Fair enough. It's pretty darn fun to search for silly things. My
favorite so far is to search for **cker (you fill in the blanks
yourself). Surprising how many people curse in their comments.
Given the importance of config files for most modern frameworks,
searching for XML config foo is interesting as well.
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
-Original Message-
From: mikeiscool [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 11, 2006 4:50 PM
To: Gary McGraw
Cc: SC-L@securecoding.org; Neil Daswani
Subject: Re: [SC-L] Google code search: good or bad?
good or bad, it's quite old. www.koders.com has been doing it for
years. considering the source is available for anyone to download
anyway, and investigate themselves, i don't see the big deal. the
engines just let you search a whole bunch at once, and why would any
one company/product care about that? if you want to target them, you
do. if you just want to find a bug in any given open source product,
then one of these may be slightly useful.
if the main concern is that code can accidently get online, well that
problem has been around forever and will never go away. better to
expose it and have it dealt with, really.
all in all, no big deal. jmho.
-- mic
On 10/12/06, Gary McGraw [EMAIL PROTECTED] wrote:
Hi all,
I spoke to Dennis Fisher about the Google code searching stuff that's
been floating around on the list for a few weeks (since the original
Bugle posting). Here's the resulting article:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1
222898,00.html
BTW, I wrote about this idea in my own article on darkreading back in
August:
http://www.darkreading.com/document.asp?doc_id=100643
What do you guys think about the capability? Is it good or is it bad?
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
This electronic message transmission contains information that may be
confidential or privileged. The information contained herein is intended
solely for the recipient and use by any other party is not authorized. If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited. If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message. Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
