Heartbleed and static analysis
Paolo Invernizzi
paolo.invernizzi at no.address
Sun Apr 13 01:55:53 PDT 2014
On Saturday, 12 April 2014 at 18:36:19 UTC, Marco Leise wrote:
> Am Fri, 11 Apr 2014 09:59:45 +0000
> schrieb "Chris" <wendlec at tcd.ie>:
>
>> In a way it's scary how vulnerable software we rely on still
>> is. I cannot claim that my software is immune to attacks, but
>> where security is crucial, one would expect self-critical
>> scrutiny rather than complacency. But we're all only human.
>
> +1. My naive assumption was that something like SSH is
> implemented once and then bugs are fixed, so it can only ever
> become safer. I found it astounding that this library was
> totally sane only 2 years ago. One innocent commit is all it
> took and it can happen again for any software, any time.
> If crackers keep their eyes open they _will_ find their next
> backdoor.
I don't remember if this has been already posted here in the
forum, but I think that this rant of Theo de Raadt about
heartbleed is _very_ interesting.
http://article.gmane.org/gmane.os.openbsd.misc/211963
TBW, I agree with him: it's not a matter of scrutiny or a matter
of being human, and the post clarify this very well.
More information about the Digitalmars-d
mailing list