|
|
|
|
|
|
by brians
4447 days ago
|
|
|
In some sense, yes, the special free list caused it.
In another sense, the missed bounds check caused it.
In a third sense, the lack of proofs of safety, or informal code review process, "caused" it---that one's harder for me to argue. My own preferred sense is that mixing network code with soft real time performance requirements with crypto in a single library, single process, all in C---maybe that caused it, and will cause problems for any channel-oriented crypto network system. Imagine trying to mix GnuPG with high performance networking! Boom. My preferred tools for thinking about what causes accidents like this are Leveson's systems-oriented frameworks, explained in Engineering a Safer World. The text is available free from MIT Press, I believe. If you're responsible for the safety of a planetary computer system, you should read it and it's principal competitors. And if you do, Akamai Infosec is hiring. |
|
|