CWE Top Most Dangerous Software Weaknesses

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Web Frameworks Java Framework OpenAPI Spring

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Spring

    Spring Framework

    • Mitre really lost a lot of respect with CVE-2016-1000027. Every few weeks a warning that any SpringBoot 2.x project has a CVSS 9.8, which causes all sorts of heartache for those of us bound to CVE remediation. Every blasted security tool reports this one. Spring reviewed and rejected, as did our very, very large organization. Comically, this has become the CVE we use to see how our tools allow us to white/black list entries.

    Thank god Spring dropped this interface in the Framework 6.x / Boot 3.x release, and the end for non-commercial support is this year for the old stuff.

    https://github.com/spring-projects/spring-framework/issues/2...

  • GHSA-4wrc-f8pq-fpqp

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cats

    CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. (by Endava)

    • Out of this frustration I've built: https://github.com/Endava/cats. It's for APIs, but mostly addressing exactly this case: don't use strings for everything, if you choose to use it though, make sure you add patterns for checking if things are valid, make sure you think about all the corner cases and all the weird characters that can brake you app, and so on.

  • tigerbeetle

    The distributed financial transactions database designed for mission critical safety and performance.

    • > There is no reason to use a memory unsafe language anymore, except legacy codebases, and that is also slowly but surely diminishing. I'm still yet to hear this amazingly compelling reason that you just need memory unsafe languages. In terms of cost/benefits analysis, memory unsafety is literally all costs.

    Tell that to the authors of new memory unsafe languages (like Zig) and creators of new project in those languages (like https://tigerbeetle.com) :(

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • JHipster 8 - Analisando o código da nossa primeira aplicação monolítica - Parte 2/3

    1 project | dev.to | 6 May 2024

  • AI PR adds auto generated comments to whole Spring Boot Project

    1 project | news.ycombinator.com | 27 Feb 2024

  • AI commented the entire Spring Boot codebase

    2 projects | news.ycombinator.com | 26 Feb 2024

  • Spring Boot 3.2.0 Release Notes

    1 project | news.ycombinator.com | 23 Nov 2023

  • The Game of Life, the Universe, and Everything: Java Virtual Threads in Action

    1 project | dev.to | 11 Oct 2023