[Nottingham] Heatbleed XKCD

Roger Light roger at atchoo.org
Fri Apr 11 21:06:30 UTC 2014

Hi Martin,

> If only we had machines that could easily do some of the things that humans often get wrong - array bounds checking for example.
> Why don't we have languages yet that do that for us?

You're right, but actually I don't think that's the important point.
Yes, it would've saved us here, but the problem from what I've seen is
a poor attitude in the openssl team. Proper automated testing of this
crucial *security* project would've found the bug. They don't do that.
They barely document anything. Exactly the opposite of what you want.
Good testing is still extremely important even if using a language
with bounds checking.



More information about the Nottingham mailing list