From: "Nasser M. Abbasi" <nma@12000.org>
Subject: Re: OpenSSL development (Heartbleed)
Date: Sat, 19 Apr 2014 10:06:24 -0500
Date: 2014-04-19T10:06:24-05:00 [thread overview]
Message-ID: <liu3dc$svl$1@speranza.aioe.org> (raw)
In-Reply-To: -OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com
On 4/19/2014 9:31 AM, Alan Browne wrote:
>
> Good article in the NYT:
>
> http://www.nytimes.com/2014/04/19/technology/heartbleed-highlights-a-contradiction-in-the-web.html?ref=business
>
Ok, I read the article. The main point seems to
blame lack of funding from corporation that use
OpenSSL which is developed as open source by
volunteers.
Some student submitted a patch on eve of 2011
with the bug. The patch was "vetted" by a more
senior developer later on, And so now we have it.
I do not see anywhere, how is regression testing is
done in this picture. Is there is lab full of networks
and computers used to run thousands of regression
tests each time a new software update is made? What
was the result of these regression tests at that time?
Where is the report on that? The problem seems to
be with lack of test coverage and weak testing
methodology used. May be due to lack of resourcesm
or for other reasons.
Yes, big companies need to donate more money to
openSSL, but also testing should be improved.
Other than the problem with using C, more internal
testing is needed by open source developers. (Even more,
since they use C, and not Ada :).
--Nasser
next prev parent reply other threads:[~2014-04-19 15:06 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-19 14:31 OpenSSL development (Heartbleed) Alan Browne
2014-04-19 15:06 ` Nasser M. Abbasi [this message]
2014-04-19 15:41 ` Alan Browne
2014-04-19 15:36 ` Georg Bauhaus
2014-04-19 16:00 ` Yannick Duchêne (Hibou57)
2014-04-19 16:34 ` Georg Bauhaus
2014-04-19 17:06 ` Yannick Duchêne (Hibou57)
2014-04-19 19:13 ` Georg Bauhaus
2014-04-19 20:39 ` Yannick Duchêne (Hibou57)
2014-04-19 19:42 ` Alan Browne
2014-04-21 23:51 ` Randy Brukardt
2014-04-22 15:20 ` G.B.
2014-04-22 16:33 ` Dmitry A. Kazakov
2014-04-22 16:57 ` Simon Clubley
2014-04-22 19:53 ` Dmitry A. Kazakov
2014-04-22 20:49 ` Yannick Duchêne (Hibou57)
2014-04-23 5:38 ` Natasha Kerensikova
2014-04-23 7:30 ` Dmitry A. Kazakov
2014-04-23 7:40 ` Natasha Kerensikova
2014-04-23 8:04 ` Dmitry A. Kazakov
2014-04-23 8:20 ` Georg Bauhaus
2014-04-23 7:42 ` Egil H H
2014-04-23 8:06 ` Georg Bauhaus
2014-04-19 16:06 ` Alan Browne
2014-04-19 16:42 ` Georg Bauhaus
2014-04-19 16:59 ` Georg Bauhaus
2014-04-19 19:12 ` Alan Browne
2014-04-19 20:20 ` Georg Bauhaus
2014-04-19 20:53 ` Alan Browne
2014-04-19 21:10 ` [OT] OpenBSD, was: " Simon Clubley
2014-04-19 21:53 ` Alan Browne
2014-04-19 22:15 ` Nasser M. Abbasi
2014-04-19 22:34 ` Alan Browne
2014-04-20 8:17 ` Georg Bauhaus
2014-04-20 16:49 ` Alan Browne
2014-04-22 12:18 ` G.B.
2014-04-19 15:47 ` Yannick Duchêne (Hibou57)
2014-04-19 16:21 ` Alan Browne
2014-04-19 16:46 ` Georg Bauhaus
2014-04-19 19:22 ` Alan Browne
2014-04-19 20:33 ` Georg Bauhaus
2014-04-19 21:10 ` Alan Browne
2014-04-19 16:50 ` Yannick Duchêne (Hibou57)
2014-04-19 19:25 ` Alan Browne
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox