[SystemSafety] Fwd: Re: OpenSSL Bug
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Thu Apr 10 22:25:49 CEST 2014
A little more on part of my last.
On 2014-04-10 21:19 , Peter Bernard Ladkin wrote:
> On 2014-04-10 21:06 , Derek M Jones wrote:
>> There is no discontinuity that distinguishes weak/strong typing, it is
>> a continuum. Good luck reaching general agreement on where to draw
>> the line.
Oh, there are obvious ways. Suppose we made it a crime, punishable by hanging, drawing and
quartering, to release in any form for use by the public code that is not "type-conform".
I bet we would agree, in a one-day convention for professional SW engineers, what "type-conform"
means. Firmly.
After all, two of Britain's Turing Award winners have contributed to the design of practical
programming languages that were explicitly, rigorously type-conform. It can't be that hard. We can,
after all, as a society more or less agree on what counts as accessory to murder, even if helping a
loved one to fulfil a wish to die is a very difficult boundary case.
The confidential financial information of a large proportion of the British population has just been
declared as compromised. This is just one of the consequences. If we computer scientists are lucky,
the majority will shrug their shoulders at this, as before. But one day they'll receive their credit
card statements, and there will be millions of them, and they'll all see obvious evidence of fraud.
How much provocation do you think it will take before, say, the government of the day decides to
intervene? How much confidence do you have that Oxford's best PPE graduates will be able to decide
better than computer scientists what "type conform" consists in, and make it a crime to supply code
that is not so conform?
Isn't it far better for us computer scientists to agree what "type conform" means, to admit that
non-type-conform SW has caused endless problems, and to demonstrate progress in addressing the
scourge of non-type-conformity before the politicians decide to intervene?
PBL
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list