lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Hatcher <>
Subject Re: Lucene code review
Date Fri, 15 Dec 2006 04:43:33 GMT

On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote:
> Just spotted this on Slashdot:  http:// 
> I wonder what the 3 defects they found and reviewed are... I don't  
> see a way to see them from their site.

I had an early peek at the Fortify analysis of several open source  
projects, primarily Lucene, Nutch, and Solr.  Lucene and Nutch both  
had very minor cosmetic issues (don't recall off the top of my head  
what they were).  Solr had cross-site scripting issues in its JSP  
pages, which I think are now all fixed (?).

Brian Chess at Fortify was instrumental in the analysis and is eager  
to work with open source communities closely to have these types of  
analyses automated and useful to the projects.  I'm sure we'll hear  
more from his organization in the near future.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message