+1; I'm a huge fan of various code analysis techniques, and I'd rather we controlled our own ignore-ance from a position of knowledge.
d. --- Ted Husted <[EMAIL PROTECTED]> wrote: > There's a company that's been scanning open source project codebases > for static flaws. In November 2007, they announced that Java projects > are being added. > > * http://www.coverity.com/html/press_story51_11_20_07.html > > There's been the odd email about using these projects foundation-wide, > possibly by running them locally. But, the core service descibed by > this press release seems to be external. > > I couldn't find a list of Java projects on the website. The next step > seems to be to send an email to <[EMAIL PROTECTED]>. > > If we are not already on the list, my question is whether we would > like to opt-in now or not? > > My thought is that we might want to be proactive. In the alternative, > we are like to find one day that Coverity has started to scan us > unilaterally, and then be surprised by a lot of new fixes to make. > Since Struts is an approved framework for several government agencies > (DoD, VA, and so forth), I would think that we would be on the short > list anyway. > > -Ted. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
