Code Diversity
It’s been 3 month since HeartBleed was publicly disclosed.
According to Wikipedia ~17% of secure web servers were believed to be vulnerable.
That makes me wonder - what is the affect of our increasing reliance on a few well known libraries for application functionalities? Will this limit the “genetic diversity” of our software ecosystem?
On one hand, as long as we take good care of our libraries this reduces the amount of development, test, and inter-op costs and also prevents amateur mistakes. It’s akin to putting our eggs in a few selected baskets and taking good care of them (I stole this phrase from Prof. Cheriton). But what happens when you drop a basket? A major bug in a library could have devastating results for the whole ecosystem as it might be used by a significant number of applications.
That makes me wonder - what is the affect of our increasing reliance on a few well known libraries for application functionalities? Will this limit the “genetic diversity” of our software ecosystem?
On one hand, as long as we take good care of our libraries this reduces the amount of development, test, and inter-op costs and also prevents amateur mistakes. It’s akin to putting our eggs in a few selected baskets and taking good care of them (I stole this phrase from Prof. Cheriton). But what happens when you drop a basket? A major bug in a library could have devastating results for the whole ecosystem as it might be used by a significant number of applications.