FORTIFY SOFTWARE SPONSORS FINDBUGS OPEN SOURCE
PROJECT
Leading Java Error Detection Tool to Benefit from Unique Commercial-Open
Source Relationship
SAN FRANCISCO, Calif. – May 16, 2006 – Fortify Software Inc., a leading provider of
security products that help companies identify, manage and remediate software vulnerabilities to
mitigate enterprise security risk, today announced that Fortify has joined the FindBugs project as
a sponsor, and is helping to expand the functionality of the open source tool that has had over
200,000 downloads.
FindBugs, originally developed by William Pugh, professor at the University of Maryland,
Packard Fellow, and a member of Fortify’s Technical Advisory Board, is an open source software
tool which looks for bugs in Java programs and detects common coding mistakes. The software is
based on the concept of bug patterns, and shows potential problems to programmers as they code.
In addition to its sponsorship, Fortify also announced Findbugs integration with its award
winning Fortify Source Code Analysis product. Developers can run FindBugs in conjunction
with Fortify Source Code Analysis and be able to load and view the results from various Fortify
tools such as Fortify Audit Workbench and Fortify Software Security Manager, giving developers
a central view.
“Bugs are a fact of life. I try as hard as I can to write bug-free code, but still the bugs creep in”
said Josh Bloch, Chief Java technology architect at Google. “Since you can't avoid introducing
bugs, it's critical to find and exterminate them. FindBugs is the easiest, most effective way I
know to find the bugs that lurk in my code.”
“We are proud to support the FindBugs project, both as a sponsor and with integration to our
Fortify Source Code Analysis product,” said Barmak Meftah, Fortify’s Vice President of
Engineering and Operations. “Our goal of ensuring software security and protecting the vital
assets of our customers is complementary to FindBugs’ goal of finding bugs in Java software, and
we are proud to align ourselves with this open source organization. We recognize the popularity
of FindBugs among Java developers and since the developer community is one of our key
audiences, we look forward to working with FindBugs, and helping them to develop and expand
their leading bug-finding tools.”
” FindBugs has been a very interesting project, and I’m excited and happy that it has become
something widely used and useful,” said William Pugh, a professor of Computer Science at the
University of Maryland. “We recently reached a milestone of 200,000 downloads. As David
Hovemeyer, the Ph.D. student who developed FindBugs as part of this thesis, graduated, I was
very worried that we wouldn’t be able to maintain the level of engineering support that a widely
used tool such as FindBugs needs, or do many other useful things that couldn’t easily be funded
by academic research grants. The partnership with Fortify Software is a win for everyone. It
gives Fortify’s customers an integrated tool to detect bugs, and it gives us funds to support and
improve the open source FindBugs infrastructure. The partnership with Fortify will help provide
