The most popular and comprehensive Open Source ECM platform
The goal of bug free software is unattainable, at least for software beyond a few hundred lines of code. That doesn’t mean that we should give up because perfection is out of reach; it’s just a recognition of reality. Sometimes bugs aren’t uncovered until many years after their initial release. And many other bugs will simply never be found or reported, or simply cataloged as ‘known deficiencies’.
For example, the encryption bug called “LogJam” related to encryption handling in the Transport Security Layer was not discovered until 20 years after the software was initially created.
Phil Johnson, editor at ITWorld, wrote that “while it may seem surprising that a coding error in a commonly used piece of software could go unnoticed for years, it’s actually not that uncommon. For a variety of reasons, bugs can go undetected, or sometimes simply ignored, for quite a long time in even the most widely used and critical pieces of code.”
Recently the security company Eclypsium found more than 40 drivers from 20 different hardware vendors with serious vulnerabilities. The flawed drivers allow an attacker to take complete control of the machine. Until then, no one had taken the time to closely examine this important software. These bugs are serious, but the problem was compounded by the fact that Microsoft certified all of them.
Sze Yiu Chau, researcher at Purdue University, said that “we found the issues in two open source TLS web encryption libraries.
there are developers in the IoT community using these products. We don’t know what commercial products use them, but the numbers show that they have 20 or 30 downloads each week. For developers, particularly application developers, they just want to make things work. They don’t necessarily understand how the crypto works underneath.”