October 9, 2006

"Google Code Search can easily be used to create thousands of new code analysis tools"

Except for people in the business of scaring other people, i.e. security experts, is anybody buying the The "this will give hackers the advantage" response to Google Code Search?

  • Google wasn't first with this kind of service, it already exists
  • If vulnerabilites are that easy to find in source we are going to have much better source analysis tools really, really soon. In which case we all win. Antivirus for source code. Nice.
  • Since all of this source is already published, wouldn't people already be trying this?

I'll buy that code search makes certain kinds of copy paste in source code easy to find, and this might mean that it is easier to find strains of broken ideas - but at least one concrete example of a vulnerability would have been nice to go with the alarmist reporting.

(ah, ok here are a few examples. Copy paste it was. People reuploading code but with changed password. Interesting case. Imagine Google actually warning these people, wouldn't that be nice.)

Posted by Claus at October 9, 2006 9:11 PM
Post a comment