For the short term, rather than fixing anything in the first pass, I decided to simply suppress the warnings to address them later.
9 @SuppressFBWarnings("EI_EXPOSE_REP")These refer to the fact that java.util.Date isn't an immutable type; exchanging a reference to a Date means that the state of the domain model could be changed from the outside. Primitive values and immutable types like java.lang.String.
8 @SuppressFBWarnings("EI_EXPOSE_REP2")
6 @SuppressFBWarnings("SE_BAD_FIELD")This warning caught my attention, because it flags a pattern that I was already unhappy with in the implementation: value types that hold a reference to an entity. Here, the ValueObject abstraction is tagged as Serializable, but the entities are not, and so it gets flagged.
That the serialization gets flagged is just a lucky accident. The bigger question to my mind is whether or not nesting a entity within a value is an anti-pattern. In many cases, you can do as well by capturing the identifier of the entity, rather than the entity itself.
Those two issues alone cover about 75% of the issues flagged by spotbugs.