"As software becomes increasingly intricate, FindBugs and Fortify Software want to provide open source developers automated tools to help find defects in complex code bases, as well as defend against an ever-growing pool of sophisticated hackers," Brian Chess, Fortify cofounder and chief scientist, told LinuxInsider.
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
Fortify Software and the FindBugs Java error detection project this week unveiled a collaborative effort aimed at zapping the bugs of open source software code written in Java.
The Java Open Review (JOR) Project is designed to help open source software projects identify and fix security and other software errors before they affect application performance or risk.
Kicked off with participation from 10 open source projects, including Tomcat and Zimbra, JOR comes at a time when Java is growing more popular with open source -- particularly with Sun Microsystems' (Nasdaq: JAVA) move to open Java further with the GNU General Public License (GPL).
"FindBugs has been a vital part of helping Sun's internal software development process, and it is good to see that open source developers can now benefit as well," said Sun App Server Quality Engineering Manager Geoff Halliwell.
With the new JOR Project, Fortify and FindBugs will provide a high-level overview of project results, including the most common bugs and security holes, to the larger open source software community. Results will include the number of security and quality errors found and a breakdown of errors per 1,000 lines of code.
JOR sponsors said leaders of participating open source projects will be given login access to get more detailed information on the coding errors to make fixes faster and easier.
Fortify's technology combs code for security issues, while FindBugs focuses on software quality issues, Brian Chess, Fortify cofounder and chief scientist, told LinuxInsider.
"We've got a lot of companies developing online applications using Java, and almost all use open source components," he said.
Fortify decided to team with FindBugs, a partner on a similar project started last May, to centralize the code review for applications using Java and open source software, according to Chess.
Most open source projects welcomed the additional review through JOR, Chess said, although he acknowledged there were some reservations over the exposure of code security gaps and imperfections.
Still, he said, "people generally welcome us because we are more eyeballs on their code."
Help Against Hackers
All software has bugs, Chess emphasized. The point of JOR is not to make Java open source programmers look bad, but to help them learn how to get rid of and avoid software bugs.
"As software becomes increasingly intricate, FindBugs and Fortify
Software want to provide open source developers automated tools to help
find defects in complex code bases, as well as defend against an
ever-growing pool of sophisticated hackers," Chess said. "No one is
helping the Java open source community, and we want to fix that."
Print Version
E-Mail Article
Reprints
More by Jay Lyman
Next Article in Security
|
Grisoft Upgrades AVG Linux Security Products November 29, 2006 
The ultimate goal of third-party Linux-based security software is to guard against the proof-of-concept security attacks that are out there, said Larry Bridwell, vice president of global security strategies at Grisoft. Viruses can be inadvertently transferred via Linux to other operating systems, and as the Linux OS becomes more popular, the chances increase that hackers might try to break it.
|
Related Stories
|
Sun Opens Java to Developers November 13, 2006 
Sun Microsystems will offer Java to software developers for free under the GPL Version 2 open source license. Until now, Sun has been protective of Java, although the firm has made no secret about wanting to release it to the public domain. The open source community's reaction is, basically, it's about time.
|
Related News Alerts
More by Jay Lyman
|
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006 
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
|
Financial Firms Tap Microsoft for Linux December 22, 2006 
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
|
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006 
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
