Secure Coding mailing list archives
Google code search: good or bad?
From: gem at cigital.com (Gary McGraw)
Date: Wed, 11 Oct 2006 16:55:42 -0400
Fair enough. It's pretty darn fun to search for silly things. My favorite so far is to search for "**cker" (you fill in the blanks yourself). Surprising how many people curse in their comments. Given the importance of config files for most modern frameworks, searching for XML config foo is interesting as well. gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com -----Original Message----- From: mikeiscool [mailto:michaelslists at gmail.com] Sent: Wednesday, October 11, 2006 4:50 PM To: Gary McGraw Cc: SC-L at securecoding.org; Neil Daswani Subject: Re: [SC-L] Google code search: good or bad? good or bad, it's quite old. www.koders.com has been doing it for years. considering the source is available for anyone to download anyway, and investigate themselves, i don't see the big deal. the engines just let you search a whole bunch at once, and why would any one company/product care about that? if you want to target them, you do. if you just want to find a bug in any given open source product, then one of these may be slightly useful. if the main concern is that code can accidently get online, well that problem has been around forever and will never go away. better to expose it and have it dealt with, really. all in all, no big deal. jmho. -- mic On 10/12/06, Gary McGraw <gem at cigital.com> wrote:
Hi all, I spoke to Dennis Fisher about the Google code searching stuff that's been floating around on the list for a few weeks (since the original Bugle posting). Here's the resulting article:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1
222898,00.html BTW, I wrote about this idea in my own article on darkreading back in August: http://www.darkreading.com/document.asp?doc_id=100643 What do you guys think about the capability? Is it good or is it bad? gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com
---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------
Current thread:
- Google code search: good or bad? Gary McGraw (Oct 11)
- Google code search: good or bad? mikeiscool (Oct 11)
- <Possible follow-ups>
- Google code search: good or bad? Gary McGraw (Oct 11)