The things i like to see are 2 thing: 1 performance things, 2 what really can cause bugs..
On 12/23/07, C. Bergström <[EMAIL PROTECTED]> wrote: > > On Sun, 2007-12-23 at 14:03 +0100, Johan Compagner wrote: > > Is this something like findbugs and how is that other one called... > > > > There is already an open jira issue for that, last week i already > > applied a few. > > Its assigned to me. > > > > Not all are aplicable by the way, but we should look what we can do.. > > Yeah. I can and will narrow this down for my interests.. I included the > steps to reproduce as there's a single click option to 'fix' a lot of > these.. If I get a chance I'll make a condensed list of more relevant > items to save core devs some time. > > (Here's the PR as the link seems to be down?) > http://www.fortifysoftware.com/news-events/releases/2007/2007-03-05.jsp > http://opensource.fortifysoftware.com/ > > > http://findbugs.sourceforge.net/ > > (Doesn't somebody already run rats?) > Rats? http://www.fortifysoftware.com/security-resources/rats.jsp > > > Someone with eclipse want to give any feedback on this, but not sure if > it's designed to work at the framework level. > > (LAPSE stands for a Lightweight Analysis for Program Security in > Eclipse. LAPSE is designed to help with the task of auditing Java J2EE > applications for common types of security vulnerabilities found in Web > applications.) > > http://suif.stanford.edu/~livshits/work/lapse/index.html > > I've considered taking the time to do a bottom to top audit against a > hello world example, but haven't had the time and not sure the real > effectiveness of the findings (if any). > > Is there a general area of interest anyone particularly cares about? I > know that there's some possible interest from a few foreign financial > services companies looking at using wicket, but I can't possibly do a > full PCI audit on the codebase. > > Thanks for having a look. > > > ./C > >
