|
Newbie question about program and Operating System Security.A lot of topics about 0-day OS, Browser exploits, and TLS security bugs and the rest. If you had an infinite amount of resources and the best programmers on the planet, is it even possible to make a program, or an Operating System 100% bug free? I know humans make mistakes all the time, but if the resources where available is 100% bug free software even a reality? Thanks... |
|
1 recommendation |
Short answer, probably not, at least not with current tools. There is research in mathematical ways to formally verify code (it can be done to an extent now). But ultimately code is written by humans using imperfect tools. Though we certainly can do a lot better than we are now. |
|
dave Premium Member join:2000-05-04 not in ohio
1 recommendation |
to DarkSithPro
No.
The only way you'd get guaranteed correctness would be to treat programming as akin to mathematical proof. And note that mathematics is formally undecidable (which, by the way, was proven by a prototypical computer guy).
As far as I know (I'm a pragmatist, not a computer scientist) proof techniques don't scale to anything like the size of the systems we are actually building. |
|
DannyZGentoo Fanboy Premium Member join:2003-01-29 united state |
DannyZ
Premium Member
2014-Apr-13 12:03 am
This was being discussed in another forum I frequent, and someone posted that Rice's Theorem states that it is impossible. I've read the wiki page a few times, however, and I can't seem to wrap my head around it. |
|
|
to DarkSithPro
Good question, no complete answer. Code is code, humans are inquisitive buggers. Maybe an self-evolving code of some sort would manage. Like matching chess algorithms against one another, I suppose. |
|
nonymous (banned) join:2003-09-08 Glendale, AZ |
to DarkSithPro
An OS could be made fairly secure depending on its use. But then when all the fluff that is really not part of the OS is added to make the user have a more enjoyable time no. |
|
dave Premium Member join:2000-05-04 not in ohio
1 recommendation |
to DarkSithPro
By the way, 'bug free' and 'secure' are entirely different things.
Trivial statement: if I deliberately write a back-door that works perfectly as I intended, the system is bug-free but not secure.
Contrariwise, a bug may (as in the heartbleed case) result in insecurity, but it is not necessarily always so. |
|
|
therube join:2004-11-11 Randallstown, MD |
to DarkSithPro
> is it even possible to make { enter anything you wish here }100% bug free No. And I think that is just great ! |
|
|
to DarkSithPro
said by DarkSithPro:is it even possible to make a program, or an Operating System 100% bug free? ...if the resources where available is 100% bug free software even a reality? I'm not a programmer by profession, but I heard a statistic out there that you can expect a bug every 1000 lines of code. Last I heard, Windows was into the millions of lines of code. I don't have an exact count for other systems like *nix, Linux variants, iOS, Android, etc. 2ndly : I've been in IT long enough to have this saying, "If it can be made by human hands, it can be broken by human hands." ...don't think I can make it any simpler than that. Regards |
|
gnome84 join:2014-04-12 Saint Paul, MN |
to DarkSithPro
said by DarkSithPro:If you had an infinite amount of resources and the best programmers on the planet Infinite resources aren't necessary as quarterly profits typically trump an additional layer of authentication or new firewall. Perhaps if the security considerations were included in executive decisions rather than as a afterthought security might improve. |
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park
1 recommendation |
to DarkSithPro
Bug free software will never happen. Users are too creative in how they try to use it. Bugs are especially true in an OS. Massive amounts of code with lots of people's fingers in multiple parts gets ugly. Introducing ongoing enhancements that need to keep old functionality in place can be a challenge. Creative hacks (hacks were originally a good thing, something to be proud of) by a person who has left the company confuses others and invites trouble. |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
|
to DarkSithPro
The closest one can get to 100% is something like NASA code reviewed and exhaustively tested when lives depended on it. Arguably, it's still not 100% certain, just closer than most.
This is VERY expensive to do and the code involved was no where near as complex as we have today. This level of scrutiny plain doesn't exist on anything we run.
Just my 2 cents. |
|
John Galt6Forward, March Premium Member join:2004-09-30 Happy Camp |
to DarkSithPro
It IS possible, if the commitment is there in the beginning. There needs to be an established protocol for testing every module at every stage. Tools need to be developed that test and validate each component as it is developed, and then retested as the modules are integrated. So on and so forth.. The problem is that development management don't want to hear about the costs associated with such testing...they prefer to ship buggy software and fix it as users find them. I am responsible for designing, building and testing exceptionally complex industrial machinery and processes, where tens of thousands of horsepower and millions of dollars of hardware are online. You don't think that I just let all the equipment get hooked up and then we flip the big switch, eh? Uh, no. Two oldie-but-goodie books are Steve McConnell's "Code Complete" and "Rapid Development" in which he discusses the various issues. Worth taking the time to read....although they are about programming, I have used the underlying philosophy and applied it to construction and design. |
|