The missing-step bug in early ML-DSA is the perfect case for SAW. rare inputs that pass code review because the line that should be there doesn't look absent, it looks like the next line is correct. tests wouldn't catch it unless someone happened to roll exactly the right inputs.
I would really like to look at the bug and whether we could have caught it with conventional testing, but it doesn't look like Apple actually disclosed it?
SAW/Cryptol are amazingly easy to use compared to other formal methods tools. It's a shame that C++ is still popular in high assurance spaces, because the tooling for it and the ability to write safe code is so much worse than C these days.
Explain to someone like me who uses C in safety-critical software in aerospace and defense why not?
For me, choosing the language is not enough. It's the tooling that goes far beyond the language that is important for safety and quality of compiler and runtime. C has very mature tooling options. So does ADA.
Explain to us why you are not allowed to use 100% of ISO C, without certification processes that castrate C to the point it feels like Ada 83 with curly brackets.
Proceses that outside high integrity computing no one is willing to make themselves go through without legal requirements and liability.
Most of it because during 1980's it was cheaper to advocate for C plus certification than pay for Ada compilers and developers.
Because we want to write correct code. We want to verify the absence of many types of errors where amateurish language war stuff like Rust vs C does not even scratch the surface.
I would propose that we change your original statement "Ideally neither C nor C++ should be used when security matters." into:
"Ideally people who don't care about secrurity should not write code when security matters."
Can we agree that this is better than talking about programming languages?
Except security matters everywhere in modern computing, and the world is full of amateurs that call themselves engineers, writing C without any of those tools, or legal consequences.
If it mattered they would not be using C without any of those tools or techniques. Therefore, it is empirically proven that it either does not matter or they are deploying code unfit for purpose and should not be writing such code.
And that is precisely what they said:
> Ideally people who don't care about secrurity [sic] should not write code when security matters.
The absence of legal consequences further supports the fact that it does not matter.
It does certainly matter, it needed to go beyond what is acceptable for governments and security agencies to finally start reacting, since Morris worm came to be.
Naturally the move fast and break things culture sees it otherwise.
Verified crypto is important but apple still doesnt take parser security seriously enough. They know it's insecure and offer lockdown mode instead of fixing it.
Had totally forgotten that Apple had rolled out post-quantum crypto (ML-KEM and ML-DSA, FIPS 203 and FIPS 204, respectively) already back in 2024. [1]
Slightly off topic, but it's great to see "crypto" to mean cryptography, helping users to keep their data secure, and not as so often these days those silly cryptocurrency crime tokens.
H0-LawJik | 20 hours ago
FiloSottile | 8 hours ago
AlotOfReading | 18 hours ago
pjmlp | 11 hours ago
Ideally neither C nor C++ should be used when security matters.
Nokinside | 7 hours ago
For me, choosing the language is not enough. It's the tooling that goes far beyond the language that is important for safety and quality of compiler and runtime. C has very mature tooling options. So does ADA.
https://www.absint.com/astree/index.htm
Abstract Interpretation in a Nutshell https://www.di.ens.fr/~cousot/AI/IntroAbsInt.html
pjmlp | 7 hours ago
Proceses that outside high integrity computing no one is willing to make themselves go through without legal requirements and liability.
Most of it because during 1980's it was cheaper to advocate for C plus certification than pay for Ada compilers and developers.
Nokinside | 6 hours ago
I would propose that we change your original statement "Ideally neither C nor C++ should be used when security matters." into:
"Ideally people who don't care about secrurity should not write code when security matters."
Can we agree that this is better than talking about programming languages?
pjmlp | 5 hours ago
Veserv | 3 hours ago
And that is precisely what they said:
> Ideally people who don't care about secrurity [sic] should not write code when security matters.
The absence of legal consequences further supports the fact that it does not matter.
ethical | 2 hours ago
https://www.google.com/search?q=any+case+law+to+defeat+this+...
pjmlp | 2 hours ago
Naturally the move fast and break things culture sees it otherwise.
throwaway85825 | 15 hours ago
ethical | 7 hours ago
FabHK | 14 hours ago
Slightly off topic, but it's great to see "crypto" to mean cryptography, helping users to keep their data secure, and not as so often these days those silly cryptocurrency crime tokens.
[1] https://security.apple.com/blog/imessage-pq3/