developerWorks: Software Security Analysis with BogoSec

[ Thanks to An Anonymous Reader for
this link. ]

“BogoSec is a source code metric tool that wraps multiple source
code scanners, invokes them on its target code, and produces a
final score that approximates the security quality of the code.
This article discusses the BogoSec methodology and implementation,
and illustrates the output of BogoSec when run on a number of test
cases, including Apache Web server, OpenSSH, Sendmail, Perl, and

“The CERT Coordination Center (CERT/CC) reported 5,990
vulnerabilities in 2005 compared with 171 in 1995…”

Complete Story