LE_746F6D617A7A69 wrote:If someone claims that his program does not have any bugs, then it only means that he didn't tested the program thoroughly
The probability that the program has a bug grows exponentially with the number of lines of code.
The probability that there's a security hole, grows exponentially with the number of bugs.
The above holds for 100% of software created by humanity so far.
This also explains why after tens of years of development of security systems still we have hundreds of CVEs each year.
I dare to claim that adding countless layers of security is the main factor responsible for countless security holes.
KISS = Keep It Simple, Stupid!
Yes. This is exactly why I advocate for the use of well vetted libraries, no/low-overhead abstractions, and the use of modern verification/validation tools.