review.heartbleedx519_0

Heartbleed Reminded Us that Coders Aren’t Perfect. So Call in the Automated Inspectors. | MIT Technology Review

Heartbleed Reminded Us that Coders Aren’t Perfect. So Call in the Automated Inspectors. | MIT Technology Review.

Where Simson L. Garfinkel explains that any software implementation is inherently unsecure. For instance Heartbleed, the bug within SSL, terrorized the Internet community earlier this year. The main issue was related with the C language Heartbleed was written into. The flow was in a ‘goto’ statement.The ‘many eyes’ theory states that if code is open source, many people review it and therefore it is secured against ill written code (including security issues). Even this theory is not enough because Heartbleed was open source. Instead Garfinkel advocates using C# and Java and automated testing.

What is your opinion?