BogoSec : Source Code Security Quality Metric
BogoSec is developed by IBM's Linux Technology Center.
Licensed under CPL, and available on sourceforge.net.
Command line Perl script that wraps various scanners available on the system
Currently, BogoSec has support to analyze C/C++ code.
Easily extendabile framework (with accompanying Perl modules for each scanner)
Execute each scanner present on the system
Parse the output file of each scanner
Interpret the severity indicator and adjust to a common scale (By default 0-10)
Tally the total lines of code and severity points for each scanner
Tally the total severity points and lines of code
Calculate the final score (Final Score = Total severity points / Total lines of code)