A new research project aims to harness search engine Google to find security flaws in open source code. Bugle identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.

Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises

The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®

Related stories

Google's Lemon squeezes out web app bugs (18 July 2007)
Google security vulnerabilties stack up (3 June 2007)
Cookie monster menaces Google (18 January 2007)
Google Code Search peers into programs' flaws (8 October 2006)
Google bundles software apps (29 August 2006)
Google offers malware warnings (7 August 2006)
Trojan poses as Google Toolbar (20 July 2006)
Google-based malware search tool surfaces (18 July 2006)
Search results lead to malicious sites (16 May 2006)
Botnet implicated in click fraud scam (15 May 2006)
Google concedes desktop security risk (21 February 2006)
Google AdSense Trojan prowls cyberspace (30 December 2005)
Desktop search and malware: friend or foe? (13 October 2005)
Hacking Google for fun and profit (4 April 2005)