[SystemSafety] OpenSSL Bug

Chris Hills safetyyork at phaedsys.com
Tue Apr 15 10:09:31 CEST 2014 

 

 

On Behalf Of Peter Bernard Ladkin

On 14 Apr 2014, at 22:43, "Martin Pugh" <martin.pugh at blueyonder.co.uk> wrote:

I take my hat off to the open source community for their efforts.

 

Me too in general. But it's a problem that we can't seem to persuade them to use established high-reliability programming methods for code for which high reliability is essential.

PBL

 

[CAH] I have to agree with PBL.  In another place discussing MISRA-C and Static analysis the Open Source members of the group refused to used static analysis and MISRA-C because the static analysis tools were not FOSS  or free* and MISRA-C was not Free. 

 

*I have since discovered there are several FOSS static analysis tools. 

 

I repeatedly get told by FOSS people that if MISRA-C was a serious tool “we”(?) would give it to “them” (?)  for free.  Also they can’t do a FOSS MISRA-C checker because they want to quote all the MISRA-C rules in their checker without paying for a license to do so.  I was discussing this earlier this week at a conference and the main thrust of the discussion was how to avoid the 15 GBP cost of a copy of MISRA-C and how to use all the rules for free.  

 

When I pointed out that all they had to do was list the rule numbers and then users could refer to their copy of MISRA-C this was seen as unacceptable as the users should not have to spend 15GBP on the MISRA-C standard….

Apparently using anything you pay for is not permitted for  FOSS on religious grounds. 

 

NOTE: To make any sense of MISRA-C you really need the whole document not just the headline rules. 

 

I have found this sort of thinking re Open Source far more prevalent than any form of Good Practice. Let alone Best Practice.

 

OTOH I understand the use of static analysis in commercial Sw may have as much as 25% penetration!  So the commercial world is not much better and they don’t have the excuse of their Religion. J 

 

Regards

   Chris Hills

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140415/6737d5a5/attachment.html>

More information about the systemsafety mailing list