Re: [SystemSafety] Static Analysis

From: Matthew Squair < >
Date: Wed, 26 Feb 2014 15:00:47 +1100


There's also a 'fail deadly' error logic in the code as well (I think).

The status of the crypto check is undefined until after the function defines it so the function can terminate and the calling functions none the wiser as to whether it did the job. Better to explicitly set the status as 'invalid' upfront ensuring that if the system fails it will fail to a safe state.

Perhaps we should send Apple security a copy of Saltzer and Schroeder's principles as well? :)

On Wed, Feb 26, 2014 at 7:40 AM, Peter Bernard Ladkin < ladkin_at_xxxxxx

> Apparently Apple doesn't perform any kind of static analysis on critical
> code. This in its SSL certificate-checking library.
> http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next
>
> As the article points out, a simple automated reachability analysis would
> have highlighted the anomaly. Note that it has been out there in the open
> for a while - the code is open source.
>
> It` 's hard to believe. Does stuff like this happen in the safety-critical
> area to leading companies still?
>
> Very nice piece of tech reporting from the Guardian, though.
>
> PBL
>
> Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >

-- 
*Matthew Squair*
MIEAust CPEng

Mob: +61 488770655
Email: MattSquair_at_xxxxxx
Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>



_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Wed Feb 26 2014 - 05:00:54 CET

This archive was generated by hypermail 2.3.0 : Sat Feb 16 2019 - 08:17:06 CET