Flaws In People And Their Software

In comments about an article on a recently fixed vulnerability in GNU/Linux systems was this gem: “In my opinion the skill and dedication of those who write the software are the most important factors in preventing vulnerabilities, not the type of software license used.” That logic involves a peculiar disregard for human frailty. No matter how much dedication real people have or how much they are paid, humans make mistakes. Steve Ballmer was highly motivated and motivational yet he completely missed the boat on mobility.

The bug in question is obvious to anyone who looked at it yet it was embedded in highly complex code and for whatever reason, probably simple failure to test and/or writing A, thinking B when it should have been C… escaped into the wild. In systems where multiple human lives depend on many people doing the right thing it happens that a bunch of things go wrong at once and disaster results. This particular mistake required a lot of effort to exploit so it may never have been used even if a bad guy knew about it. Fortunately, there are far more good guys than bad guys out there. Still, it’s good as a wake-up call.

The comment, though, is false. Imagine how long that bug could have survived if the source code had not been available to gazillions of users… Better late than never.

See What you need to know about the GnuTLS Linux bug.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , . Bookmark the permalink.

2 Responses to Flaws In People And Their Software

  1. oiaohm says:

    Mind you there is a lot of buggy software out there.

    http://news.softpedia.com/news/Valve-Ask-Users-to-Disable-SELinux-to-Play-Portal-2-Linux-Community-Reacts-430985.shtml

    Yes portal has been caught using a mp3 engine doing very naughty things. Note that mp3 engine action works perfectly on Windows OS X and some Linux’s.

  2. oiaohm says:

    lets forget that openssl has had some big bugs as well. History of ssl library glitches is long. Yet people still come out and recommend hey this one is broken swap over to this other one it will be fixed. Sorry this is only temporary.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>