings about possible bugs.
Quite a few of them look serious - assuming that the code which
contains them is being used.
For example, there are quite a few public static fields which are not
