OWASP

Tue Feb 26 15:22:27 UTC 2008

If you sell the libraries then you will be forced to pay. However, if
your libraries are available free of charge, then you can use services
such as http://opensource.fortifysoftware.com/

________________________________

From: john at threepoundfilms.com [mailto:john at threepoundfilms.com] On
Behalf Of John Ehn
Sent: Tuesday, February 26, 2008 10:14 AM
To: McGovern, James F (HTSC, IT)
Cc: specs at openid.net
Subject: Re: OWASP

James,

Considering that the majority of the individuals and organizations that
have created the OpenID libraries do not have access to vast sums of
cash to pay for these applications or services, do you recommend any
analysis software that is low cost or free?

Thanks,

John
extremeswank.com

On 2/26/08, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote: 

	I would be curious to know if the implementers of the various
OpenID
	libraries have used tools such as Ounce Labs
(www.ouncelabs.com),
	Coverity (www.coverity.com) and others to ensure that the OWASP
Top Ten
	(www.owasp.org) doesn't occur?

************************************************************************
*
	This communication, including attachments, is
	for the exclusive use of addressee and may contain proprietary,
	confidential and/or privileged information.  If you are not the
intended
	recipient, any use, copying, disclosure, dissemination or
distribution is
	strictly prohibited.  If you are not the intended recipient,
please notify
	the sender immediately by return e-mail, delete this
communication and
	destroy all copies.

************************************************************************
*

	_______________________________________________
	specs mailing list
	specs at openid.net
	http://openid.net/mailman/listinfo/specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080226/40c01996/attachment-0002.htm>