Bugle uses Google to Find Open Source Security Bugs

By Steve Bryant  |  Posted 2006-07-25 Print this article Print

Google can help coders find security bugs in open source code on the Internet, according to a new research project.

The project, called Bugle, identifies common vulnerabilities in open source code using a collection of Google queries. The author of the project, Emmanouel Kellinis, has so far released a search string flaw that can help identify buffer overflows, integer overflows, format string, command injection, SQL injection and cross-site scripting flaws.

Bugle can help identify bad code practices and suspicious comments, and trigger Google Alerts.

The release comes less than a week after H.D. Moore's malware search project, which offers a Web interface to find live malware samples via Google queries.

Bugle's release also comes at a time when Google is preparing to announce a new service for the open source community.

Bugle author Kellinis is a security penetration tester for KPMG in London, but the project is a private venture.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel