Headline Feeds
Fortify Software and the FindBugs Java error detection project this week unveiled a collaborative effort aimed at zapping the bugs of open source software code written in Java.
The Java Open Review (JOR) Project is designed to help open source software projects identify and fix security and other software errors before they affect application performance or risk.
Kicked off with participation from 10 open source projects, including Tomcat and Zimbra, JOR comes at a time when Java is growing more popular with open source -- particularly with Sun Microsystems' move to open Java further with the GNU General Public License (GPL).
"FindBugs has been a vital part of helping Sun's internal software development process, and it is good to see that open source developers can now benefit as well," said Sun App Server Quality Engineering Manager Geoff Halliwell.
Heavier Use
With the new JOR Project, Fortify and FindBugs will provide a high-level overview of project results, including the most common bugs and security holes, to the larger open source software community. Results will include the number of security and quality errors found and a breakdown of errors per 1,000 lines of code.
JOR sponsors said leaders of participating open source projects will be given login access to get more detailed information on the coding errors to make fixes faster and easier.
Fortify's technology combs code for security issues, while FindBugs focuses on software quality issues, Brian Chess, Fortify cofounder and chief scientist, told LinuxInsider.
"We've got a lot of companies developing online applications using Java, and almost all use open source components," he said.
More Eyeballs
Fortify decided to team with FindBugs, a partner on a similar project started last May, to centralize the code review for applications using Java and open source software, according to Chess.
Most open source projects welcomed the additional review through JOR, Chess said, although he acknowledged there were some reservations over the exposure of code security gaps and imperfections.
Still, he said, "people generally welcome us because we are more eyeballs on their code."
Help Against Hackers
All software has bugs, Chess emphasized. The point of JOR is not to make Java open source programmers look bad, but to help them learn how to get rid of and avoid software bugs.
"As software becomes increasingly intricate, FindBugs and Fortify
Software want to provide open source developers automated tools to help
find defects in complex code bases, as well as defend against an
ever-growing pool of sophisticated hackers," Chess said. "No one is
helping the Java open source community, and we want to fix that."
