Google can help coders find security bugs in open source code on the Internet, according to a new research project.
The project, called Bugle, identifies common vulnerabilities in open source code using a collection of Google queries. The author of the project, Emmanouel Kellinis, has so far released a search string flaw that can help identify buffer overflows, integer overflows, format string, command injection, SQL injection and cross-site scripting flaws.
Bugle can help identify bad code practices and suspicious comments, and trigger Google Alerts.
The release comes less than a week after H.D. Moore’s malware search project, which offers a Web interface to find live malware samples via Google queries.
Bugle’s release also comes at a time when Google is preparing to announce a new service for the open source community.
Bugle author Kellinis is a security penetration tester for KPMG in London, but the project is a private venture.