On Sun, 2007-12-23 at 14:03 +0100, Johan Compagner wrote: > Is this something like findbugs and how is that other one called... > > There is already an open jira issue for that, last week i already > applied a few. > Its assigned to me. > > Not all are aplicable by the way, but we should look what we can do..
Yeah. I can and will narrow this down for my interests.. I included the steps to reproduce as there's a single click option to 'fix' a lot of these.. If I get a chance I'll make a condensed list of more relevant items to save core devs some time. (Here's the PR as the link seems to be down?) http://www.fortifysoftware.com/news-events/releases/2007/2007-03-05.jsp http://opensource.fortifysoftware.com/ http://findbugs.sourceforge.net/ (Doesn't somebody already run rats?) Rats? http://www.fortifysoftware.com/security-resources/rats.jsp Someone with eclipse want to give any feedback on this, but not sure if it's designed to work at the framework level. (LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications.) http://suif.stanford.edu/~livshits/work/lapse/index.html I've considered taking the time to do a bottom to top audit against a hello world example, but haven't had the time and not sure the real effectiveness of the findings (if any). Is there a general area of interest anyone particularly cares about? I know that there's some possible interest from a few foreign financial services companies looking at using wicket, but I can't possibly do a full PCI audit on the codebase. Thanks for having a look. ./C
