The Register® — Biting the hand that feeds IT

Feeds

Tool uses Google to hunt for open source bugs

Call Bugle

Hitachi IT Operations Analyzer: 30-day free trial

A new research project aims to harness search engine Google to find security flaws in open source code. Bugle identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.

Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises

The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®

Hitachi IT Operations Analyzer: 30-day free trial