, The heartbleed bug
A process-oriented methodology for assessing and improving software trustworthiness, Proceedings of the 2nd ACM Conference on Computer and communications security , CCS '94, pp.39-50, 1994. ,
DOI : 10.1145/191177.191188
Fundamental concepts of dependability, Proceedings of the 3rd IEEE Information Survivability Workshop, 2000. ,
, Black Duck: Open Hub, https://www.openhub
robobrowser, https://github ,
Why the shellshock bug is worse than heartbleed, MIT Technology Review, 2014. ,
, Commission of the European Communities: Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria
, Common Vulnerability Scoring System SIG: The Common Vulnerability Scoring System (CVSS), https
The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, The Internet Engineering Task Force, 2008. ,
More c++ gems. chap Applying the ABC Metric to C, pp.245-264, 1997. ,
Elements of Software Science (Operating and Programming Systems Series), 1977. ,
Common Criteria for Information Technology Security Evaluation 13. Lampson, B.W.: A note on the confinement problem, Commun. ACM, vol.16, issue.10, pp.613-615, 1973. ,
An analysis of software quality attributes and their contribution to trustworthiness, Closer 2013 -Proceedings of the 3rd International Conference on Cloud Computing and Services Science, pp.542-552, 2013. ,
Quality and IT Security assessment of Open Source Software projects, p.2017 ,
, NIST: National vulnerability database
It's 2017 and 200,000 services still have unpatched heartbleeds https, 2017. ,
System structure for software fault tolerance, ACM SIGPLAN Notices, vol.10, issue.6, pp.437-449, 1975. ,
DOI : 10.1145/390016.808467
Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension, RFC, vol.6520, 2012. ,
DOI : 10.17487/rfc6520
, The Department of Defense (DoD): Trusted Computer System Evaluation Criteria (TCSEC), TCSEC Rainbow Series Library, Orange Book 21. The MITRE Corporation: Common vulnerabilities and exposures
, The MITRE Corporation: Common Weakness Enumeration (CWE)
Reflections on trusting trust, Communications of the ACM, vol.27, issue.8, pp.761-763, 1984. ,
DOI : 10.1145/358198.358210
Security metrics for software systems, Proceedings of the 47th Annual Southeast Regional Conference on, ACM-SE 47, pp.1-6, 2009. ,
DOI : 10.1145/1566445.1566509