[Discuss] AeroFS

Richard Pieri richard.pieri at gmail.com
Sun Apr 20 13:42:20 EDT 2014


Mike Small wrote:
> So you're left with only black box testing. No static analysis tools, no
> runtime memory debuggers, no discussing the problem and the general code
> quality in public forums, no forking the project and trimming the awful
> 300,000 lines down to something more manageable with the "exploit
> mitigation countermeasures" removed (

None of these told us about the Heartbleed flaw in OpenSSL. As a matter 
of fact, it was Codenomicon attacking their own servers that lead to the 
world-wide revelation. Black box testing worked where open source 
philosophy utterly, completely, catastrophically failed.

-- 
Rich P.



More information about the Discuss mailing list