Original URL: http://www.theregister.co.uk/2006/07/28/bugle/

Tool uses Google to hunt for open source bugs

Call Bugle

By John Leyden

Posted in Security, 28th July 2006 16:16 GMT

A new research project aims to harness search engine Google to find security flaws in open source code. Bugle identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.

Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises

The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®