Was the 2006 Debian SSL Debacle a System Accident?
George Markowsky, Was the 2006 Debian SSL Debacle a System Accident?, Proc. 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computer Systems, pp. 624-629, Sept. 12, 2013.
Abstract:
In this paper we examine in detail the Debian OpenSSL Debacle from the perspectives of a system accident, a concept derived from the work of Charles Perrow [1]. This event left users of Debian and its derivatives with seriously compromised cryptographic capabilities. We identify some common failings that might be problematic in other software development projects and offers some suggestions to help develop code more securely.