Fortify Software and the FindBugs project have launched a free service that will scan open-source Java software for bugs in the code.The Java Open Review project (JOR) lets open-source projects run audits of their source code using Fortify’s source code analysis software and the University of Maryland’s FindBugs tool. With developers focusing on more secure software development practices, the Java community needs more advanced bug-finding tools like JOR, said Barmak Meftah, vice president of product and services, with Fortify. “Everybody understands that the cheapest and easiest point to find and fix security bugs is at the time of implementation,” he said.Open-source developers will now get the benefit of Fortify’s Source Code Analysis software, which is already used by commercial vendors such as Oracle and Adobe Systems. But the free JOR analysis is not as detailed as one done by Fortify’s commercial product. Fortify Source Code Analysis can find more than 120 categories of software security problems, Meftah said. The JOR analysis will detail about 40 categories, covering “the most egregious types of security vulnerabilities and the types that developers tend to understand most readily,” he said.The details of the free source code analysis will be made available only to project contributors so that JOR cannot be used as a hacking tool, Meftah added. JOR has been working with a handful of open-source projects over the past six weeks and has discovered hundreds of bugs in applications like Tomcat, Zimbra and Java Pet Store. On Monday, the service will be opened up to any Java open-source projects that want to use it, Meftah said.Sun Microsystems already uses FindBugs for its GlassFish open-source application server software, said Geoff Halliwell, a manager of application server quality engineering with Sun. Though Sun has no immediate plans to audit its application server code with JOR, Halliwell said he would “certainly look at it.”“In my business, we’re always looking to improve,” he said.-Robert McMillan, IDG News Service (San Francisco Bureau)Related Links: Sun Open Sources Java Under GPL Sun Considers GPL for OpenSolarisCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content news Salesforce CEO Benioff shakes up executive team with new hires Six months after the company lost its co-CEO and announced it was laying off 10% of its global workforce, Salesforce’s top team is undergoing a major personnel change. By Charlotte Trueman Jun 07, 2023 3 mins Technology Industry Enterprise Applications opinion Cisco debuts bold portfolio of network, security, and observability solutions and previews generative AI capabilities for Webex and Security Cloud Cisco’s innovative technologies help connect the dots of its network- and cloud-based ecosystem. By Pete Bartolik Jun 07, 2023 4 mins Cloud Security brandpost A guide to hybrid cloud deployment for innovation without disruption How do organizations balance their on-premises preferences and requisites with the crucial need to innovate? By Ahmed Helmy, Global Vice President, Avaya Experience Platform Product Management Jun 07, 2023 3 mins Hybrid Cloud brandpost Bringing AI to your organization? Better bring the right database Why Apache Cassandra offers the scalability, reliability, and speed required for building artificial intelligence applications. By Patrick McFadin Jun 07, 2023 7 mins Machine Learning Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe