commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claude Warren <cla...@xenei.com>
Subject Re: [ALL] Update to commons security page
Date Tue, 15 Oct 2019 10:02:49 GMT
If the style is to rely on external code to do input validation, then I
think that should be in the javadocs as well as on the page you mention.

Claude

On Tue, Oct 15, 2019 at 10:59 AM sebb <sebbaz@gmail.com> wrote:

> It might be useful to add a note to the commons security page about
> automated vulnerability checkers.
>
> These tend to produce a lot of false positives and may report items
> which could never be a security issue (e.g. poor code style, dead
> code).
>
> Even if the issue is potentially a vulnerability, it often depends on
> the context.
> This is particularly true of Commons - the code generally relies on
> the application to do validation of input parameters.
>
> Thoughts?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

-- 
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message