Re: [SystemSafety] OpenSSL Bug

From: David MENTRÉ < >
Date: Fri, 11 Apr 2014 21:59:13 +0200


2014-04-11 18:07, Patrick Graydon:
> But some basic analyses, coding precautions, and testing of forms
> that were standard for other critical software decades ago doesn’t
> strike me as particularly unreasonable considering the massive
> potential for damage.

Except that safety critical software are designed for such analyses and testing, with the minimal set of needed functions in mind, coding made to make review and testing easier, etc.

Software like openSSL are not developed with this mind set, they have a lot of functions, some to answer new usages like this heartbeat feature or even marginal uses. This is precisely because they have so many features that they are preferred over others similar software like PolarSSL. In other words, functionality prevails over other criteria like correctness or security (to a certain extent, of course).

> In short, this was a predictable threat and a known form of attack
> and could have been prevented with techniques that were clearly
> warranted given what was known about risk. There is zero excuse for
> not employing those techniques.

Yes, one could criticize the OpenSSL developers for not using preventive design and coding approach that would avoid catastrophic consequences, when such an expected issue occurs.

But one could also criticize Apple or Google, which do have a lot of money, to blindly use such library that are not properly designed. They have the money, they have the choice to use the software or not, why are they acting like this?

Like others have said on this list, those companies only care about ROI and money returned to owners and shareholders. They don't care at all about security[1] and safety, and such issues are going to occur over and over until states and laws force them not to do so.

And even if such companies are willing to take those issues seriously, making a complete assessment (with aeronautics or railway meaning) of complex software like OpenSSL is a major engineering task that nobody has even considered.

Additional comments regarding this thread:

Sincerely yours,

[1] I am not fair to Google in the heartblead case: the issue was independently identified by one of Google security researcher. But it took more that two years (December 2011 to April 2014) to find it.

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Apr 11 2014 - 21:59:29 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 13:17:06 CEST