[Cryptography] GnuTLS -- time to look at the diff.

dan at geer.org dan at geer.org
Fri Mar 7 17:03:29 EST 2014

 > It really is all about the errors.  And the answer to this is style ---
 > establishing a set of practices that best works with the language you
 > are stuck with, and best allows the flow of errors.

slight detour: I remember once reading that good code
had, in round numbers, 40% of its volume in error
handling.  Can't remember where I read it, but I asked
one of the big static analysis firms if they had any
data.  They didn't, but thought that going forward
they could.  It would be an interesting figure to be
sure.  If anyone has data, I'd be pleased to hear about
it and/or hear some measure of spread for that number
across large systems in common use.


More information about the cryptography mailing list