BogoSec: Security Quality Metric

	Home
	About
	Scanners
	Documentation
	Download

BogoSec : Source Code Security Quality Metric

BogoSec is developed by IBM's Linux Technology Center.
Licensed under CPL, and available on sourceforge.net.

Implementation

Command line Perl script that wraps various scanners available on the system
Currently, BogoSec has support to analyze C/C++ code.
Easily extendabile framework (with accompanying Perl modules for each scanner)

Methodology

Execute each scanner present on the system

Parse the output file of each scanner

Interpret the severity indicator and adjust to a common scale (By default 0-10)

Tally the total lines of code and severity points for each scanner

Tally the total severity points and lines of code

Calculate the final score (Final Score = Total severity points / Total lines of code)

Block Diagram