Fortify Software Sponsors FindBugs Open Source Project


Leading Java Error Detection Tool to Benefit from Unique Commercial-Open Source Relationship

SAN FRANCISCO, Calif., May 15 /PRNewswire/ -- Fortify Software Inc., a leading provider of security products that help companies identify, manage and remediate software vulnerabilities to mitigate enterprise security risk, today announced that Fortify has joined the FindBugs project as a sponsor, and is helping to expand the functionality of the open source tool, which has had over 200,000 downloads.

FindBugs, originally developed by William Pugh, professor at the University of Maryland, Packard Fellow, and a member of Fortify's Technical Advisory Board, is an open source software tool which looks for bugs in Java programs and detects common coding mistakes. The software is based on the concept of bug patterns, and shows potential problems to programmers as they code.

In addition to its sponsorship, Fortify also announced Findbugs' integration with its award winning Fortify Source Code Analysis product. Developers can run FindBugs in conjunction with Fortify Source Code Analysis, and can then load and view the results from various Fortify tools such as Fortify Audit Workbench and Fortify Software Security Manager, giving developers a central view of all results.

"Bugs are a fact of life. I try as hard as I can to write bug-free code, but still the bugs creep in," said Josh Block, Chief Java technology architect at Google. "Since you can't avoid introducing bugs, it's critical to find and exterminate them. FindBugs is the easiest, most effective way I know to find the bugs that lurk in my code."

"We are proud to support the FindBugs project, as a sponsor and through integration with our Fortify Source Code Analysis product," said Barmak Meftah, Fortify's Vice President of Engineering and Operations. "Our goal of ensuring software security and protecting the vital assets of our customers is complementary to FindBugs' goal of finding bugs in Java software, and we are proud to align ourselves with this open source organization. We look forward to working with FindBugs, and helping them to develop and expand their leading bug-finding tools."

"FindBugs has been a very interesting project, and I'm excited that it has become so widely used and useful," said William Pugh, a professor of Computer Science at the University of Maryland. "When David Hovemeyer, the Ph.D. student who developed FindBugs as part of his thesis, graduated, I was worried that we wouldn't be able to maintain the level of engineering support that a widely used tool such as FindBugs needs, or do many other useful things not easily be funded by academic research grants. The partnership with Fortify Software is a win for everyone. It gives Fortify's customers an integrated tool to detect bugs, and it gives us funds to support and improve the open source FindBugs infrastructure. The partnership with Fortify will help provide us with feedback on the real needs of production developers, and give us a strong and widely deployed platform on which to build additional tools to improve software reliability."

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify Source Code AnalysisSuite, Fortify Security Tester and Fortify Application Defense, drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software is backed by leading investors, including Kleiner, Perkins, Caufield & Byers, and a world-class team of software security advisors and partners. More information is available at www.fortifysoftware.com.

About FindBugs

FindBugs looks for bugs in Java programs and is free software, available under the terms of the Lesser GNU Public License. It is written in Java, and can be run with any virtual machine compatible with Sun's JDK 1.4. It can analyze programs written for any version of Java. It can be run from the command line, from within Ant, a GUI tool, or IDE's such as Eclipse and Netbeans. FindBugs was originally developed by David Hovemeyer and Bill Pugh. It is maintained by Bill Pugh, David Hovemeyer, Brian Cole, and a team of volunteers. More information is available at findbugs.sourceforge.net/ .

Source: Fortify Software Inc.

CONTACT: media, Kim Milosevich of OutCast Communications,
+1-415-392-8282, or kim@outcastpr.com, for Fortify Software, Inc.

Web site: findbugs.sourceforge.net/

Web site: www.fortifysoftware.com/

All Topics