Rick Leir - 2010-09-03

Mike Ware writes "FindBugs only tracks data flow within a single class file (i.e., intra-procedural analysis). To put in context, FindBugs can't identify a SQL injection vulnerability where data flows across class/language boundaries: data is input in the view layer, persisted in entity classes or a model, and eventually sent to insecure DAO classes"

Is this still true?