Question on Static Analysis

[James.McGovern at thehartford.com (McGovern, James F. (eBusiness))]

Noodling the value proposition of static analysis and wonder if vendors
in this space are doing the right thing. For example, Gary McGraw was
one of the first to point out insecure APIs within Java such as readLine
not having a parameter to indicate max read. Is there merit in vendors
figuring out how to perform same function within commercial products?
For example, there are insecure APIs in IBM MQ/Series, Struts, Spring,
etc. 

Is there merit in collecting this type of information as a new OWASP
project?
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, 
confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, 
dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender 
immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20091120/dea25772/attachment.htm>