[SystemSafety] Static Analysis
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Tue Feb 25 21:40:54 CET 2014
Apparently Apple doesn't perform any kind of static analysis on critical code. This in its SSL certificate-checking library. http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next
As the article points out, a simple automated reachability analysis would have highlighted the anomaly. Note that it has been out there in the open for a while - the code is open source.
It`'s hard to believe. Does stuff like this happen in the safety-critical area to leading companies still?
Very nice piece of tech reporting from the Guardian, though.
PBL
Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
More information about the systemsafety
mailing list