• DocumentCode
    643173
  • Title

    Was the 2006 Debian SSL Debacle a system accident?

  • Author

    Markowsky, George

  • Author_Institution
    Univ. of Maine, Orono, ME, USA
  • Volume
    02
  • fYear
    2013
  • fDate
    12-14 Sept. 2013
  • Firstpage
    624
  • Lastpage
    629
  • Abstract
    In this paper we examine in detail the Debian OpenSSL Debacle from the perspectives of a system accident, a concept derived from the work of Charles Perrow [1]. This event left users of Debian and its derivatives with seriously compromised cryptographic capabilities. We identify some common failings that might be problematic in other software development projects and offers some suggestions to help develop code more securely.
  • Keywords
    cryptography; software engineering; Debian OpenSSL Debacle; cryptographic capabilities; software development projects; system accident perspective; Accidents; Cryptography; Entropy; Operating systems; Software systems; US Department of Defense; Debian; SSL; cryptography; security breach; software engineering; system accident;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013 IEEE 7th International Conference on
  • Conference_Location
    Berlin
  • Print_ISBN
    978-1-4799-1426-5
  • Type

    conf

  • DOI
    10.1109/IDAACS.2013.6663000
  • Filename
    6663000
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=643173