Software bugs

The 2008 random number weakness in Debian (Ubuntu etc) versions of OpenSSL resulted in an article by Jake Edge for LWN: Debian, OpenSSL, and a lack of cooperation, covering the responsibilities of upstream and packagers:

It is in the best interests of everyone, distributions, projects, and users, for changes made downstream to make their way back upstream. In order for that to work, there must be a commitment by downstream entities—typically distributions, but sometimes users—to push their changes upstream. By the same token, projects must actively encourage that kind of activity by helping patch proposals and proposers along. First and foremost, of course, it must be absolutely clear where such communications should take place.

Popularity: 40% [?]

Rick Schaut describes the process of finding a bug in Word 6 multiple undo that caused a file descriptor leak.

Popularity: 62% [?]

Mark Pilgrim dives in where unit tests can’t save him: the depths of libxml2 and client-server communication.

Popularity: 33% [?]

Joel Spolsky illustrates painless bug tracking by example, advocating using a bug database and advising how to make people use it. He has a second article on the need for a good QA team.

Popularity: 59% [?]

Chris De Herrera describes describes in detail researching a security problem on Windows Mobile 2003. (Via stargeek.)

Popularity: 32% [?]

… you will find them” is the moral of Federico Mena-Quintero’s quick bug finding story.

Popularity: 32% [?]

Via Malcolm’s diary, Joe Bork, a Microsoft software tester, writes about known bugs that go unfixed and the cost of fixing a bug (salary costs, regression testing, testing the fix and so on).

Popularity: 48% [?]