> “We’re not claiming we’re going to prove an entire system is correct, 100 percent reliable in every bit, down to the circuit level,” Wing said. “That’s ridiculous to make those claims. We are much more clear about what we can and cannot do.”
This is an important statement that should be highlighted more prominently in the article (whose title I disagree with).
Formal methods are promising, and I'm glad that the researcher acknowledged that when your project relies on so many other abstractions and systems it doesn't matter how rigorously developed your solution is if a hacker can find a way to accomplish their objective through one of your dependencies.
Specifically, hardware level exploits are wholly disregarded by formal verification. This means bit-banging could still work. In many systems I'd also be wary of the OS itself.
They're disregarded by software verification. There's more formal verification deployed in hardware than software. There's also techniques to verify hardware and software together. The hardware problems you see are often deliberately left in there either due to corner cutting or backward compatibility with bad designs of the past. Both inspired by desire to see the number next to net income continue to rise. ;)
This is an important statement that should be highlighted more prominently in the article (whose title I disagree with).
Formal methods are promising, and I'm glad that the researcher acknowledged that when your project relies on so many other abstractions and systems it doesn't matter how rigorously developed your solution is if a hacker can find a way to accomplish their objective through one of your dependencies.