[Nottingham] Heatbleed XKCD
Roger Light
roger at atchoo.org
Fri Apr 11 21:06:30 UTC 2014
Hi Martin,
> If only we had machines that could easily do some of the things that humans often get wrong - array bounds checking for example.
>
> Why don't we have languages yet that do that for us?
You're right, but actually I don't think that's the important point.
Yes, it would've saved us here, but the problem from what I've seen is
a poor attitude in the openssl team. Proper automated testing of this
crucial *security* project would've found the bug. They don't do that.
They barely document anything. Exactly the opposite of what you want.
Good testing is still extremely important even if using a language
with bounds checking.
Cheers,
Roger
More information about the Nottingham
mailing list