Was the 2006 Debian SSL Debacle a System Accident?
Abstract
In this paper we examine in detail the Debian OpenSSL Debacle from the perspectives of a system accident, a concept derived from the work of Charles Perrow [1]. This event left users of Debian and its derivatives with seriously compromised cryptographic capabilities. We identify some common failings that might be problematic in other software development projects and offers some suggestions to help develop code more securely.
Recommended Citation
G. Markowsky, "Was the 2006 Debian SSL Debacle a System Accident?," Proceedings of the IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS) (2013, Berlin, Germany), vol. 2, pp. 624 - 629, Institute of Electrical and Electronics Engineers (IEEE), Sep 2013.
The definitive version is available at https://doi.org/10.1109/IDAACS.2013.6663000
Meeting Name
IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, IDAACS 2013 (2013: Sep. 12-14, Berlin, Germany)
Department(s)
Computer Science
Keywords and Phrases
Debian; Open SSL; Security breaches; Software development projects; SSL; System accidents; Cryptography; Data acquisition; Software engineering; Accidents
International Standard Book Number (ISBN)
978-1479914265
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2013 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.
Publication Date
01 Sep 2013
