Re: [SystemSafety] OpenSSL Bug

From: Chris Hills < >
Date: Tue, 15 Apr 2014 09:09:31 +0100

   

On Behalf Of Peter Bernard Ladkin

On 14 Apr 2014, at 22:43, "Martin Pugh" <martin.pugh_at_xxxxxx

I take my hat off to the open source community for their efforts.  

Me too in general. But it's a problem that we can't seem to persuade them to use established high-reliability programming methods for code for which high reliability is essential.

PBL   [CAH] I have to agree with PBL. In another place discussing MISRA-C and Static analysis the Open Source members of the group refused to used static analysis and MISRA-C because the static analysis tools were not FOSS or free* and MISRA-C was not Free.  

*I have since discovered there are several FOSS static analysis tools.  

I repeatedly get told by FOSS people that if MISRA-C was a serious tool “we”(?) would give it to “them” (?) for free. Also they can’t do a FOSS MISRA-C checker because they want to quote all the MISRA-C rules in their checker without paying for a license to do so. I was discussing this earlier this week at a conference and the main thrust of the discussion was how to avoid the 15 GBP cost of a copy of MISRA-C and how to use all the rules for free.  

When I pointed out that all they had to do was list the rule numbers and then users could refer to their copy of MISRA-C this was seen as unacceptable as the users should not have to spend 15GBP on the MISRA-C standard….

Apparently using anything you pay for is not permitted for FOSS on religious grounds.  

NOTE: To make any sense of MISRA-C you really need the whole document not just the headline rules.  

I have found this sort of thinking re Open Source far more prevalent than any form of Good Practice. Let alone Best Practice.  

OTOH I understand the use of static analysis in commercial Sw may have as much as 25% penetration! So the commercial world is not much better and they don’t have the excuse of their Religion. J  

Regards

   Chris Hills  



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Apr 15 2014 - 10:09:55 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 18 2019 - 22:17:06 CEST