[SystemSafety] Static Analysis

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Tue Feb 25 21:40:54 CET 2014


Apparently Apple doesn't perform any kind of static analysis on critical code. This in its SSL certificate-checking library. http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next

As the article points out, a simple automated reachability analysis would have highlighted the anomaly. Note that it has been out there in the open for a while - the code is open source.

It`'s hard to believe. Does stuff like this happen in the safety-critical area to leading companies still? 

Very nice piece of tech reporting from the Guardian, though. 

PBL

Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited


More information about the systemsafety mailing list