This directory contains reports with manual findings by security
consultants. Due to the limited resources (about 1.5 person-weeks),
the security experts analyzed two of the four test cases: Roller
and IRSSI.

- roller_cigital.xml
- irssi_cigital.xml

It also contains the reports augmented with our analysis - matching
tool warnings to the manual findings:

- roller_cigital_eval.xml
- irssi_cigital_eval.xml

These reports list tool warnings related to the manual findings
using the tag <related>.

Note. We did not attempt to find all related tool warnings for
each manual finding. Instead, we tried to find at least one related
warning from each tool.

Note. Some findings for Roller provide URLs instead of source file
names in the path attribute. We identified the corresponding
source file names and line numbers, and occasionally relevant code
fragments in the evaluation sections of the findings.

