Security audits on open source Java apps

Fortify, a company which develops software for conducting security audits on code, provided complimentary service for auditing open source projects. They've concluded that Java inherently enforces programmers to write secure code than C or C++ . Also they've found very few issues with Tomcat, Struts and Spring; thereby crediting greater assurance to these projects. I think I'll probably go over the entire report sometime.