Skip to content Skip to navigation
University of Warwick
  • Study
  • |
  • Research
  • |
  • Business
  • |
  • Alumni
  • |
  • News
  • |
  • About

University of Warwick
Publications service & WRAP

Highlight your research

  • WRAP
    • Home
    • Search WRAP
    • Browse by Warwick Author
    • Browse WRAP by Year
    • Browse WRAP by Subject
    • Browse WRAP by Department
    • Browse WRAP by Funder
    • Browse Theses by Department
  • Publications Service
    • Home
    • Search Publications Service
    • Browse by Warwick Author
    • Browse Publications service by Year
    • Browse Publications service by Subject
    • Browse Publications service by Department
    • Browse Publications service by Funder
  • Help & Advice
University of Warwick

The Library

  • Login
  • Admin

Trustworthy Software : lessons from `goto fail' & Heartbleed bugs

Tools
- Tools
+ Tools

Boyes, H., Norris, P., Bryant, I. and Watson, Tim (2014) Trustworthy Software : lessons from `goto fail' & Heartbleed bugs. In: 9th IET International Conference on System Safety and Cyber Security (2014), Manchester, United Kingdom, 15-16 Oct 2014. Published in: 9th IET International Conference on System Safety and Cyber Security (2014) pp. 1-7. ISBN 9781849199407. doi:10.1049/cp.2014.0970

[img] PDF
WRAP-trustworthy-software-heartbleed-Boyes-2014.pdf - Accepted Version - Requires a PDF viewer.

Download (475Kb)
Official URL: http://dx.doi.org/10.1049/cp.2014.0970

Request Changes to record.

Abstract

In the first four months of 2014, two major vulnerabilities were announced affecting operation of the Transport Layer Security (TLS) protocol, which is used by applications to secure Internet communications. The `goto fail' bug affected Apple's iOS and OS X software and the `Heartbleed' bug affected versions of the OpenSSL software. Whilst the Apple bug was serious because it affected a wide range of Apple products, the Heartbleed bug was of greater significance due to widespread use of the OpenSSL library. This paper considers the lessons to be learned from these incidents. It examines how the use of the Trustworthy Software Framework (TSF) developed by the authors could have helped to reduce the risk of a major bugs like `goto fail' and Heartbleed. It also examines the responsibilities of developers where they use third party libraries and the need for appropriate due diligence. The paper also makes recommendations about how incidents like this should be handled to avoid confusing and contradictory messages being given.

Item Type: Conference Item (Paper)
Divisions: Faculty of Science > WMG (Formerly the Warwick Manufacturing Group)
Journal or Publication Title: 9th IET International Conference on System Safety and Cyber Security (2014)
Publisher: IET
ISBN: 9781849199407
Book Title: 9th IET International Conference on System Safety and Cyber Security (2014)
Official Date: 2014
Dates:
DateEvent
2014Completion
Page Range: pp. 1-7
DOI: 10.1049/cp.2014.0970
Status: Peer Reviewed
Publication Status: Published
Conference Paper Type: Paper
Title of Event: 9th IET International Conference on System Safety and Cyber Security (2014)
Type of Event: Conference
Location of Event: Manchester, United Kingdom
Date(s) of Event: 15-16 Oct 2014

Request changes or add full text files to a record

Repository staff actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics

twitter

Email us: wrap@warwick.ac.uk
Contact Details
About Us