[Cryptography] one last thought for today on formal methods...
ianG
iang at iang.org
Mon Jun 9 06:00:38 EDT 2014
On 9/06/2014 00:18 am, Perry E. Metzger wrote:
> The fact that a serious security flaw in OpenSSL was found using
> formal methods almost certainly means that, if they aren't using them
> already, the bad guys, including various nation-states, will be using
> formal methods across the board to look for vulnerabilities in
> software going forward.
>
> It would be a great shame if the good guys were not also using them
> across the board to close such holes.
>
> I really encourage everyone to learn about the state of the art.
What in practical managerial terms would be a recipe for achieving that?
I mean in words like read this book/ do this masters/ download this code...
> Things are not like they were in 1985 -- formal verification is no
> longer an infeasible pipe dream, and far too many people are still
> unaware of how far the technology has come in the last couple of
> decades.
>
>
> Perry
>
iang
More information about the cryptography
mailing list