Interesting analysis -- Fortify's rankings of open source software included centralized email address and contact information for reporting security vulnerabilities. This naturally favors the corporate-run open source projects (such as JBoss) as opposed to distributed community efforts.
