> Heartbleed vs custom memory allocator is a false dichotomy. The problem
> with OpenSSL was a bad development model. A security library should have a
> development model focusing on security. Security is a process and taking
> responsibility for design decisions and committing to them, not letting
> things slip out of hand over the years.
> Skickat frÃ¥n min Android-telefon med K-9 E-post. UrsÃ¤kta min
PicoLisp can and might be used to implement security applications.
So better use standard proved OS mechanisms and have some more initial
effort to get it running, I think.
The heartbleed bug wouldn't have had such a devastating effect if they
wouldn't have implemented their own memory management.