bumper sticker slogan for secure software

[pmeunier at cerias.purdue.edu (Pascal Meunier)]

On 7/20/06 3:11 PM, "Florian Weimer" <fw at deneb.enyo.de> wrote:

> * Pascal Meunier:
>
> > Also, writing it twice with different languages, especially at different
> > levels of abstraction, makes it less likely that the same bugs will appear
> > in both.
>
> Algorithmic issues such as denial of service attacks through
> unbalanced binary trees or hash table collisions are pretty
> independent of the programming language and have been observed in many
> incarnations.
>
> If you implement the same protocol, it's likely that you end up with
> similar bugs.  The DNS compression loop bug was reinvented many times.
> The fundamental mismatch in OpenPGP between key certification (key
> plus user ID) and key usage (just the key alone) affected many
> independently developed implementations.  Chrome spoofing is
> ubiquitous in web browsers.
>
> Most things in this list are implemented in C or C++, but the problems
> are at such a high level that it's unlikely that a different choice of
> wildly different programming language would make a huge difference.
> If you look at lower-level bugs, such as buffer overflows, I hope that
> nobody still thinks that multiple code versions help -- just look at
> the long list (even after discounting direct code copies) of botched
> ASN.1 decoders.
>
> Some protocols are extremly hard to implement correctly, I'm afraid.
> (And not all protocols are unnecessarily complex.)

It's obvious that if you just translate a bad, complicated algorithm or
protocol from one language to the next, they'll all be bad.  It remains that
sometimes when you make people say something stupid twice they catch on the
second time, especially during code reviews, because they re-express the
code using natural language.  That's why I said, "less likely".  It works
with some and not others.

Pascal