[SystemSafety] OpenSSL Bug
Dewi Daniels
ddaniels at verocel.com
Thu Apr 10 23:21:12 CEST 2014
Derek M. Jones wrote:
> Why pick on C?
Because OpenSSL was written in C?
> Incidentally there is almost no empirical evidence for the benefits of
using a language having stronger typing. There are a few studies using
students on really small problems.
> Pointers to good studies welcome.
How about Andy German's paper on "Software Static Code Analysis Lessons
Learned"?
http://www.crosstalkonline.org/storage/issue-archives/2003/200311/200311-Ger
man.pdf
"Table 1 shows that the poorest language for safety-critical applications is
C with consistently high anomaly rates. The best language found is SPARK
(Ada), which consistently achieves one anomaly per 250 software lines of
code".
Yours,
Dewi Daniels | Managing Director | Verocel Limited
Direct Dial +44 1225 718912 | Mobile +44 7968 837742 | Email
ddaniels at verocel.com
Verocel Limited is a company registered in England and Wales. Company
number: 7407595. Registered office: Grangeside Business Support Centre, 129
Devizes Road, Hilperton, Trowbridge, United Kingdom BA14 7SZ
More information about the systemsafety
mailing list