Code review of standard client?

falcoiii (OP)

Newbie

Offline

Activity: 28
Merit: 0

Code review of standard client?

November 08, 2013, 07:45:47 PM

Has there been a public, in-depth, 3rd party review of the standard bitcoin client? I have experience with software engineering... an industry average is at least 1 bug per 1000 lines of code. The bugs might be trivial or critical, easy to spot or hard to discern or activate. I am NOT saying that the people who write bad code, but that programs are written by humans, and even the best of us make mistakes.

http://mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio/

http://security.stackexchange.com/questions/21137/average-number-of-exploitable-bugs-per-thousand-lines-of-code

http://www.techrepublic.com/blog/it-security/the-danger-of-complexity-more-code-more-bugs/

Kudos on the protocol fuzzing work that appears to be going on.

1714857052

Hero Member

Offline

Posts: 1714857052

Ignore

1714857052

1714857052


	Report to moderator

If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1714857052

Hero Member

Offline

Posts: 1714857052

Ignore

1714857052


	Report to moderator

1714857052

Hero Member

Offline

Posts: 1714857052

Ignore

1714857052


	Report to moderator

piotr_n

Legendary

Offline

Activity: 2053
Merit: 1354

aka tonikt

Re: Code review of standard client?

November 08, 2013, 07:53:34 PM
Last edit: November 08, 2013, 08:13:17 PM by piotr_n

So far the only public review you can relay on is that the public has not reported having their money stolen from the standard client, despite of all the incentives behind it.
Only tiny Android wallets were robbed so far, but that's only because Google added "even more bugs" while fixing one in Android's RNG... allegedly - they made a seminar about the details of this incident, but it was only for a high profile scientists Wink

Which doesn't mean stolen coins won't be reported, for the standard client, in a future - just wait... the great new versions are coming, right from Google's best security experts.
I already have my popcorn bought and waiting to be heated

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E

justusranvier

Legendary

Offline

Activity: 1400
Merit: 1009

Re: Code review of standard client?

November 08, 2013, 08:00:46 PM

Quote from: falcoiii on November 08, 2013, 07:45:47 PM

Talk to the people at Conformal Systems.

They wrote a reimplementation of the client in another programming language, so had to go through the code with a fine toothed comb to be able to discover and document all its quirks.

Ecurb123

Full Member

Offline

Activity: 182
Merit: 100

Re: Code review of standard client?

November 17, 2013, 12:23:03 PM

I see that this is a few weeks old but I want to bump it up because I would have thought there was a better answer out there.

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Code review of standard client?

« previous topic next topic »