[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MIT discovered issue with gcc

On Sat, Nov 23, 2013 at 4:52 PM, Jann Horn wrote:
> On Sat, Nov 23, 2013 at 08:14:34AM -0500, Brad Alexander wrote:
>> Any program at a level not very much above Hello World
>> in the language of your choice is likely to have bugs.
> Isn't that a bit extreme? I think that a good programmer who seriously
> tries to code carefully should be able to implement something like an FTP
> server with 90% certainty that there are no bugs. Not a complicated one
> with a ton of features, but a simple one should IMO be doable.

The history of software development has, so far, shown the opposite.
Any non-trivial program, regardless of the skill of the coder, will
have flaws; including a simple ftp server.   There are multiple tftp
(trivial ftp) implementations, all of which have had CVE ids issued at
some point.

Best wishes,

Reply to: