There's a company that's been scanning open source project codebases for static flaws. In November 2007, they announced that Java projects are being added.
* http://www.coverity.com/html/press_story51_11_20_07.html There's been the odd email about using these projects foundation-wide, possibly by running them locally. But, the core service descibed by this press release seems to be external. I couldn't find a list of Java projects on the website. The next step seems to be to send an email to <[EMAIL PROTECTED]>. If we are not already on the list, my question is whether we would like to opt-in now or not? My thought is that we might want to be proactive. In the alternative, we are like to find one day that Coverity has started to scan us unilaterally, and then be surprised by a lot of new fixes to make. Since Struts is an approved framework for several government agencies (DoD, VA, and so forth), I would think that we would be on the short list anyway. -Ted. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
