The Library
Trustworthy Software : lessons from `goto fail' & Heartbleed bugs
Tools
Tools
Tools
Boyes, H., Norris, P., Bryant, I. and Watson, Tim (2014) Trustworthy Software : lessons from `goto fail' & Heartbleed bugs. In: 9th IET International Conference on System Safety and Cyber Security (2014), Manchester, United Kingdom, 15-16 Oct 2014. Published in: 9th IET International Conference on System Safety and Cyber Security (2014) pp. 1-7. ISBN 9781849199407. doi:10.1049/cp.2014.0970
![[img]](https://wrap.warwick.ac.uk/style/images/fileicons/application_pdf.png) |
PDF
WRAP-trustworthy-software-heartbleed-Boyes-2014.pdf - Accepted Version - Requires a PDF viewer. Download (475Kb) |
Official URL: http://dx.doi.org/10.1049/cp.2014.0970
Abstract
In the first four months of 2014, two major vulnerabilities were announced affecting operation of the Transport Layer Security (TLS) protocol, which is used by applications to secure Internet communications. The `goto fail' bug affected Apple's iOS and OS X software and the `Heartbleed' bug affected versions of the OpenSSL software. Whilst the Apple bug was serious because it affected a wide range of Apple products, the Heartbleed bug was of greater significance due to widespread use of the OpenSSL library. This paper considers the lessons to be learned from these incidents. It examines how the use of the Trustworthy Software Framework (TSF) developed by the authors could have helped to reduce the risk of a major bugs like `goto fail' and Heartbleed. It also examines the responsibilities of developers where they use third party libraries and the need for appropriate due diligence. The paper also makes recommendations about how incidents like this should be handled to avoid confusing and contradictory messages being given.
| Item Type: | Conference Item (Paper) | ||||
|---|---|---|---|---|---|
| Divisions: | Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) | ||||
| Journal or Publication Title: | 9th IET International Conference on System Safety and Cyber Security (2014) | ||||
| Publisher: | IET | ||||
| ISBN: | 9781849199407 | ||||
| Book Title: | 9th IET International Conference on System Safety and Cyber Security (2014) | ||||
| Official Date: | 2014 | ||||
| Dates: |
|
||||
| Page Range: | pp. 1-7 | ||||
| DOI: | 10.1049/cp.2014.0970 | ||||
| Status: | Peer Reviewed | ||||
| Publication Status: | Published | ||||
| Date of first compliant deposit: | 10 April 2018 | ||||
| Date of first compliant Open Access: | 10 April 2018 | ||||
| Conference Paper Type: | Paper | ||||
| Title of Event: | 9th IET International Conference on System Safety and Cyber Security (2014) | ||||
| Type of Event: | Conference | ||||
| Location of Event: | Manchester, United Kingdom | ||||
| Date(s) of Event: | 15-16 Oct 2014 |
Request changes or add full text files to a record
Repository staff actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
