Title

Was the 2006 Debian SSL Debacle a System Accident?

Abstract

In this paper we examine in detail the Debian OpenSSL Debacle from the perspectives of a system accident, a concept derived from the work of Charles Perrow [1]. This event left users of Debian and its derivatives with seriously compromised cryptographic capabilities. We identify some common failings that might be problematic in other software development projects and offers some suggestions to help develop code more securely.

Meeting Name

IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS) (2013: Sep. 12-14, Berlin, Germany)

Department(s)

Computer Science

Keywords and Phrases

Debian; Open SSL; Security breaches; Software development projects; SSL; System accidents; Cryptography; Data acquisition; Software engineering; Accidents

International Standard Book Number (ISBN)

9781479914265

Document Type

Article - Conference proceedings

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2013 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.


Share

 
COinS