cowboy me, 2.0: jose nazario beauty and the street

insecurity stats via google codesearch

some closing throughts on google codesearch for today after i tried some more security bug-class specific requests. this is just based on the "1-10 of about N" report from google. note that they cover a lot of older versions of software (but plenty of people still use it).

some stats based on simple queries used to find bugs (ie based on some reasonable regular expressions). this is by no means scientific, i think these are only ballpark figures. factors that are not accounted for include old versions that get indexed, variable passing and scrubbing, actually guarded, safe uses of some of these scenarios, and the like.

if you're feeling like you need to make some waves on bugtraq, have fun. now you can see why i hacked on this for the past couple of days. it's addictive :)

i leave the bulk of the regular expression generation up to you.



next Monday, Oct 09, 2006 @ 10:26am | previous Saturday, Oct 07, 2006 @ 09:05pm | archives

Last modified: Saturday, Oct 07, 2006 @ 09:34pm
Weblog Commenting and Trackback by

Your Ad Here

copyright © 2002-2015 jose nazario, all rights reserved.