Original URL: http://www.theregister.co.uk/2006/07/28/bugle/
Tool uses Google to hunt for open source bugs
Call Bugle
Posted in Security, 28th July 2006 16:16 GMT
Free whitepaper – Dell IT infrastructure services brochure
A new research project aims to harness search engine Google to find security flaws in open source code. Bugle (http://www.cipher.org.uk/index.php?p=projects/bugle.project) identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.
Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises
The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®