A new research project aims to harness search engine Google to find security flaws in open source code. Bugle identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.

Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises

The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®

Related stories

• Google's Lemon squeezes out web app bugs (18 July 2007)
• Analysis Google security vulnerabilties stack up (3 June 2007)
• Cookie monster menaces Google (18 January 2007)
• Google Code Search peers into programs' flaws (8 October 2006)
• Google bundles software apps (29 August 2006)
• Google offers malware warnings (7 August 2006)
• In brief Trojan poses as Google Toolbar (20 July 2006)
• Google-based malware search tool surfaces (18 July 2006)
• Search results lead to malicious sites (16 May 2006)
• Botnet implicated in click fraud scam (15 May 2006)
• Google concedes desktop security risk (21 February 2006)
• Google AdSense Trojan prowls cyberspace (30 December 2005)
• Desktop search and malware: friend or foe? (13 October 2005)
• Hacking Google for fun and profit (4 April 2005)