bumper sticker slogan for secure software

[fw at deneb.enyo.de (Florian Weimer)]

* Pascal Meunier:

> Also, writing it twice with different languages, especially at different
> levels of abstraction, makes it less likely that the same bugs will appear
> in both.

Algorithmic issues such as denial of service attacks through
unbalanced binary trees or hash table collisions are pretty
independent of the programming language and have been observed in many
incarnations.

If you implement the same protocol, it's likely that you end up with
similar bugs.  The DNS compression loop bug was reinvented many times.
The fundamental mismatch in OpenPGP between key certification (key
plus user ID) and key usage (just the key alone) affected many
independently developed implementations.  Chrome spoofing is
ubiquitous in web browsers.  

Most things in this list are implemented in C or C++, but the problems
are at such a high level that it's unlikely that a different choice of
wildly different programming language would make a huge difference.
If you look at lower-level bugs, such as buffer overflows, I hope that
nobody still thinks that multiple code versions help -- just look at
the long list (even after discounting direct code copies) of botched
ASN.1 decoders.

Some protocols are extremly hard to implement correctly, I'm afraid.
(And not all protocols are unnecessarily complex.)