The Channel logo


By | John Leyden 28th July 2006 16:16

Tool uses Google to hunt for open source bugs

Call Bugle

A new research project aims to harness search engine Google to find security flaws in open source code. Bugle identifies common vulns using a (thus far) limited set of Google queries. So far the search queries look for cross-site scripting, SQL injection and buffer overflow flaws, for example.

Emmanouel Kellinis, the brains behind the project, a side-line to his regular job as a penetration tester with KPMG, is careful to describe Bugle as limited. Source code review is a complicated process and Bugle should be viewed as helping to give helpful pointer rather than an alternative to more comprehensive analysis, he advises

The release of Bugle comes a week after H D Moore published a Google-based malware search tool. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe