LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fortify: open source software is a security risk for businesses

Fortify: open source software is a security risk for businesses

Posted Jul 22, 2008 14:38 UTC (Tue) by rafaspol (guest, #53032)
Parent article: Fortify: open source software is a security risk for businesses 

http://findbugs.sourceforge.net

'This is the web page for FindBugs (...) distributed under the terms of the Lesser GNU Public
License (...) FindBugs is sponsored by Fortify Software.'

I rest my case.

(Log in to post comments)

Fortify: open source software is a security risk for businesses

Posted Jul 22, 2008 20:57 UTC (Tue) by skitching (subscriber, #36856) [Link] 

What exactly _is_ your case?

FindBugs is an excellent tool for java programs. It is easy to use, and totally free. It isn't
hugely sophisticated, but easy to run and very useful. I'm grateful to anyone or any company
who contributes to the existence of FindBugs.

And in at least one OSS project I'm involved in, releases have gone out for years with
hundreds of FindBugs warnings or errors. Not good, but no-one seems to have the time or
interest to fix them. For example, I've got the interest, but not the time.

This seems to reinforce the point that for security-sensitive applications, you *do* need to
look carefully at the track record of the provider, whether OSS or proprietary.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds