commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject [ALL] Update to commons security page
Date Tue, 15 Oct 2019 09:58:36 GMT
It might be useful to add a note to the commons security page about
automated vulnerability checkers.

These tend to produce a lot of false positives and may report items
which could never be a security issue (e.g. poor code style, dead
code).

Even if the issue is potentially a vulnerability, it often depends on
the context.
This is particularly true of Commons - the code generally relies on
the application to do validation of input parameters.

Thoughts?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message