Re: [SystemSafety] OpenSSL Bug

From: Martyn Thomas < >
Date: Thu, 10 Apr 2014 19:50:04 +0100

I agree. The processes used here don't pass the basic test to be called software engineering, but then almost no software development does.

What to do about it?


On 10/04/2014 19:34, Peter Bernard Ladkin wrote:
> This is a massive security breach. People tell me, the biggest ever.
> The only thing which it seems to me reasonable to do is:
> * to cross my fingers and hope I'm too small fry;
> * to wait for my bank to tell me my credit cards may have been compromised, and replace them;
> * to change the passwords I have for a few hundred WWW sites; as well as the - to anyone with access
> to more than a couple - obvious pattern with which I generated them.
> For want of a bounds check. In a C program.
> There are people here who have defended the use of the programming language C. Shame on you. Yes,
> there are tools; there are reliable tools to check whether C programs adhere to strong-typing
> principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE UP TO NOW TRUSTED. In other words, you
> were lying to us about "good practice" amongst "SW developers" using C.
> Isn't it time we passed laws - one in Britain, one in Germany, a European Mandate, one in the US,
> one in Canada, one in <insert sensible-country name>, to require the use of reliably-strongly-typed
> languages in critical SW? I'm sure Dennis would sign up, were he still to be alive.
> Isn't it time we started a serious, when necessary aggressive, campaign against this kind of
> software malpractice?
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Apr 10 2014 - 20:50:18 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST