Re: [SystemSafety] OpenSSL Bug

From: Martyn Thomas < >
Date: Thu, 10 Apr 2014 19:50:04 +0100


I agree. The processes used here don't pass the basic test to be called software engineering, but then almost no software development does.

What to do about it?

Martyn

On 10/04/2014 19:34, Peter Bernard Ladkin wrote:
> This is a massive security breach. People tell me, the biggest ever.
>
> The only thing which it seems to me reasonable to do is:
> * to cross my fingers and hope I'm too small fry;
> * to wait for my bank to tell me my credit cards may have been compromised, and replace them;
> * to change the passwords I have for a few hundred WWW sites; as well as the - to anyone with access
> to more than a couple - obvious pattern with which I generated them.
>
> For want of a bounds check. In a C program.
>
> There are people here who have defended the use of the programming language C. Shame on you. Yes,
> there are tools; there are reliable tools to check whether C programs adhere to strong-typing
> principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE UP TO NOW TRUSTED. In other words, you
> were lying to us about "good practice" amongst "SW developers" using C.
>
> Isn't it time we passed laws - one in Britain, one in Germany, a European Mandate, one in the US,
> one in Canada, one in <insert sensible-country name>, to require the use of reliably-strongly-typed
> languages in critical SW? I'm sure Dennis would sign up, were he still to be alive.
>
> Isn't it time we started a serious, when necessary aggressive, campaign against this kind of
> software malpractice?
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Apr 10 2014 - 20:50:18 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 18 2019 - 12:17:06 CEST