[Owasp-board] Fortify's Java Open Review Project and Sponsoring an OWASP Spring of Code Project

Dinis Cruz dinis at ddplus.net
Fri Mar 30 19:47:04 UTC 2007

That idea does sound interesting, do you have anybody in mind to do that
project (which we could sponsor)

I haven't seen a SpoC 007 on that subject (
https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications) but
it would definitely be an strong application

Stephen or Bob, any comments on this? (Stephen is on the Java Project and
Bob Austin is on the Metrics)

I also wanted to explore the option to scan OWASP projects using your
tool/free service, what are our options?

Dinis Cruz
Chief OWASP Evangelist

On 3/29/07, Fredrick DeQuan Lee <flee at fortifysoftware.com> wrote:
> Dinis, I just read the latest OWASP news letter and saw  the call for
> OWASP Spring of Code participation. As you know, Fortify Software produces
> software security and quality analysis tools. Fortify recently launched a
> public project, the Java Open Review Project (
> http://opensource.fortifysoftware.com), to examine Java open source
> projects for security and quality defects. The project retrieves open source
> projects, performs static analysis using FindBugs and Fortify Source Code
> Analysis, and presents the results for online analysis for auditors and
> project owners. Fortify is currently seeking participation from those
> wishing to: submit projects, review security defects, help fix open source
> security defects, or supply general feedback.
> I noticed that two of your Spring of Code project ideas listed would
> benefit from the information available at the JOR project site.
> Specifically, the Java Project and the AppSec Metrics project both could
> make use from the data collected in the JOR project site. Of particular
> interest to me would be having an OWASP Spring of Code participant process
> JOR data to use in the AppSec Metrics -- project. Fortify should be able to
> contribute additional funding for such an effort. Do you think there would
> be interest in such a project?
> More details about the JOR Project can be found at:
> http://opensource.fortifysoftware.com
> I hope to hear from you soon!
>  *Fredrick DeQuan Lee*
> Fortify Software <http://www.fortifysoftware.com/>
> Security Research Group
> (w) 650-213-5677
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070330/5acace03/attachment-0002.html>

More information about the Owasp-board mailing list