From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: border2.nntp.dca3.giganews.com!backlog4.nntp.dca3.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!news.swapon.de!news.stack.nl!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!news.tele.dk!news.tele.dk!small.news.tele.dk!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Tue, 22 Apr 2014 17:20:13 +0200 From: "G.B." User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Message-ID: <535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 22 Apr 2014 17:20:00 CEST NNTP-Posting-Host: 71537896.newsspool3.arcor-online.net X-Trace: DXC=i9=cVVKVGEXa[7m_3nc\616M64>:Lh>_cHTX3j=dl]1o67ZDZ0 X-Complaints-To: usenet-abuse@arcor.de X-Original-Bytes: 2624 Xref: number.nntp.dca.giganews.com comp.lang.ada:185937 Date: 2014-04-22T17:20:00+02:00 List-Id: On 22.04.14 01:51, Randy Brukardt wrote: > "Georg Bauhaus" wrote in message > news:5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net... >> On 19/04/14 18:00, Yannick Duchêne (Hibou57) wrote: > ... >>> However you are more likely to get people sticking to good methods, give >>> time and energy for this, if they get something in return. >> >> Well, that again makes for a hypothesis that is so unspecific >> that it fits the same bill: correlation turned causal based on >> likelihood, ceteris paribus. >> E.g., what are the specifics in terms of work hours, pay, and >> project characteristics? Do we have control-group like evidence? > > I can give you a couple of data points: > > First, the state of Ada standardization[...] Evidence, indeed! Now given ISO/IEC 27000, a family of standards revolving around security, and Heartbleed, what can anyone do to make standards effecive? The money paid for the standardization of security procedures seems not to have affected the source code of one commercial security "procedure", OpenSSL. If Heartbleed is characteristic of paid standardization's actual outcome, then something is wrong somewhere. Absurd, in fact.