Hi zentra,

From elsewhere in the PDF I linked to:

"The basic methodology of BogoSec is as follows:

1. Execute each scanner present on target source code or tree

2. Parse output of each scanner, determining the filename, line number, severity, description of each possible vulnerability

3. Interpret the severity indicator and adjust to a common scale (by default, 10 being most severe, 1 being least severe) to calculate .severity points.

4. Report the total number of vulnerability severity points, as well as the total number of lines analyzed by each scanner

5. Calculate and report the BogoSec final score:

BogoSecFinalScore=TotalVulnerabilityPointsFromAllScanners / TotalLinesO fCodeAnalyzedByAllScanners"

To get the most value from the output I believe the user would be required to familiarise themselves with the scanners that BogoSec uses, and what they are searching for. At the moment I have not had a chance to play around with this. Perhaps the full output lists the vulnerability and the line number it occurs. IMHO the output is only of value if you can use it to investigate the reported vulnerabilities and take action based on the output of these tools. Once I have some spare time I will check this out in detail and report back :)

Martin