The company's new source-code search engine,
unveiled Thursday as a tool to help simplify life for developers, can
also be misused to search for software bugs, password information, and
even proprietary code that shouldn't have been posted to the Internet
in the first place, security experts said Friday.
Unlike Google's main Web search engine, Google Code Search
peeks into the actual lines of code whenever it finds source-code files
on the Internet. This will make it easier for developers to search
source code directly and dig up open-source tools they may not have
known about, but it has a drawback.
downside is that you could also use that kind of search to look for
things that are vulnerable and then guess who might have used that code
snippet and then just fire away at it,” said Mike Armistead, vice
president of products with source-code analysis provider Fortify
Give 'em an inch… Read the full article from Infoworld.