[SystemSafety] OpenSSL Bug

From: Peter Bernard Ladkin < >
Date: Thu, 10 Apr 2014 20:34:22 +0200


This is a massive security breach. People tell me, the biggest ever.

The only thing which it seems to me reasonable to do is:
* to cross my fingers and hope I'm too small fry;

For want of a bounds check. In a C program.

There are people here who have defended the use of the programming language C. Shame on you. Yes, there are tools; there are reliable tools to check whether C programs adhere to strong-typing principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE UP TO NOW TRUSTED. In other words, you were lying to us about "good practice" amongst "SW developers" using C.

Isn't it time we passed laws - one in Britain, one in Germany, a European Mandate, one in the US, one in Canada, one in <insert sensible-country name>, to require the use of reliably-strongly-typed languages in critical SW? I'm sure Dennis would sign up, were he still to be alive.

Isn't it time we started a serious, when necessary aggressive, campaign against this kind of software malpractice?

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Apr 10 2014 - 20:34:32 CEST

This archive was generated by hypermail 2.3.0 : Fri Feb 22 2019 - 15:17:06 CET