openssl version - how to verify
RW
rwmaillists at googlemail.com
Sat Nov 20 13:28:55 UTC 2010
On Sat, 20 Nov 2010 00:08:35 -0500
Eitan Adler <lists at eitanadler.com> wrote:
> On Fri, Nov 19, 2010 at 4:36 PM, Jerry <freebsd.user at seibercom.net>
> wrote:
> > On Fri, 19 Nov 2010 15:08:26 -0600
> > Adam Vande More <amvandemore at gmail.com> articulated:
> >
> >> While I agree with your point in this context, the statement "The
> >> number of _UNDISCOVERED_ bugs, on the other hand, is an infinite
> >> one." is false.
> >>
> >> http://www.unsw.edu.au/news/pad/articles/2009/sep/microkernel_breakthrough.html
> >
> > It was later discovered that the software used to certify the kernel
> > 100% bug-free was not itself bug-free thereby nullifying results.
>
> The paper "Diverse Double-Compiling" by David A Wheeler is relevant
> although not strictly the same topic. It could be used to avoid this
> type of issue.
Even if it works it's only proving that at some level of abstraction
the implementation matches a formal specification, there's still scope
for higher and lower level bugs.
But just because something is unknown doesn't mean it's infinite.
More information about the freebsd-questions
mailing list