Hi zentra,

From elsewhere in the PDF I linked to:

"The basic methodology of BogoSec is as follows:

1. Execute each scanner present on target source code or tree

2. Parse output of each scanner, determining the filename, line number, severity, description of each possible vulnerability

3. Interpret the severity indicator and adjust to a common scale (by default, 10 being most severe, 1 being least severe) to calculate .severity points.

4. Report the total number of vulnerability severity points, as well as the total number of lines analyzed by each scanner

5. Calculate and report the BogoSec final score:

BogoSecFinalScore=TotalVulnerabilityPointsFromAllScanners / TotalLinesO fCodeAnalyzedByAllScanners"

To get the most value from the output I believe the user would be required to familiarise themselves with the scanners that BogoSec uses, and what they are searching for. At the moment I have not had a chance to play around with this. Perhaps the full output lists the vulnerability and the line number it occurs. IMHO the output is only of value if you can use it to investigate the reported vulnerabilities and take action based on the output of these tools. Once I have some spare time I will check this out in detail and report back :)

Martin

In reply to Re^4: Software security analysis with BogoSec by marto
in thread Software security analysis with BogoSec by marto

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.