dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
376
DarkSithPro (banned)
join:2005-02-12
Tempe, AZ

DarkSithPro (banned)

Member

Newbie question about program and Operating System Security.

A lot of topics about 0-day OS, Browser exploits, and TLS security bugs and the rest. If you had an infinite amount of resources and the best programmers on the planet, is it even possible to make a program, or an Operating System 100% bug free? I know humans make mistakes all the time, but if the resources where available is 100% bug free software even a reality? Thanks...

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller

Premium Member

Short answer, probably not, at least not with current tools. There is research in mathematical ways to formally verify code (it can be done to an extent now). But ultimately code is written by humans using imperfect tools. Though we certainly can do a lot better than we are now.
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to DarkSithPro

Premium Member

to DarkSithPro
No.

The only way you'd get guaranteed correctness would be to treat programming as akin to mathematical proof. And note that mathematics is formally undecidable (which, by the way, was proven by a prototypical computer guy).

As far as I know (I'm a pragmatist, not a computer scientist) proof techniques don't scale to anything like the size of the systems we are actually building.

DannyZ
Gentoo Fanboy
Premium Member
join:2003-01-29
united state

DannyZ

Premium Member

This was being discussed in another forum I frequent, and someone posted that Rice's Theorem states that it is impossible. I've read the wiki page a few times, however, and I can't seem to wrap my head around it.

aussiedog
join:2007-01-10
Mesilla Park, NM

aussiedog to DarkSithPro

Member

to DarkSithPro
Good question, no complete answer.
Code is code, humans are inquisitive buggers.
Maybe an self-evolving code of some sort would manage.
Like matching chess algorithms against one another, I suppose.
nonymous (banned)
join:2003-09-08
Glendale, AZ

nonymous (banned) to DarkSithPro

Member

to DarkSithPro
An OS could be made fairly secure depending on its use.
But then when all the fluff that is really not part of the OS is added to make the user have a more enjoyable time no.
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to DarkSithPro

Premium Member

to DarkSithPro
By the way, 'bug free' and 'secure' are entirely different things.

Trivial statement: if I deliberately write a back-door that works perfectly as I intended, the system is bug-free but not secure.

Contrariwise, a bug may (as in the heartbleed case) result in insecurity, but it is not necessarily always so.

therube
join:2004-11-11
Randallstown, MD

therube to DarkSithPro

Member

to DarkSithPro
> is it even possible to make { enter anything you wish here }100% bug free

No.
And I think that is just great !
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to DarkSithPro

MVM

to DarkSithPro
said by DarkSithPro:

is it even possible to make a program, or an Operating System 100% bug free? ...if the resources where available is 100% bug free software even a reality?

I'm not a programmer by profession, but I heard a statistic out there that you can expect a bug every 1000 lines
of code. Last I heard, Windows was into the millions of lines of code. I don't have an exact count for other
systems like *nix, Linux variants, iOS, Android, etc.

2ndly : I've been in IT long enough to have this saying, "If it can be made by human hands, it can be broken by human hands."

...don't think I can make it any simpler than that.

Regards
gnome84
join:2014-04-12
Saint Paul, MN

gnome84 to DarkSithPro

Member

to DarkSithPro
said by DarkSithPro:

If you had an infinite amount of resources and the best programmers on the planet

Infinite resources aren't necessary as quarterly profits typically trump an additional layer of authentication or new firewall.

Perhaps if the security considerations were included in executive decisions rather than as a afterthought security might improve.

vaxvms
ferroequine fan
Premium Member
join:2005-03-01
Polar Park

1 recommendation

vaxvms to DarkSithPro

Premium Member

to DarkSithPro
Bug free software will never happen. Users are too creative in how they try to use it.
Bugs are especially true in an OS. Massive amounts of code with lots of people's fingers in multiple parts gets ugly. Introducing ongoing enhancements that need to keep old functionality in place can be a challenge. Creative hacks (hacks were originally a good thing, something to be proud of) by a person who has left the company confuses others and invites trouble.

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

Bill_MI to DarkSithPro

MVM

to DarkSithPro
The closest one can get to 100% is something like NASA code reviewed and exhaustively tested when lives depended on it. Arguably, it's still not 100% certain, just closer than most.

This is VERY expensive to do and the code involved was no where near as complex as we have today. This level of scrutiny plain doesn't exist on anything we run.

Just my 2 cents.

John Galt6
Forward, March
Premium Member
join:2004-09-30
Happy Camp

John Galt6 to DarkSithPro

Premium Member

to DarkSithPro
It IS possible, if the commitment is there in the beginning. There needs to be an established protocol for testing every module at every stage. Tools need to be developed that test and validate each component as it is developed, and then retested as the modules are integrated. So on and so forth..

The problem is that development management don't want to hear about the costs associated with such testing...they prefer to ship buggy software and fix it as users find them.

I am responsible for designing, building and testing exceptionally complex industrial machinery and processes, where tens of thousands of horsepower and millions of dollars of hardware are online. You don't think that I just let all the equipment get hooked up and then we flip the big switch, eh?

Uh, no.

Two oldie-but-goodie books are Steve McConnell's "Code Complete" and "Rapid Development" in which he discusses the various issues. Worth taking the time to read....although they are about programming, I have used the underlying philosophy and applied it to construction and design.