Google Code Search peers into programs' flaws


Want to know which programs have security issues that need to be fixed? Using Google Code Search, finding likely candidates is a snap. Security professionals warned developers on Thursday that they need to be aware that their open source repositories can now be easily mined, allowing attackers to target programs that are likely to be flawed. While Google could previously be used to look for specific strings, now the search engine riffles through code that much better.

"It is going deeper into places where code is publicly available, and it's clearly picking up stuff really well," said Chris Wysopal, chief technology officer of security startup Veracode. "This makes it easier and faster for attackers to find vulnerabilities--not for people that want to attack a (specific) Web site, but for people that want to attack any Web site." Google Code Search peers into programs' flaws

Technorati Tag: ,

Linked by shanmuga Saturday, 7th October 2006 11:07PM