Today's bugs have BRANDS? Be still my bleeding heart [logo]
Code-slinger Verity reviews the rash of groovy-named open-source security vulns
The Flensing of C
The Heartbleed fiasco and its antecedents have cast doubt on the famous golden ratio of eyeball to bug that open source allegedly offers.
Perhaps because I find cryptographic code deeply dull, I have always been sceptical of this claim. It seems to me that the only folks properly motivated to pore over the inner details of SSL are those naughtily looking for a vulnerabilities. Everybody else just mutters 'looks ok to me' and carries on squeezing their blackheads.
But now that I have myself invested nearly quarter of an hour of personal eyeball time with this supposedly well-inspected code, I have come to a different conclusion. No bug is shallow if it lives in a bug-camouflaging environment. It really is time that C was abandoned as the automatic choice for this work. Its use just sets up these failures.
OpenBSD is essaying a grand rewrite of OpenSSL called LibreSSL. They say their first task is to 'flense' the code. If this were to include using C++ to get a teensy bit of type safety, and stopping the antediluvian practice of depending on goto statements for resource protection, then I would overlook the ghastly verb flense in the expectation that our electronic secrets could enjoy a little more privacy in their cloudy nests. ®