It is well past time for laws that require all mission-critical software to have publicly published source code. Flying planes, driving cars, and using voting machines whose software hasn't been publicly analyzed is a dangerous (and deadly) policy choice. https://www.bloomberg.com/news/articles/2019-06-28/boeing-s-737-max-software-outsourced-to-9-an-hour-engineers …
-
-
This Tweet is unavailable.
-
Literally that very thing would have been discovered if the source code was public. Everyone would have known they dd that, and more importantly, they probably _wouldn't_ have tried to do that if they knew that everyone would see that as soon as the code was made public.
- Show replies
-
-
-
I think you overestimate that effect. Just look at the history of OpenSSL bugs, lots of silly little mistakes that are easy to spot once you know about them, the problem is that they are hidden in a mountain of code. Finding the bugs is real hard labour.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I half agree. It shouldn't be public, but should be made available to an independent panel consisting of peers in the field. Sharing always has problems though, whether that's because of IP or because of restrictions like ITAR.
-
Also, in most cases the software for the control laws is not hand-written, it's autogenerated from qualified modelling tools such as SCADE or Simulink; and development follows DO-178C/DO-331, which requires full traceability up to the original requirements.
End of conversation
New conversation -
-
-
I think you’re super right. But also, would publicly publishing code allow people to find vulnerabilities and exploit them as well? Or do you think this would not be a huge concern, or they would be found, pointed out, and fixed faster?
-
I think it is safe to assume that anything high value enough for people to want to exploit it, black hats somewhere already have that code, either through industrial espionage or infiltration. Relying on "security through obscurity" for critical infrastructure is not good enough.
End of conversation
New conversation -
-
-
At the same time, the consensus on what is good code is very partial and leans towards considering good what's actually the worst code
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.