[openssl-users] Initialising OpenSSL more than once - how do we handle this?
martygalyean at gmail.com
Mon Jul 30 17:17:39 UTC 2018
On 07/30/2018 12:52 PM, Jordan Brown wrote:
> Because a zero-leaks policy is a lot easier to manage than having to
> make a judgement call on each leak whether or not it's important, and
> having to filter out "unimportant" leaks when you're trying to find
> out whether you've introduced any "important" leaks.
> Maybe the test suite only caused the program to leak one buffer, but
> that doesn't tell you whether a real workload (or a malicious
> workload) will leak gigabytes.
> Jordan Brown, Oracle Solaris
So much has changed in programming culture over the decades for me to be
able to call it "engineering" any more. Too much code equivalents of
duct tape, chewing gum, and kite string holding things together out
there and so many consider that normal and ok. I never thought I'd see
the day that someone would have to defend not leaking memory in pivotal
security code like openssl however
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users