OFBiz OFBiz - Dev

[jira] Created: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Nicolas Malin (Jira)
Fortify Open Source Security Report mentioned OFBiz
---------------------------------------------------

                 Key: OFBIZ-1900
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1900
             Project: OFBiz
          Issue Type: Bug
    Affects Versions: Release Branch 4.0
            Reporter: Shi Yusen
             Fix For: Release Branch 4.0


Though the evalution is positive, I think it would be better if somebody can contact them to make sure what security weeknesses exist in OFBiz.

http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp

You can get the brief report after registrition:
http://www.fortify.com/l/oss/oss_report.html

Thanks,

Shi Yusen/Beijing Langhua Ltd.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12617739#action_12617739 ]

Scott Gray commented on OFBIZ-1900:
-----------------------------------

Hi Shi

I did go to their Java Open Review website (http://opensource.fortify.com/) with the intention of registering but the register link was pointing to a login screen so I gave up.  Right now I can't even get their website to load.  I'll probably send them an email at some point to see if I can get access to the details.

> Fortify Open Source Security Report mentioned OFBiz
> ---------------------------------------------------
>
>                 Key: OFBIZ-1900
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1900
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Release Branch 4.0
>            Reporter: Shi Yusen
>             Fix For: Release Branch 4.0
>
>
> Though the evalution is positive, I think it would be better if somebody can contact them to make sure what security weeknesses exist in OFBiz.
> http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp
> You can get the brief report after registrition:
> http://www.fortify.com/l/oss/oss_report.html
> Thanks,
> Shi Yusen/Beijing Langhua Ltd.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Jacopo Cappellato-3
Reply | Threaded
Open this post in threaded view
|

Re: [jira] Commented: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Jacopo Cappellato-3
Speaking about security... maybe their website was brought down by an  
hacker :-)


On Jul 29, 2008, at 10:28 AM, Scott Gray (JIRA) wrote:

>
>    [ https://issues.apache.org/jira/browse/OFBIZ-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12617739 
> #action_12617739 ]
>
> Scott Gray commented on OFBIZ-1900:
> -----------------------------------
>
> Hi Shi
>
> I did go to their Java Open Review website (http://opensource.fortify.com/ 
> ) with the intention of registering but the register link was  
> pointing to a login screen so I gave up.  Right now I can't even get  
> their website to load.  I'll probably send them an email at some  
> point to see if I can get access to the details.
>
>> Fortify Open Source Security Report mentioned OFBiz
>> ---------------------------------------------------
>>
>>                Key: OFBIZ-1900
>>                URL: https://issues.apache.org/jira/browse/OFBIZ-1900
>>            Project: OFBiz
>>         Issue Type: Bug
>>   Affects Versions: Release Branch 4.0
>>           Reporter: Shi Yusen
>>            Fix For: Release Branch 4.0
>>
>>
>> Though the evalution is positive, I think it would be better if  
>> somebody can contact them to make sure what security weeknesses  
>> exist in OFBiz.
>> http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp
>> You can get the brief report after registrition:
>> http://www.fortify.com/l/oss/oss_report.html
>> Thanks,
>> Shi Yusen/Beijing Langhua Ltd.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>


smime.p7s (3K) Download Attachment
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shi Yusen updated OFBIZ-1900:
-----------------------------

    Attachment: OpenSource_Security_WP_v5.pdf

Please see the attachment. I'm not sure whether this is legal. Anyway, please read it first.:)

> Fortify Open Source Security Report mentioned OFBiz
> ---------------------------------------------------
>
>                 Key: OFBIZ-1900
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1900
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Release Branch 4.0
>            Reporter: Shi Yusen
>             Fix For: Release Branch 4.0
>
>         Attachments: OpenSource_Security_WP_v5.pdf
>
>
> Though the evalution is positive, I think it would be better if somebody can contact them to make sure what security weeknesses exist in OFBiz.
> http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp
> You can get the brief report after registrition:
> http://www.fortify.com/l/oss/oss_report.html
> Thanks,
> Shi Yusen/Beijing Langhua Ltd.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Scott Gray
Reply | Threaded
Open this post in threaded view
|

Re: [jira] Commented: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Scott Gray
In reply to this post by Jacopo Cappellato-3
I did chuckle to myself when it wouldn't load.


2008/7/29 Jacopo Cappellato <[hidden email]>:

> Speaking about security... maybe their website was brought down by an hacker
> :-)
>
>
> On Jul 29, 2008, at 10:28 AM, Scott Gray (JIRA) wrote:
>
>>
>>   [
>> https://issues.apache.org/jira/browse/OFBIZ-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12617739#action_12617739
>> ]
>>
>> Scott Gray commented on OFBIZ-1900:
>> -----------------------------------
>>
>> Hi Shi
>>
>> I did go to their Java Open Review website
>> (http://opensource.fortify.com/) with the intention of registering but the
>> register link was pointing to a login screen so I gave up.  Right now I
>> can't even get their website to load.  I'll probably send them an email at
>> some point to see if I can get access to the details.
>>
>>> Fortify Open Source Security Report mentioned OFBiz
>>> ---------------------------------------------------
>>>
>>>               Key: OFBIZ-1900
>>>               URL: https://issues.apache.org/jira/browse/OFBIZ-1900
>>>           Project: OFBiz
>>>        Issue Type: Bug
>>>  Affects Versions: Release Branch 4.0
>>>          Reporter: Shi Yusen
>>>           Fix For: Release Branch 4.0
>>>
>>>
>>> Though the evalution is positive, I think it would be better if somebody
>>> can contact them to make sure what security weeknesses exist in OFBiz.
>>> http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp
>>> You can get the brief report after registrition:
>>> http://www.fortify.com/l/oss/oss_report.html
>>> Thanks,
>>> Shi Yusen/Beijing Langhua Ltd.
>>
>> --
>> This message is automatically generated by JIRA.
>> -
>> You can reply to this email to add a comment to the issue online.
>>
>
>
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (OFBIZ-1900) Fortify Open Source Security Report mentioned OFBiz

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-1900.
----------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: Release Branch 4.0)
                   SVN trunk
         Assignee: David E. Jones

I asked for an account did not receive anything. Anyway we look good in the page Scott posted.

> Fortify Open Source Security Report mentioned OFBiz
> ---------------------------------------------------
>
>                 Key: OFBIZ-1900
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1900
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Release Branch 4.0
>            Reporter: Shi Yusen
>            Assignee: David E. Jones
>             Fix For: SVN trunk
>
>         Attachments: OpenSource_Security_WP_v5.pdf
>
>
> Though the evalution is positive, I think it would be better if somebody can contact them to make sure what security weeknesses exist in OFBiz.
> http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp
> You can get the brief report after registrition:
> http://www.fortify.com/l/oss/oss_report.html
> Thanks,
> Shi Yusen/Beijing Langhua Ltd.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Free forum by Nabble Edit this page