Recoverability, Prevention, and the OpenSSL Bug
The MIT Technology Review succinctly describes the impact of a recently discovered programming error in an OpenSSL library:
two changed lines of code have created profound security vulnerabilities in at least four different open-source operating systems, 25 different application programs, and millions of individual computer systems on the Internet. And even though the vulnerability was discovered on May 13 and a patch has been distributed, installing the patch doesn't repair the damage to the compromised systems. What's even more alarming is that some computers may be compromised even though they aren't running the suspect code.
There are a number of points in the history of this incident that we can point to and say "if only ...", i.e. if only the programmers didn't comment out a piece of code they didn't understand, if only the original programmers had commented clearly the importance of code that was intentionally designed to not follow common practice of initializing memory, if only there had been more code review, and on and on ...
This incident is a good example of the complexity of commonly used systems is beyond the understanding of any individual and even small groups of individuals, the limitations of tools we use (like code analysis tools) and our lack of awareness of these limitations.
Sure, we can point out how one change here or there would have prevented this problem. That won't change the fundamental problem and it won't prevent the next such incident. Resilience and recoverability are sometimes more important the prevention.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
