| |||||||||||||
Bad for OSS/FS? Certainly no evidence that proprietary will save us!Bad for OSS/FS? Certainly no evidence that proprietary will save us!Posted Sep 18, 2003 1:41 UTC (Thu) by jtc (subscriber, #6246)In reply to: Bad for OSS/FS? Certainly no evidence that proprietary will save us! by proski Parent article: Remotely exploitable sendmail vulnerability
There are methods for formal software verification of software against the specification. And there are languages that provide advanced features to support formal verification, such as Eiffel, with its unique programming-by-contract mechanism. Unfortunately, most developers, even very skilled and talented ones, tend to be set in their ways and would often rather stick with the tools they're used to rather than look for something that may be more effective for the job at hand.
(Log in to post comments)
Bad for OSS/FS? Certainly no evidence that proprietary will save us! Posted Sep 18, 2003 3:03 UTC (Thu) by arcticwolf (guest, #8341) [Link] Unfortunately, though, verifying (and proving) that the source code of a program is correct is not enough, though; you also need to verify both the source *and* the machine code of the compiler being used if you definitely want to be on the safe side. There was an interesting demonstration of this a couple of years ago; I don't recall who it did anymore right now, but with a bit of Googling, it should be possible to find out.
Bad for OSS/FS? Certainly no evidence that proprietary will save us! Posted Sep 18, 2003 15:31 UTC (Thu) by proski (subscriber, #104) [Link] True, but that's the easier part. Verification of logic is much harder than checks to prevent deliberate contamination of the toolchain.
|
|||||||||||||