Safety analysis software with BogoSec.

The article discusses the technique of working with BogoSec and its implementation, is considered BogoSec output information when working with some test cases, including the Apache Web server, OpenSSH, Sendmail, Perl, and others.

Background

Coordination Center of CERT (The CERT Coordination Center - CERT / CC) reported 5990 vulnerabilities in 2005, compared with 171 in 1995, many security vulnerabilities FOR occur because of poor methodologies employed in programming. Some vulnerabilities can be detected using a special algorithm source code scanners, set up to identify potential security problems. As the number and the risk of potential security holes in the line of code increases, it is reasonable to assume that the overall quality of the source code in terms of security is deteriorating. Indicators BogoSec - a calculated value reflecting the relative quality characteristics of security source code, which can be used for the purpose of comparison.

BogoSec was created to influence the developers so that they eventually began to write more secure source code. There are different scanners, which show developers to potentially unsafe code snippets, but developers are often reluctant to use such scanners as well as at first glance, there is a high probability of getting too unsafe (according to the program) code snippets, really is not. In addition, there are difficulties associated with the use of such scanners. BogoSec trying to reduce the number of “wrong diagnosis”, expanding the scope of scanning code through the use of multiple independent scanners. The result is high performance, allowing both the developers and users to compare and judge the quality of source code in terms of its security.

16 October 2006 | , , , , article, introduction, safety, server, work

Kernel Linux - real-time kernel
How to drop Linux-s

More reading: • La sécurité des logiciels d’analyse avec BogoSec. »»»
L’article aborde la technique de travailler avec BogoSec et son... • Sicherheits-Analyse-Software mit BogoSec. »»»
Der Artikel beschreibt die Technik des Arbeitens mit BogoSec und... • Анализ безопасности ПО при помощи BogoSec. »»»
В статье обсуждается методика работы с BogoSec и его внедрение,... • Аналіз безпеки ПЗ за допомогою BogoSec. »»»
У статті обговорюється методика роботи з BogoSec і його впровадження,... • Details on the use of Linux kernel to Google. »»»
At the summit held in October of Linux kernel developers...