The JOR Project invites the open source software community to submit their Java software for a quality and security review. The Project has kicked off using Fortify SCA and FindBugs to review ten widely used open source projects for security vulnerabilities. One of the most common defects discovered in this initial effort is cross-site scripting, a security vulnerability that when exploited can result in the browser executing malicious code. The most common quality bug identified was the null pointer dereference, which can cause programs to crash, or worse, lead to data corruption. The projects that participated in the initial JOR Project report included Azureus, Hyperic, Java Petstore 2.0, Lucene, Nutch, Solr, Tomcat, Webgoat, and Zimbra. Fortify and FindBugs first teamed up in May 2006 to provide Java developers with methods for improving both software quality and security. FindBugs is now fully integrated with Fortify SCA 4.0.
Project aims to improve Java code
By Mike James, published on 01 Apr 2007
| Filed in
This article was originally published in VSJ, which is now part of Developer Fusion.
A new initiative, the Java Open Review (JOR) Project, has been launched to help boost the security and quality of open source Java software by identifying and eliminating security vulnerabilities.
You might also like...
Java books
-
Spring Roo 1.1 Cookbook
Over 60 recipes to help you speed up the development of your Java web applications using the Spring Roo development tool *Learn what goes on behind the scenes when using Spring Roo and how to migrate your existing Spring applications to use Spring R...
Java forum discussion
-
Which is harder to learn Java or C++ ?
by surbhinahta (114 replies)
-
C ++ public int __cdecl printf (const char * __restrict__ _Format, ...) problem.
by sgameyta (0 replies)
-
What do you need to build a simulation software?
by ilenia.news (0 replies)
-
Taking a New Path
by samu13813 (0 replies)
-
What is Mhapks? how to open edit or modify APK files?
by eeshasajawal2004 (0 replies)
Java jobs
-
Build simple tools to solve complex problems at Red Gate
Red Gate Software in Cambridge, UK, United Kingdom
£35,000-55,000 GBP per year -
Java Developer - (Central London & Client Sites)
Fruitful Business Services in London (EC1V), United Kingdom
£27-45k (DOE) -
Content Developer - (Games Studio) - Cambridge
Jagex in Cambridge (CB1), United Kingdom
£Very Competitive +Excellent Benefits -
Senior C++ Developer/ Full-time Atlanta, GA for leader in Software Supply Chain Solutions
Manhattan Associates in Atlanta, United States
Competitive Salary + Bonus as well as Full Benefits (Medical, Dental, strong 401K, etc.)
Comments