developerWorks: Software Security Analysis with BogoSec
May 09, 2006, 10:45 (0 Talkback[s])
(Other stories by Dustin Kirkland, Loulwa Salem)
[ Thanks to An Anonymous Reader for
this link. ]
"BogoSec is a source code metric tool that wraps multiple source
code scanners, invokes them on its target code, and produces a
final score that approximates the security quality of the code.
This article discusses the BogoSec methodology and implementation,
and illustrates the output of BogoSec when run on a number of test
cases, including Apache Web server, OpenSSH, Sendmail, Perl, and
"The CERT Coordination Center (CERT/CC) reported 5,990
vulnerabilities in 2005 compared with 171 in 1995..."