Google Goes Deep...Real Deep...

Security professionals warned developers on Thursday, October 5, that they need to be aware that their open−source repositories can now be easily mined, allowing attackers to target programs that are likely to be flawed. While Google could previously be used to look for specific strings, now the search engine riffles through code that much better. "It is going deeper into places where code is publicly available, and it's clearly picking up stuff really well," said Chris Wysopal, chief technology officer of security startup Veracode. "This makes it easier and faster for attackers to find vulnerabilities −− not for people that want to attack a (specific) Website, but for people that want to attack any Website." Google announced on Thursday that the tool is now available for public use. Google Code Search digs through open−source code repositories on the Internet, compiling the large amount of source code available on the Web into an easily searchable database. Google reiterated on Thursday that the tool is intended to help programmers to find coding examples and obscure function definitions, not parse for flaws.

Google Code Search Engine: http://www.google.com/codesearch

Source: http://www.securityfocus.com/news/11417?ref=rss