"As software becomes increasingly intricate, FindBugs and Fortify Software want to provide open source developers automated tools to help find defects in complex code bases, as well as defend against an ever-growing pool of sophisticated hackers," Brian Chess, Fortify cofounder and chief scientist, told LinuxInsider.
BuyDomains is the world's leading marketplace for premium domains with over 800,000 domain names for sale. BuyDomains' domain experts have helped thousands of businesses locate the perfect domain - let us help yours!
Fortify Software and the
FindBugs Java 
error detection project this week unveiled
a collaborative effort aimed at zapping the bugs of open source software
code written in Java.
The Java Open Review (JOR) Project is designed to help open source
software projects identify and fix security and other software errors
before they affect application performance 
or risk.
Kicked off with participation from 10 open source
projects, including Tomcat and Zimbra, JOR comes at a time when Java is growing more popular with open source -- particularly with Sun Microsystems' (Nasdaq: JAVA)
move to open Java further with the GNU General Public License (GPL).
"FindBugs has been a vital part of helping Sun's internal software development process, and it is good to see that open source developers can now benefit as well," said Sun App Server Quality Engineering Manager Geoff Halliwell.
With the new JOR Project, Fortify and FindBugs will provide a high-level
overview of project results, including the most common bugs and security
holes, to the larger open source software community.
Results will include the number of security and quality errors found and
a breakdown of errors per 1,000 lines of code.
JOR sponsors said leaders of participating open source projects will be given login access to get more detailed information on the coding errors to make fixes faster and easier.
Fortify's technology combs code for security issues, while FindBugs focuses on software quality issues, Brian Chess, Fortify cofounder and chief scientist, told LinuxInsider.
"We've got a lot of companies developing online applications using Java, and almost all use open source components," he said.
Fortify decided to team with FindBugs, a partner on a similar project started last May, to centralize the code review for applications using Java and open source software, according to Chess.
Most open source projects welcomed the additional review through JOR, Chess said, although he acknowledged there were some reservations over the exposure of code security gaps and imperfections.
Still, he said, "people generally welcome us because we are more eyeballs on their code."
Help Against Hackers
All software has bugs, Chess emphasized. The point of JOR is not to make Java open source programmers look bad, but to help them learn how to get rid of and avoid software bugs.
"As software becomes increasingly intricate, FindBugs and Fortify
Software want to provide open source developers automated tools to help
find defects in complex code bases, as well as defend against an
ever-growing pool of sophisticated hackers," Chess said. "No one is
helping the Java open source community, and we want to fix that."
Next Article in Security:
Grisoft Upgrades AVG Linux Security Products
Print Version
E-Mail Article
Reprints
More by Jay Lyman
Related News Alerts
Related Resources
More Stories by Jay Lyman
Talkback: