Topic: Code review of standard client? (Read 843 times)
I see that this is a few weeks old but I want to bump it up because I would have thought there was a better answer out there.
Has there been a public, in-depth, 3rd party review of the standard bitcoin client? I have experience with software engineering... an industry average is at least 1 bug per 1000 lines of code. The bugs might be trivial or critical, easy to spot or hard to discern or activate. I am NOT saying that the people who write bad code, but that programs are written by humans, and even the best of us make mistakes.
Talk to the people at Conformal Systems.They wrote a reimplementation of the client in another programming language, so had to go through the code with a fine toothed comb to be able to discover and document all its quirks.
So far the only public review you can relay on is that the public has not reported having their money stolen from the standard client, despite of all the incentives behind it.
Only tiny Android wallets were robbed so far, but that's only because Google added "even more bugs" while fixing one in Android's RNG... allegedly - they made a seminar about the details of this incident, but it was only for a high profile scientists
Which doesn't mean stolen coins won't be reported, for the standard client, in a future - just wait... the great new versions are coming, right from Google's best security experts.
I already have my popcorn bought and waiting to be heated
Only tiny Android wallets were robbed so far, but that's only because Google added "even more bugs" while fixing one in Android's RNG... allegedly - they made a seminar about the details of this incident, but it was only for a high profile scientists
Which doesn't mean stolen coins won't be reported, for the standard client, in a future - just wait... the great new versions are coming, right from Google's best security experts.
I already have my popcorn bought and waiting to be heated
Has there been a public, in-depth, 3rd party review of the standard bitcoin client? I have experience with software engineering... an industry average is at least 1 bug per 1000 lines of code. The bugs might be trivial or critical, easy to spot or hard to discern or activate. I am NOT saying that the people who write bad code, but that programs are written by humans, and even the best of us make mistakes.
http://mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio/
http://security.stackexchange.com/questions/21137/average-number-of-exploitable-bugs-per-thousand-lines-of-code
http://www.techrepublic.com/blog/it-security/the-danger-of-complexity-more-code-more-bugs/
Kudos on the protocol fuzzing work that appears to be going on.
http://mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio/
http://security.stackexchange.com/questions/21137/average-number-of-exploitable-bugs-per-thousand-lines-of-code
http://www.techrepublic.com/blog/it-security/the-danger-of-complexity-more-code-more-bugs/
Kudos on the protocol fuzzing work that appears to be going on.
Jump to: