You are viewing a single comment's thread from:

RE: A brief analysis and discussion on formalist vs intuitionist programming factions in the crypto community.

in #crypto-news9 years ago

In specific the consensus on heartbleed is that it was caused by lack of bounds checking. This would indicate that language security may have prevented heartbleed from happening. This doesn't mean mistakes cannot be made but it only means it's much harder to make them with certain languages.

My point by bringing up heartbleed is to show that if you use a notoriously difficult language for secure programming like C or C++, and you do not take all possible efforts to make sure your code is correct, such as correct by construction, formal verification, and all sorts of blackbox testing, then it's a situation where perhaps the entire world has to have faith in the competency of in some cases thousands of different programmers. The statistics do not look good when you consider that it only takes one of them to slip a bug in either deliberately or by accident.

References
https://en.wikipedia.org/wiki/Bounds_checking
https://news.ycombinator.com/item?id=7548991

9 years ago in #crypto-news by
$0.00
    Reply 0
    Sort:  
  • Trending