C isn't formally verifiable and, in fact, it's even hard to correctly parse. In other words, developing security related software in C is akin to Schneier or Bernstein not properly developing algorithms but asking drunk college boys on a weekend night to come up with something.
[...]
I nodded in agreement so hard I might have to see a chiropractor.
OpenSSL's src is a mess. If cyaSSL can mirror its basic functionality and do such a thing with code that is both legible and importantly it is advertized as 20 times smaller than OpenSSL. Of course it is targeted towards the embedded market but I would rather audit a significantly smaller codebase that a lay sysadmin can likely understand than try and analyze the Pandora's box that is OpenSSL's source. It really is a disgrace.
[...]
The problem is that in C++ you can't even guarantee that 1 + 1 = 2. You have to look at the disassembled code.
[...]
I'm still mulling over the fact that Neel Mehta of Google discovered Heartbleed, apparently as part of assigned team duties. He has a rarely updated twitter page https://twitter.com/neelmehta; Google has not allowed interviews.
This says to me that Google doesn't trust OpenSSL Software in the slightest and is paying for its own top to bottom code review of the whole security software enterprise.
[...]
(via a comment at Wonkette - http://wonkette.com/...-surprise-for-you )
Cheers,
Scott.