Asiri Rathnayake wrote:
Hi,
I too have worked with FindBugs and I think it's a good tool. May be it's a
good idea to fix at least P1 bugs in core. Anyway, I personally don't like
these tools (don't ask me why :P)
What I really liked, was the fact, that I could learn a great deal about
my own code that is relevant to some bug prone or security related
behavior, especially because the description is always very informative.
Most of these "bugs" are already detected by the checkstyle maven
plugin. But most of the code does not pass the checkstyle, as the effort
to "fix" all the code is huge. The strategy is to provide clean
implementations when creating new components.
--
Sergiu Dumitriu