Robert Pogson

One man, closing all the windows.

Flaws In People And Their Software


Flaws In People And Their Software

In comments about an article on a recently fixed vulnerability in GNU/Linux systems was this gem: “In my opinion the skill and dedication of those who write the software are the most important factors in preventing vulnerabilities, not the type of software license used.” That logic involves a peculiar disregard for human frailty. No matter how much dedication real people have or how much they are paid, humans make mistakes. Steve Ballmer was highly motivated and motivational yet he completely missed the boat on mobility.

The bug in question is obvious to anyone who looked at it yet it was embedded in highly complex code and for whatever reason, probably simple failure to test and/or writing A, thinking B when it should have been C… escaped into the wild. In systems where multiple human lives depend on many people doing the right thing it happens that a bunch of things go wrong at once and disaster results. This particular mistake required a lot of effort to exploit so it may never have been used even if a bad guy knew about it. Fortunately, there are far more good guys than bad guys out there. Still, it’s good as a wake-up call.

The comment, though, is false. Imagine how long that bug could have survived if the source code had not been available to gazillions of users… Better late than never.

See What you need to know about the GnuTLS Linux bug.


  1. oiaohm

    lets forget that openssl has had some big bugs as well. History of ssl library glitches is long. Yet people still come out and recommend hey this one is broken swap over to this other one it will be fixed. Sorry this is only temporary.

Leave a comment