[ Thanks to An Anonymous Reader for
this link. ]
“BogoSec is a source code metric tool that wraps multiple source
code scanners, invokes them on its target code, and produces a
final score that approximates the security quality of the code.
This article discusses the BogoSec methodology and implementation,
and illustrates the output of BogoSec when run on a number of test
cases, including Apache Web server, OpenSSH, Sendmail, Perl, and
others.“The CERT Coordination Center (CERT/CC) reported 5,990
vulnerabilities in 2005 compared with 171 in 1995…”