[SystemSafety] OpenSSL Bug

Chris Hills safetyyork at phaedsys.com
Fri Apr 11 12:37:54 CEST 2014


C is not the problem.
The way C is taught and used is the problem. 

If C was taught, like ADA as part of a SW Engineering (not "programming" or
"coding") in a culture of high reliability with the correct tools and
process  it would be fine. 

Static analysis, well the first lint, was invented by Johnson (on the K&R
team) before they had even finished launching C in the 1970's. Yet it is
only recently as many as 20% of C programmers use static analysis.     
The 20% is straw polls from several sources across UK and USA. I think the
20% is an improvement on the past :-( 

Even with those who phone me for "MISRA-C Checkers", because they "have to
do MISRA", many just want a MISRA-C checker. They don't see the need for a
static analyser!   We should have stipulated in MISRA-C that you must use
MISRA-C with a static analyser.

However the fact that there are very many critical systems programmed in C
that are performing correctly (so far :-) shows that *properly used* C is
safe...  It is just that so few use it properly. 

The worry is that in the UK the government want to generate more "coders"
(the new buzz word). 

It is going to get worse before it gets better.  

Regards
 Chris

-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Peter Bernard Ladkin
Sent: 10 April 2014 19:34
To: systemsafety at techfak.uni-bielefeld.de
Subject: [SystemSafety] OpenSSL Bug

This is a massive security breach. People tell me, the biggest ever.

The only thing which it seems to me reasonable to do is:
* to cross my fingers and hope I'm too small fry;
* to wait for my bank to tell me my credit cards may have been compromised,
and replace them;
* to change the passwords I have for a few hundred WWW sites; as well as the
- to anyone with access to more than a couple - obvious pattern with which I
generated them.

For want of a bounds check. In a C program.

There are people here who have defended the use of the programming language
C. Shame on you. Yes, there are tools; there are reliable tools to check
whether C programs adhere to strong-typing principles. Etc. AND THEY WERE
NOT USED BY PEOPLE WHOM I HAVE UP TO NOW TRUSTED. In other words, you were
lying to us about "good practice" amongst "SW developers" using C.

Isn't it time we passed laws - one in Britain, one in Germany, a European
Mandate, one in the US, one in Canada, one in <insert sensible-country
name>, to require the use of reliably-strongly-typed languages in critical
SW? I'm sure Dennis would sign up, were he still to be alive.

Isn't it time we started a serious, when necessary aggressive, campaign
against this kind of software malpractice?

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld,
33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de




_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE



More information about the systemsafety mailing list