Project aims to improve Java code

This article was originally published in VSJ, which is now part of Developer Fusion.
A new initiative, the Java Open Review (JOR) Project, has been launched to help boost the security and quality of open source Java software by identifying and eliminating security vulnerabilities.

The JOR Project invites the open source software community to submit their Java software for a quality and security review. The Project has kicked off using Fortify SCA and FindBugs to review ten widely used open source projects for security vulnerabilities. One of the most common defects discovered in this initial effort is cross-site scripting, a security vulnerability that when exploited can result in the browser executing malicious code. The most common quality bug identified was the null pointer dereference, which can cause programs to crash, or worse, lead to data corruption. The projects that participated in the initial JOR Project report included Azureus, Hyperic, Java Petstore 2.0, Lucene, Nutch, Solr, Tomcat, Webgoat, and Zimbra. Fortify and FindBugs first teamed up in May 2006 to provide Java developers with methods for improving both software quality and security. FindBugs is now fully integrated with Fortify SCA 4.0.

You might also like...



Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“The difference between theory and practice is smaller in theory than in practice.”