[FB-Announce] Fortify Software is now the lead sponsor of the FindBugs project

Fortify Software has become the lead sponsor of the FindBugs project.  
Fortify Software sells security products, including Source Code  
Analysis (SCA), a system for performing static analysis for security  
vulnerabilities. Support from Fortify Software has allowed the  
University of Maryland to hire a full time engineer, Brian Cole, to  
work on the open source FindBugs project. FindBugs can be run as a  
plugin in Fortify's SCA tool, and provides a unified toolset and  
workflow for generating, viewing and auditing warnings about both  
security and code quality defects. Full support for running FindBugs  
within SCA will be available in Fortify's fall release of SCA,  
although it can be demonstrated (with a few rough patches) in SCA  
version 3.5.1.

The support from Fortify Software has allowed us to do enough  
engineering and bug fixing that we are preparing to release the 1.0  
version of FindBugs within the next two weeks.

Bill Pugh


Press release


FORTIFY SOFTWARE SPONSORS FINDBUGS OPEN SOURCE PROJECT

Leading Java Error Detection Tool to Benefit from Unique Commercial-
Open Source Relationship


SAN FRANCISCO, Calif. – May 15, 2006 – Fortify Software Inc., a  
leading provider of security products that help companies identify,  
manage and remediate software vulnerabilities to mitigate enterprise  
security risk, today announced that Fortify has joined the FindBugs  
project as a sponsor, and is helping to expand the functionality of  
the open source tool, which has had over 200,000 downloads.

FindBugs, originally developed by William Pugh, professor at the  
University of Maryland, Packard Fellow, and a member of Fortify’s  
Technical Advisory Board, is an open source software tool which looks  
for bugs in Java programs and detects common coding mistakes. The  
software is based on the concept of bug patterns, and shows potential  
problems to programmers as they code.

In addition to its sponsorship, Fortify also announced Findbugs’  
integration with its award winning Fortify Source Code Analysis  
product.  Developers can run FindBugs in conjunction with Fortify  
Source Code Analysis, and can then load and view the results from  
various Fortify tools such as Fortify Audit Workbench and Fortify  
Software Security Manager, giving developers a central view of all  
results.

“Bugs are a fact of life. I try as hard as I can to write bug-free  
code, but still the bugs creep in,” said Josh Block, Chief Java  
technology architect at Google. “Since you can't avoid introducing  
bugs, it's critical to find and exterminate them. FindBugs is the  
easiest, most effective way I know to find the bugs that lurk in my  
code.”

“We are proud to support the FindBugs project, as a sponsor and  
through integration with our Fortify Source Code Analysis product,”  
said Barmak Meftah, Fortify’s Vice President of Engineering and  
Operations. “Our goal of ensuring software security and protecting  
the vital assets of our customers is complementary to FindBugs’ goal  
of finding bugs in Java software, and we are proud to align ourselves  
with this open source organization. We look forward to working with  
FindBugs, and helping them to develop and expand their leading bug-
finding tools.”

”FindBugs has been a very interesting project, and I’m excited that  
it has become so widely used and useful,” said William Pugh, a  
professor of Computer Science at the University of Maryland. “When  
David Hovemeyer, the Ph.D. student who developed FindBugs as part of  
his thesis, graduated, I was worried that we wouldn’t be able to  
maintain the level of engineering support that a widely used tool  
such as FindBugs needs, or do many other useful things not easily be  
funded by academic research grants. The partnership with Fortify  
Software is a win for everyone. It gives Fortify’s customers an  
integrated tool to detect bugs, and it gives us funds to support and  
improve the open source FindBugs infrastructure. The partnership with  
Fortify will help provide us with feedback on the real needs of  
production developers, and give us a strong and widely deployed  
platform on which to build additional tools to improve software  
reliability.”

About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by  
security flaws in business-critical software applications.  Its  
software security products, Fortify Source Code AnalysisSuite,  
Fortify Security Tester and Fortify Application Defense, drive down  
costs and security risks by automating key processes of developing  
and deploying secure applications. Fortify Software is backed by  
leading investors, including Kleiner, Perkins, Caufield & Byers, and  
a world-class team of software security advisors and partners. More  
information is available at www.fortifysoftware.com.

About FindBugs

FindBugs looks for bugs in Java programs and is free software,  
available under the terms of the Lesser GNU Public License. It is  
written in Java, and can be run with any virtual machine compatible  
with Sun's JDK 1.4. It can analyze programs written for any version  
of Java.   It can be run from the command line, from within Ant, a  
GUI tool, or IDE’s such as Eclipse and Netbeans. FindBugs was  
originally developed by David Hovemeyer and Bill Pugh. It is  
maintained by Bill Pugh, David Hovemeyer, Brian Cole, and a team of  
volunteers.  More information is available at http://
findbugs.sourceforge.net.
.

# # #

Press contact for Fortify:
Kim Milosevich, OutCast Communications
kim@...
415-392-8282
 
_______________________________________________
Findbugs-announce mailing list
Findbugs-announce@...
http://mailman.cs.umd.edu/mailman/listinfo/findbugs-announce