http://weblogs.asp.net/dvravikanth/archive/tags/OSS/default.aspxTags: OSSenCommunityServer 2007 SP1 (Build: 20510.895)http://weblogs.asp.net/dvravikanth/archive/2008/11/11/determine-the-security-risk-of-using-open-source-projects.aspxTue, 11 Nov 2008 08:04:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6729100dvravikanth0http://weblogs.asp.net/dvravikanth/rsscomments.aspx?PostID=6729100http://weblogs.asp.net/dvravikanth/archive/2008/11/11/determine-the-security-risk-of-using-open-source-projects.aspx#comments<P mce_keep="true">Visit the <A class="" title="Java open review" href="https://opensource.fortify.com/" target=_blank mce_href="https://opensource.fortify.com/">Java Open Review</A>, an open source project sponsored by Fortify Software which uses Fortify SCA tools and Findbugs to look for defects in software – as a service. It publishes aggregated statistics but has a "responsible disclosure policy", which means details of bugs found are fed back only to the authors.</P> <P mce_keep="true">The project on going basis analyses some common open source projects and other applications, including Hibernate, Struts, Spring, Apache frameworks and Tomcat then publishes list of defect free projects from quality &amp; security perspective.</P> <P mce_keep="true">Using Defect free project list, consumers can gauge the level of risk involved in different open source components.</P><img src="http://weblogs.asp.net/aggbug.aspx?PostID=6729100" width="1" height="1">Application SecurityOSSOpen source software security riskApplication Security Risk determination