Wild speculation here, but I suspect the developers were of the opinion that “We only receive data from trusted sources, so we don’t have to bother validating stuff”, which if it is the case would be a tremendously bad take by the developers because your upstream can still have bugs, even if malice is never involved.
The spirit of Little Bobby Tables is likely alive and well in these kind of systems where messages are “only received from internal sources” and “therefore trusted”.
If there is one thing I learnt from the airline industry, it’s that no one follows message specs properly…
Your probably right, they probably cope with bad messages, but this one was unexpected bad and somehow escaped. They should have had a fall back check for when something escapes though.
From what they have been saying, it sounds like it was crashing and they have been spinning it as failing safely.
Wild speculation here, but I suspect the developers were of the opinion that “We only receive data from trusted sources, so we don’t have to bother validating stuff”, which if it is the case would be a tremendously bad take by the developers because your upstream can still have bugs, even if malice is never involved.
The spirit of Little Bobby Tables is likely alive and well in these kind of systems where messages are “only received from internal sources” and “therefore trusted”.
If there is one thing I learnt from the airline industry, it’s that no one follows message specs properly…
Your probably right, they probably cope with bad messages, but this one was unexpected bad and somehow escaped. They should have had a fall back check for when something escapes though.
From what they have been saying, it sounds like it was crashing and they have been spinning it as failing safely.