Friday, July 21, 2006

Searching for Source Code Security Vulnerabilities

While Google was quick enough to censor the colourful Malware Search logo -- colourful branding -- here's another recently started initiative, Bugle - a google based source code bug finder :

"Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully people will start sending more queries. Source code review is not a straight forward operation , using the list you will get pinpoints and not definite results."

It could easily help you spot source code containing common bugs without the need of using a scientific model to predict vulnerabilities, but you should also consider the powerful source code search engine Koders which is currently searching 225,816,744 lines of code, and provides you with the option to segment your queries based on programming language.

Related resources:
SecureProgramming.com - latest update January, 2005, useful links through
An overview of common programming security vulnerabilities and possible solutions
Insecure Programming by example
Top 7 PHP Security Blunders

No comments:

Post a Comment