FYI, a couple of announcements from SPI Dynamics and Ounce Labs hit eWeek.com today -- see http://www.eweek.com/article2/0,1759,1617901,00.asp for the full text.
According to the article, SPI Dynamics has released its "SecureObjects" product, which is a series of (presumably) securely written objects that developers can make use of for performing various security-related tasks (e.g., input validation) in their code. The article quotes SPI Dynamics' CTO as saying, "It doesn't require developers to learn about security," which strikes me as being a rather bold statement. Meanwhile, Ounce Labs has put out a new version of its Prexis source code scanner. It currently scans C and C++, but the article says that a Java version will be available in July. Reports of user experiences with these tools would be appreciated here. Cheers, Ken P.S. Anyone interested in seeing a bit of Budapest can check out some of the shots I took while I was there at http://www.vanwyk.org/ken/galleries.php -- KRvW Associates, LLC http://www.KRvW.com