[SystemSafety] OpenSSL Bug

Dewi Daniels ddaniels at verocel.com
Thu Apr 10 23:21:12 CEST 2014


Derek M. Jones wrote:

> Why pick on C?

Because OpenSSL was written in C?

> Incidentally there is almost no empirical evidence for the benefits of
using a language having stronger typing.  There are a few studies using
students on really small problems. 
> Pointers to good studies welcome.

How about Andy German's paper on "Software Static Code Analysis Lessons
Learned"?

http://www.crosstalkonline.org/storage/issue-archives/2003/200311/200311-Ger
man.pdf

"Table 1 shows that the poorest language for safety-critical applications is
C with consistently high anomaly rates. The best language found is SPARK
(Ada), which consistently achieves one anomaly per 250 software lines of
code".

Yours,
 
Dewi Daniels | Managing Director | Verocel Limited
Direct Dial +44 1225 718912 | Mobile +44 7968 837742 | Email
ddaniels at verocel.com
 
Verocel Limited is a company registered in England and Wales. Company
number: 7407595. Registered office: Grangeside Business Support Centre, 129
Devizes Road, Hilperton, Trowbridge, United Kingdom BA14 7SZ




More information about the systemsafety mailing list