Re: [SystemSafety] OpenSSL Bug

From: Peter Bernard Ladkin < >
Date: Mon, 14 Apr 2014 22:56:44 +0200

> On 14 Apr 2014, at 22:43, "Martin Pugh" <martin.pugh_at_xxxxxx >
> Comparing OpenSSL rev 1.0.1 f and g (fixed) .........
> This corrects an implementation error which didn't meet the requirement i.e. RFC6520 sec 4 as the comment says.

So you are saying that a specific requirement was unfulfilled by Rev 1.0.1f.

> All this argument about languages, type checking, array bounds checking etc is irrelevant in this particular instance.

How does that follow?

If the requirement would automatically have been fulfilled if a particular technology had been used, how can it follow that that technology is "irrelevant in this particular case"?

> I take my hat off to the open source community for their efforts.

Me too in general. But it's a problem that we can't seem to persuade them to use established high-reliability programming methods for code for which high reliability is essential.

PBL Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Apr 14 2014 - 22:56:56 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST