, The heartbleed bug

E. Amoroso, C. Taylor, J. Watson, and J. Weiss, A process-oriented methodology for assessing and improving software trustworthiness, Proceedings of the 2nd ACM Conference on Computer and communications security , CCS '94, pp.39-50, 1994.
DOI : 10.1145/191177.191188

A. Avizienis, J. C. Laprie, and B. Randell, Fundamental concepts of dependability, Proceedings of the 3rd IEEE Information Survivability Workshop, 2000.

, Black Duck: Open Hub, https://www.openhub

J. Carp, robobrowser, https://github

C. Cerrudo, Why the shellshock bug is worse than heartbleed, MIT Technology Review, 2014.

, Commission of the European Communities: Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria

, Common Vulnerability Scoring System SIG: The Common Vulnerability Scoring System (CVSS), https

T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, The Internet Engineering Task Force, 2008.

J. Fitzpatrick and J. C++, More c++ gems. chap Applying the ABC Metric to C, pp.245-264, 1997.

M. H. Halstead, Elements of Software Science (Operating and Programming Systems Series), 1977.

I. , Common Criteria for Information Technology Security Evaluation 13. Lampson, B.W.: A note on the confinement problem, Commun. ACM, vol.16, issue.10, pp.613-615, 1973.

N. G. Mohammadi, S. Paulus, M. B. Metzger, A. Koennecke, H. Hartenstein et al., An analysis of software quality attributes and their contribution to trustworthiness, Closer 2013 -Proceedings of the 3rd International Conference on Cloud Computing and Services Science, pp.542-552, 2013.

M. B. Nielsen, Quality and IT Security assessment of Open Source Software projects, p.2017

, NIST: National vulnerability database

D. Pauli, It's 2017 and 200,000 services still have unpatched heartbleeds https, 2017.

B. Randell, System structure for software fault tolerance, ACM SIGPLAN Notices, vol.10, issue.6, pp.437-449, 1975.
DOI : 10.1145/390016.808467

R. Seggelmann, M. Tuexen, and M. Williams, Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension, RFC, vol.6520, 2012.
DOI : 10.17487/rfc6520

, The Department of Defense (DoD): Trusted Computer System Evaluation Criteria (TCSEC), TCSEC Rainbow Series Library, Orange Book 21. The MITRE Corporation: Common vulnerabilities and exposures

, The MITRE Corporation: Common Weakness Enumeration (CWE)

K. Thompson, Reflections on trusting trust, Communications of the ACM, vol.27, issue.8, pp.761-763, 1984.
DOI : 10.1145/358198.358210

J. A. Wang, H. Wang, M. Guo, and M. Xia, Security metrics for software systems, Proceedings of the 47th Annual Southeast Regional Conference on, ACM-SE 47, pp.1-6, 2009.
DOI : 10.1145/1566445.1566509