Description Bill Thrall 2013-05-29 20:18:05 EDT

We have integrated the BIRT viewer and report engine into an internal GE Capital application to generate a context-sensitive report from application data.  When we had the GE Security COE run a mandatory bi-annual security scan on the application code, they flagged a total of 103 instances across 11 types of vulnerabilities and code issues within the BIRT library included in our code base.  
Attached is the summary of the BIRT-related findings from that security review.  I need to know ASAP which of these items you are both willing and able to resolve, and the timeline for that remediation effort, plus explanations as to why you cannot resolve any that you don't plan to remediate as we are required to get all identified vulnerabilities remediated if possible.
Note that some of these vulnerabilities may actually be false positives, and that is a valid explanation if that is truly the case; you are certainly not obligated to cripple the tool to 'resolve' valid and necessary sections of code.