Amazon takes crack at redoing TLS code
-
Amazon rewrote the TLS code in 6000 lines of code, getting rid of everything they don't need while making sure it supports everything they currently do in AWS.
http://www.zdnet.com/article/amazon-introduces-new-web-security-software/
-
Just read the linked article. This looks like a solid idea.
-
It's funny - I heard about this on Security Now. Steve Gibson was talking about it saying basically that sometimes you just need to start over. I found this oddly contradictory to his previous stance that only tried and tested software can be trusted. One of the best examples is when MS decided to use a newer IP stack for Vista instead of the one they had been using forever. MS's new stack had so many problems that had been know failures it was no surprise that it was so horrible (If you didn't know, MS replaced the IP stack in Vista SP1 with a tried and true one).
Gibson did mention that Amazon has been having their new code security tested and so far it's bullet proof, but they didn't mention who was testing it.
-
That said - I hope this is a trend we start to see more of. MS dumped 100's of thousands of lines of legacy code from IE to make Edge... here's hoping it's more secure!
-
In software engineering circles it is a tried and true methodology to learn from the old but to start fresh. It is very often better to rewrite than to reuse.
-
While that totally makes sense - it just seems odd, especially when compared against the Vista story (clearly the writers of the IP stack didn't learn enough from the old).
-
@scottalanmiller said:
In software engineering circles it is a tried and true methodology to learn from the old but to start fresh. It is very often better to rewrite than to reuse.
I tend to follow a policy of reviewing before reuse. That way if I or another team member have found a better way to do something, then we can use the new / better way rather than the old way as long as we don't experience major show-stopping bugs with the new way.
-
@Dashrender said:
While that totally makes sense - it just seems odd, especially when compared against the Vista story (clearly the writers of the IP stack didn't learn enough from the old).
Anyone can get it wrong. But in the long run, dumping the XP code probably worked out. Just not right away.