That's really cool, Mark. I'm glad you're doing this.
I know we all have our doubts about scanning tools like this. But my
main issue with them is always so many false positives that it feels
hopeless. You seem to have fixed that.
Thanks,
Yoav
On Fri, Mar 25, 2011 at 8:22 AM, Mark Thomas
I received notification that Veracode had scanned Tomcat 7.0.11 today. I
thought folks would be interested in the results (committers can request
an account to get access to the full details).
Of the 33 flaws reported:
- 1 was a coding error (fixed in r1085303)
- 1 unnecessary call to System.exit(
