From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: OpenSSL development (Heartbleed)
Date: Tue, 22 Apr 2014 18:33:50 +0200
Date: 2014-04-22T18:33:50+02:00 [thread overview]
Message-ID: <19mxjybev4fc9.1fkxznem326v8$.dlg@40tude.net> (raw)
In-Reply-To: 535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net
On Tue, 22 Apr 2014 17:20:13 +0200, G.B. wrote:
> On 22.04.14 01:51, Randy Brukardt wrote:
>> "Georg Bauhaus" <rm-host.bauhaus@maps.futureapps.de> wrote in message
>> news:5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net...
>>> On 19/04/14 18:00, Yannick Duchêne (Hibou57) wrote:
>> ...
>>>> However you are more likely to get people sticking to good methods, give
>>>> time and energy for this, if they get something in return.
>>>
>>> Well, that again makes for a hypothesis that is so unspecific
>>> that it fits the same bill: correlation turned causal based on
>>> likelihood, ceteris paribus.
>>> E.g., what are the specifics in terms of work hours, pay, and
>>> project characteristics? Do we have control-group like evidence?
>>
>> I can give you a couple of data points:
>> First, the state of Ada standardization[...]
>
> Evidence, indeed!
> Now given ISO/IEC 27000, a family of standards revolving
> around security, and Heartbleed, what can anyone do to make
> standards effecive?
Properly designed standards, maybe? Let me ask a stupid question. What has
a transport level protocol to do with the application level's servers (and
clients)? If it really were a strictly transport level, no implementation
could leak data out of higher levels. Right?
> The money paid for the standardization of
> security procedures seems not to have affected the source code
> of one commercial security "procedure", OpenSSL.
> If Heartbleed is characteristic of paid standardization's
> actual outcome, then something is wrong somewhere.
You must have software market in first place. Anything which comes free has
no value. There is no market pressure to improve quality and functionality
because there is no liability either monetary or legal. Neither the model
of "intellectual property" nor the free software model is working to reach
these goals, in the sense of an optimization problem.
> Absurd, in fact.
Nothing absurd. If C is selected in the process over Ada, there is a reason
for this. And this reason (which is not lack of {} braces, as people used
to think) influences any SW developing as well. We see the fruits, more to
come...
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2014-04-22 16:33 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-19 14:31 OpenSSL development (Heartbleed) Alan Browne
2014-04-19 15:06 ` Nasser M. Abbasi
2014-04-19 15:41 ` Alan Browne
2014-04-19 15:36 ` Georg Bauhaus
2014-04-19 16:00 ` Yannick Duchêne (Hibou57)
2014-04-19 16:34 ` Georg Bauhaus
2014-04-19 17:06 ` Yannick Duchêne (Hibou57)
2014-04-19 19:13 ` Georg Bauhaus
2014-04-19 20:39 ` Yannick Duchêne (Hibou57)
2014-04-19 19:42 ` Alan Browne
2014-04-21 23:51 ` Randy Brukardt
2014-04-22 15:20 ` G.B.
2014-04-22 16:33 ` Dmitry A. Kazakov [this message]
2014-04-22 16:57 ` Simon Clubley
2014-04-22 19:53 ` Dmitry A. Kazakov
2014-04-22 20:49 ` Yannick Duchêne (Hibou57)
2014-04-23 5:38 ` Natasha Kerensikova
2014-04-23 7:30 ` Dmitry A. Kazakov
2014-04-23 7:40 ` Natasha Kerensikova
2014-04-23 8:04 ` Dmitry A. Kazakov
2014-04-23 8:20 ` Georg Bauhaus
2014-04-23 7:42 ` Egil H H
2014-04-23 8:06 ` Georg Bauhaus
2014-04-19 16:06 ` Alan Browne
2014-04-19 16:42 ` Georg Bauhaus
2014-04-19 16:59 ` Georg Bauhaus
2014-04-19 19:12 ` Alan Browne
2014-04-19 20:20 ` Georg Bauhaus
2014-04-19 20:53 ` Alan Browne
2014-04-19 21:10 ` [OT] OpenBSD, was: " Simon Clubley
2014-04-19 21:53 ` Alan Browne
2014-04-19 22:15 ` Nasser M. Abbasi
2014-04-19 22:34 ` Alan Browne
2014-04-20 8:17 ` Georg Bauhaus
2014-04-20 16:49 ` Alan Browne
2014-04-22 12:18 ` G.B.
2014-04-19 15:47 ` Yannick Duchêne (Hibou57)
2014-04-19 16:21 ` Alan Browne
2014-04-19 16:46 ` Georg Bauhaus
2014-04-19 19:22 ` Alan Browne
2014-04-19 20:33 ` Georg Bauhaus
2014-04-19 21:10 ` Alan Browne
2014-04-19 16:50 ` Yannick Duchêne (Hibou57)
2014-04-19 19:25 ` Alan Browne
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox