Re: [SystemSafety] OpenSSL Bug

From: Chris Hills < >
Date: Fri, 11 Apr 2014 11:37:54 +0100

C is not the problem.
The way C is taught and used is the problem.

If C was taught, like ADA as part of a SW Engineering (not "programming" or "coding") in a culture of high reliability with the correct tools and process it would be fine.

Static analysis, well the first lint, was invented by Johnson (on the K&R team) before they had even finished launching C in the 1970's. Yet it is only recently as many as 20% of C programmers use static analysis. The 20% is straw polls from several sources across UK and USA. I think the 20% is an improvement on the past :-(

Even with those who phone me for "MISRA-C Checkers", because they "have to do MISRA", many just want a MISRA-C checker. They don't see the need for a static analyser! We should have stipulated in MISRA-C that you must use MISRA-C with a static analyser.

However the fact that there are very many critical systems programmed in C that are performing correctly (so far :-) shows that *properly used* C is safe... It is just that so few use it properly.

The worry is that in the UK the government want to generate more "coders" (the new buzz word).

It is going to get worse before it gets better.


-----Original Message-----
From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Peter Bernard Ladkin
Sent: 10 April 2014 19:34
To: systemsafety_at_xxxxxx Subject: [SystemSafety] OpenSSL Bug

This is a massive security breach. People tell me, the biggest ever.

The only thing which it seems to me reasonable to do is:
* to cross my fingers and hope I'm too small fry;

For want of a bounds check. In a C program.

There are people here who have defended the use of the programming language C. Shame on you. Yes, there are tools; there are reliable tools to check whether C programs adhere to strong-typing principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE UP TO NOW TRUSTED. In other words, you were lying to us about "good practice" amongst "SW developers" using C.

Isn't it time we passed laws - one in Britain, one in Germany, a European Mandate, one in the US, one in Canada, one in <insert sensible-country name>, to require the use of reliably-strongly-typed languages in critical SW? I'm sure Dennis would sign up, were he still to be alive.

Isn't it time we started a serious, when necessary aggressive, campaign against this kind of software malpractice?

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Apr 11 2014 - 12:38:26 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST