Embedded Systems Conference
Breaking News
Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
rick merritt
User Rank
Money for open source projects
rick merritt   5/1/2014 10:17:22 AM
Sounds like some folks with a bigger bank accounhts than I have agree with me and a poneying up dough to fnd crucial open source projects.

See http://bits.blogs.nytimes.com/2014/04/24/companies-back-initiative-to-support-openssl-and-other-open-source-projects




User Rank
Re: Open Source quality is demonstrably better
DVanditmars   4/30/2014 11:53:27 PM
One must not confuse quantity with quality...

The typical figure of merrit is the number of eyeballs that 'review' the code, thus it has a higher quality.

User Rank
Software (open or proprietry) will have bugs
Kishore.BA   4/25/2014 5:03:22 AM
It is not just Open sources developed with shoe strink budgets but also well paid softwares can have bugs. While we are talking about SSL, it may be worth while to note apple also had the ignonimity of a serious security flaw.


Anyone with a little C programming experience would now this is a pretty silly mistake but shocking code inclusion into premium products like Macs, iPhones, iPads.

Whether you take any open source code or develop your own reviews, code analysis, code coverage is a must. Most corporations using open source code don't review the code getting included.



User Rank
Re: Open Source quality is demonstrably better
TanjB   4/23/2014 11:48:49 AM
Coverity covers some OSS code vs. some Enterprise code (according to the report).

Clearly Coverity did not cover the OpenSSL code.  Read the LibreSSL change log, it was a horror show of bad code.

I work for MS, and have on occasion written code for the OS.  Just over 10 years ago Windows went through a massive and painful reset, where for the best part of a year the main activity was simply cleaning up the code base.  Now, this was not just inspecting it and adding some comments (though that basic stuff happened).  They built program verification tools in MS Research (you can look up the publications, Coverity probably learned from MSR who started on those tools in the 90s) and the coding standards included stringent annotations to enhance the capability of the automatic checking.  The sort of mistake that LibreSSL is grumbling about simply can't be checked in to the source tree.

Now, I'm not claiming there are no bugs.  Millions of lines of code are a complexity which can not be made perfect by humans, even with the aid of verification tools.  There are modes of failure discovered which the tools do not yet check for.  But there are commercial vendors who take this stuff very seriously, and have long ago built the tools and practices to avoid simple problems like buffer overruns or reading out of bounds, and many other risk factors.

OSS code has its advantages.  We use it, and we contribute to it.  But, inspection by human eyes is not all you need, and tools like Coverity are limited unless you are willing to strictly change your coding practices to improve automated reasoning and coverage.  If you really want to build secure and critical code, deep investment in the practice and the tooling is a good idea.

I am not speaking for my employer here, just adding some perspective to this discussion about the nature of modern software engineering on proprietary software.  I assume that many of our competitors have similar practice on critical code.

User Rank
Re: Open Source quality is demonstrably better
stvw   4/23/2014 9:25:29 AM
Go to Google and search for "Open source software qaulity" without the quotes.

Pick off the first article in the search referencing Coverity.

I'm loath to point a link to a competitor to EE Tmes directly on their pages. Just doesn't seem fair.

Coverity has been doing on-going research into OSS quality for quite awhile and their numbers match my personal experience in the industry. I've been a Linux user since nearly day 1 (Version 0.12) and have seen it grow into the true defacto Internet OS. This occurred through natural selection processes as much as anything.  The original "Cathederal and Bazaar" article explained it best in my mind.  Proprietary software is at a huge disadvantage because typically the people working on it simply do it for the love of it!

The one OSS project I've been personally affiliated with (Icarus Verilog) has been ongoing for something 14 years.  The hand full of people that contribute to Icarus have been doing this with very little in the area of financial reward, but often because it solves their personal problems. They give a damn. So the results are merely born out by the Stats.


User Rank
Re: No different than the cost of 'NOT-Free'
rob18767   4/23/2014 8:57:46 AM
Toyota being an obvious candidate. 


User Rank
Andre.C   4/22/2014 10:51:18 PM
GPL = Software Darwinism, this is a good thing.

rick merritt
User Rank
Re: Open Source quality is demonstrably better
rick merritt   4/22/2014 8:58:02 PM
@Steve Wilson: Great stats. Do you have the link to the article?

rick merritt
User Rank
Re: Open Source Software is actually quite expensive.
rick merritt   4/22/2014 8:54:51 PM
@Andrew: Great example with Python v3! I'd love to hear Guido or others on the project tell their stories of lessons learned.

User Rank
Re: OpenSSL testing
Roba66   4/22/2014 8:52:02 PM
The corporate user is responsible for keeping the information safe so it is his responsibility to test. However this is no different if the software is proprietary, unless the vendor indemnifies the corporate user (not likely).

Page 1 / 3   >   >>

Most Recent Comments
Susan Rambo
rick merritt
Brian Fuller2

Drones are, in essence, flying autonomous vehicles. Pros and cons surrounding drones today might well foreshadow the debate over the development of self-driving cars. In the context of a strongly regulated aviation industry, "self-flying" drones pose a fresh challenge. How safe is it to fly drones in different environments? Should drones be required for visual line of sight – as are piloted airplanes? Join EE Times' Junko Yoshida as she moderates a panel of drone experts.

Brought to you by

July 16, 1pm EDT Thursday
IoT Network Shoot Out
Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Special Video Section
LED lighting is an important feature in today’s and future ...
Active balancing of series connected battery stacks exists ...
After a four-year absence, Infineon returns to Mobile World ...
A laptop’s 65-watt adapter can be made 6 times smaller and ...
An industry network should have device and data security at ...
The LTC2975 is a four-channel PMBus Power System Manager ...
In this video, a new high speed CMOS output comparator ...
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...