[SystemSafety] OpenSSL Bug
Chris Hills
safetyyork at phaedsys.com
Tue Apr 15 10:09:31 CEST 2014
On Behalf Of Peter Bernard Ladkin
On 14 Apr 2014, at 22:43, "Martin Pugh" <martin.pugh at blueyonder.co.uk> wrote:
I take my hat off to the open source community for their efforts.
Me too in general. But it's a problem that we can't seem to persuade them to use established high-reliability programming methods for code for which high reliability is essential.
PBL
[CAH] I have to agree with PBL. In another place discussing MISRA-C and Static analysis the Open Source members of the group refused to used static analysis and MISRA-C because the static analysis tools were not FOSS or free* and MISRA-C was not Free.
*I have since discovered there are several FOSS static analysis tools.
I repeatedly get told by FOSS people that if MISRA-C was a serious tool “we”(?) would give it to “them” (?) for free. Also they can’t do a FOSS MISRA-C checker because they want to quote all the MISRA-C rules in their checker without paying for a license to do so. I was discussing this earlier this week at a conference and the main thrust of the discussion was how to avoid the 15 GBP cost of a copy of MISRA-C and how to use all the rules for free.
When I pointed out that all they had to do was list the rule numbers and then users could refer to their copy of MISRA-C this was seen as unacceptable as the users should not have to spend 15GBP on the MISRA-C standard….
Apparently using anything you pay for is not permitted for FOSS on religious grounds.
NOTE: To make any sense of MISRA-C you really need the whole document not just the headline rules.
I have found this sort of thinking re Open Source far more prevalent than any form of Good Practice. Let alone Best Practice.
OTOH I understand the use of static analysis in commercial Sw may have as much as 25% penetration! So the commercial world is not much better and they don’t have the excuse of their Religion. J
Regards
Chris Hills
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140415/6737d5a5/attachment.html>
More information about the systemsafety
mailing list