[SystemSafety] Static Analysis

From: Peter Bernard Ladkin < >
Date: Tue, 25 Feb 2014 21:40:54 +0100

Apparently Apple doesn't perform any kind of static analysis on critical code. This in its SSL certificate-checking library. http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next

As the article points out, a simple automated reachability analysis would have highlighted the anomaly. Note that it has been out there in the open for a while - the code is open source.

It`'s hard to believe. Does stuff like this happen in the safety-critical area to leading companies still?

Very nice piece of tech reporting from the Guardian, though.

PBL Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Feb 25 2014 - 21:41:05 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST