You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by duttaab <ab...@actiance.com> on 2018/04/10 07:15:17 UTC

Veracode Scan

Hi,

As part of security compliance we need to run Veracode scan on our products.
One of our products running on Linux (RHEL 7) use ActiveMQ (C++ lib)
extensively for IPC.  The scan has reported following errors and their
severity.

        Type                               Severity
        --------------------------------------
1. Buffer Overflow                  Very High
2. Numeric Errors                   Very High
3. Buffer Mgmt.                      Medium

Wanted to know is there any one in the AcitiveMQ user community who has run
Veracode and if so, please share your experience or thought to mitigate the
issues.

~Thanx
Abhijit





--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html

Re: Veracode Scan

Posted by Илья Шипицин <ch...@gmail.com>.

veracode is paid software.

can you provide (maybe in private) detailed report ?

2018-04-10 12:15 GMT+05:00 duttaab <ab...@actiance.com>:

> Hi,
>
> As part of security compliance we need to run Veracode scan on our
> products.
> One of our products running on Linux (RHEL 7) use ActiveMQ (C++ lib)
> extensively for IPC.  The scan has reported following errors and their
> severity.
>
>         Type                               Severity
>         --------------------------------------
> 1. Buffer Overflow                  Very High
> 2. Numeric Errors                   Very High
> 3. Buffer Mgmt.                      Medium
>
> Wanted to know is there any one in the AcitiveMQ user community who has run
> Veracode and if so, please share your experience or thought to mitigate the
> issues.
>
> ~Thanx
> Abhijit
>
>
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>