Sunday, October 08, 2006

Networkworld gets it wrong! about Google source search.

I was searching for social networking software and information for weseepeople when I landed on of my favorite news magazines, both in print and online, Got it wrong about Googles source code search engine. At least they posted it directly from IDG without checking out the article. The article is not even a half right in my view.
Article starts off with;
"The company's new source-code search engine, unveiled Thursday as a tool to help simplify life for developers, can also be misused to search for software bugs, password information and even proprietary code that shouldn't have been posted to the Internet, security experts said Friday."

Well the ratio of hackers (crackers) to developers (real hackers) vastly out number the first and there for benefit is higher than the assumed misuse. Also before google code search ever came online, there were many other source code search engines were in use and I do not know about any of the crackers benefiting from those engines. May be they are not telling me.
Here are some sites for the editors, and the writer of the article;
Krugle, my favorite,
Koders is another,
Ruby focused source search,
And you can build your own with this tool, remember hackers and hackers are both resourceful people.
One of the people who gave the ideas to the writer is from source code analysis company (Editor fix those links!) and if people could analyse their own code with tools like the ones above, fortify might not need to fortify any more. But a visit to site and checking out services etc, fortify will have work some time to go! ;).
The other company (another broken link) which gave the information csc, get's it right;
"Skilled hackers may already be able to do this type of search with Google's Web search engine, but Code Search is "another tool that makes it a tad easier for the attacker," says Johnny Long, a security researcher with Computer Sciences Corp"
But still misses the point about other source code search engines.
But think again, about the benefit to the developers, able to find proprietary code in open source software before being used in a project. Or to find out what crackers see before hacking an open source project.
For the record, I did search for the same phrase on all the above engines and came away with almost the same results.
The writers phrase, "this file contains proprietary," was used and on google it found one and on koders it found 9!

No comments: