[Cryptography] I don't get it.
Bill Frantz
frantz at pwpconsult.com
Wed Apr 16 03:04:58 EDT 2014
On 4/16/14 at 3:15 PM, l at odewijk.nl (Lodewijk andré de la
porte) wrote:
>Aside from this, yes: a code checker will help in many cases. But code
>checkers are not at all trivial, and they are no replacement for proper
>code review and writing code in such a way that review would expose errors.
>OpenSSL with only 1 reviewer definitely did not. Which is strange,
>considering how important the project is.
When you consider the number of Fortune 1000 companies who have
products which use OpenSSL, it is quite shameful the support
they give it. Should they now feel the urge to pitch in, funding
QA would be a good start.
Cheers - Bill
--------------------------------------------------------------
Bill Frantz | There are now so many exceptions to the
408-356-8506 | Fourth Amendment that it operates only by
www.pwpconsult.com | accident. - William Hugh Murray
More information about the cryptography
mailing list