Bugle – Google Source Code Bug Finder
Bugle is a project that consists of Google queries that help identify security bugs in open source software. This is a very interesting concept and while it may help hackers find vulnerabilities in software easier than scouring the code, I think it is more useful for open source project teams.
By their very nature, open source projects are generally collaborative and therefore it is easy for unsecure code to creep in. The Bugle technique effectively helps detect high-level vulnerabilities in contributed code that has not been carefully scrutinized by the project security administrator.
This brings up another topic, which is better suited for its own post, but I will briefly mention here. While open source is supposed to result in more secure code because many more eyeballs are reviewing the code, the reality is that few people that use open source software actually look at the code. Most people are in it for the “free” aspect, not necessarily for the code. If the project developers miss a vulnerability in the code, it may not be detected for a long time. How is this any different from commercial, closed source projects?