Shostack + Friends Blog Archive

 

Meet the Bugles

bugle.jpg
Check out Bugle [link to http://www.cipher.org.uk/index.php?p=projects/bugle.project no longer works], a collection of google searches that look for known general classes of vulnerabilities in source code such as buffer overflows and format string issues. The list is far from complete and is no replacement for real static analysis but will should get you a lot of low hanging fruit.
[Via FIRST News.]