[SystemSafety] OpenSSL Bug

David MENTRE dmentre at linux-france.org
Wed Apr 16 15:32:56 CEST 2014


Hello,

Le 16/04/2014 13:23, Steve Tockey a écrit :
> No offense inferred, but thanks for pointing it out.

The same for me. I should have kept the classical "if (a == SUCCESS)" 
example. Another example: C language does not forces you to check the 
return value of a function (that might flag an error case). Most of 
other languages I know would force you to check it (or at least issue a 
warning).

> Besides, echoing this and Derek M. Jones' last post, I think this whole
> discussion is focusing on relatively minor issues and completely missing
> the big picture.
[...]
> the simple fact is that 83% of
> all defects exist before a single line of code was ever written. Why
> aren't we attacking the 83%, not the 7%???

Probably because the whole discussion started from a bug (in OpenSSL) 
that precisely lies in those 7%. :-)

More seriously, I would make the distinction between two kinds of 
approaches:

  1. People that produce software following the good practices you 
describe below, probably to satisfy DO-178C or EN 50128 standards. In 
such case, their error figures are probably in the above range (83% 
requirement + design, 7% code).

  2. People that produce software *without* following proper practices, 
probably like OpenSSL developers and most companies developing software 
in non-safety critical domain. In that case the coding errors are much 
more prevalent. And we are several people on this list to think that 
using better tool could help catch more of these errors. I do agree that 
following good practices could have similar effect, but the simple fact 
is that they are not doing it, probably due to lack of knowledge, time, 
money or because this is not a paid-for job. You might counter-argue 
that if they are not using good practices, they won't use static 
analysis tool neither. You might be right. ;-)

> A
> team with good requirements, design, and review practices can write good,
> safe code in any language, including C.

I agree.

Thus I have a practical question: suppose I have a company that lacks 
such good practices (at least for the review or safe coding rules one). 
I'm not a project manager, just a low level software engineer working on 
a given project. How can I help improve the development process to reach 
such level of good practices?

Sincerely yours,
david




More information about the systemsafety mailing list