"The only way to get that level of assurance would be to build an automated verification suite, or similar."
Wait.....what? OpenSSL doesn't have an automated verification suite? What the?
Well there you go. That's step #1.
I completely disagree with others' calls for a rewrite, and I really don't like their attacks on OpenSSL developers (not that I know them or even know who they are.) How many of you have written software that has been tested as thoroughly in the real world as OpenSSL? Some, but not very many, I presume. OpenSSL has an installed base of billions and billions of machines, and it is mostly successful, and any software that sees that much use (and the corresponding scrutiny) is going to have vulnerabilities revealed. We should absolutely not, not, not rewrite the software and open ourselves up to whole new bugs, or worse, bugs that were in OpenSSL and patched years ago. It would be fine to start a new piece of software, with the hope of competing for SSL, but a widespread
campaign to replace OpenSSL would be foolish.
The only possible caveat to this would be if it was developed more like clean room software a la NASA's probe/shuttle software, with every change agreed upon by a large committee of people, and no change made without weeks of planning. If it was replaced by a process so rigorous that it would not admit any bugs the new software might have a chance of competing with OpenSSL. And even then, a committee can't think of everything.
Everyone is starting from the reference point of perfect security and yet perfect security is impossible. Literally the best you can do is to have software that has been subjected to attacks over and over and over again and though it may have been flawed it has also been patched.
You don't need a committee to build rock solid software. There are all sorts of formal verification and modeling tools for specifying machine checkable specifications. The overhead in many cases is high so you're not gonna use it when writing a web 2.0 application but not when you're writing software that is a fundamental part of internet infrastructure then the bar needs to be higher. 1000 eyes making all bugs shallow is not the right approach in such cases.
Well, the 1000 eyes approach has worked with other open source, mission critical software, like Linux, which also doesn't have an official testing suite. If you have enough people invested in making sure something works, there's a strong incentive to uncover bugs now matter how obscure.
Security's always going to be an arms race in software.
Wait.....what? OpenSSL doesn't have an automated verification suite? What the?
Well there you go. That's step #1.
I completely disagree with others' calls for a rewrite, and I really don't like their attacks on OpenSSL developers (not that I know them or even know who they are.) How many of you have written software that has been tested as thoroughly in the real world as OpenSSL? Some, but not very many, I presume. OpenSSL has an installed base of billions and billions of machines, and it is mostly successful, and any software that sees that much use (and the corresponding scrutiny) is going to have vulnerabilities revealed. We should absolutely not, not, not rewrite the software and open ourselves up to whole new bugs, or worse, bugs that were in OpenSSL and patched years ago. It would be fine to start a new piece of software, with the hope of competing for SSL, but a widespread campaign to replace OpenSSL would be foolish.
The only possible caveat to this would be if it was developed more like clean room software a la NASA's probe/shuttle software, with every change agreed upon by a large committee of people, and no change made without weeks of planning. If it was replaced by a process so rigorous that it would not admit any bugs the new software might have a chance of competing with OpenSSL. And even then, a committee can't think of everything.
Everyone is starting from the reference point of perfect security and yet perfect security is impossible. Literally the best you can do is to have software that has been subjected to attacks over and over and over again and though it may have been flawed it has also been patched.