research-article

Free access

Finding more than one worm in the apple

Author:

Mike BlandAuthors Info & Claims

Communications of the ACM, Volume 57, Issue 7

Pages 58 - 64

https://doi.org/10.1145/2622630

Published: 01 July 2014 Publication History

All formats PDF

Abstract

If you see something, say something.

References

[1]

Apple Inc. Xcode overview, 2014; http://bit.ly/1kXUAzD

Google Scholar

[2]

Arthur, C. Apple's SSL iPhone vulnerability: How did it happen, and what next? The Guardian, (Feb. 25, 2014); http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next.

Google Scholar

[3]

Auerbach, D. An extraordinary kind of stupid. Slate (Feb. 25, 2014); http://slate.me/1o75yGs

Google Scholar

[4]

Bellovin, S.M. Goto Fail. SMBlog (Feb. 23, 2014); https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html.

Google Scholar

[5]

Bland, M. Test Certified, 2011; http://mike-bland.com/2011/10/18/test-certified.html.

Google Scholar

[6]

Bland, M. Testing on the Toilet, 2011; http://mike-bland.com/2011/10/25/testing-on-the-toilet.html.

Google Scholar

[7]

Bland, M. Test Mercenaries, 2012; http://mike-bland.com/2012/07/10/test-mercenaries.html.

Google Scholar

[8]

Bland, M. AutoTest Central, 2014; http://autotestcentral.com/small-medium-and-large-test-sizes

Google Scholar

[9]

Dijkstra, E. A case against the GO TO statement. Commun. ACM 11, 3 (Nov. 1968), 147--148; http://www.cs.utexas.edu/users/EWD/ewd02xx/EWD215.PDF.

Digital Library

Google Scholar

[10]

Fuller, L. TestableSecurity: demonstrating that <code>SSLVerifySignedServerKeyExchange()</code> is trivially testable, 2014; https://github.com/landonf/Testability-CVE-2014-1266.

Google Scholar

[11]

Google, Inc. Too many tests. Google Testing Blog (Feb. 21, 2008); http://googletesting.blogspot.com/2008/02/in-movie-amadeus-austrian-emperor.html.

Google Scholar

[12]

Greenfield, R. Why Apple's power cords keep breaking. The Wire (July 30, 2012); http://www.thewire.com/technology/2012/07/why-apples-power-cords-keep-breaking/55202/.

Google Scholar

[13]

Langley, A. Apple's SSL/TLS bug. Imperial Violet (Feb. 22, 2014); https://www.imperialviolet.org/2014/02/22/applebug.html.

Google Scholar

[14]

Ray, C.K. TDD and signed SSLVerifySignedServerKeyExchange. Exploring Agile Solutions: Software Development with Agile Practices (Feb. 23, 2014); http://agilesolutionspace.blogspot.com/2014/02/tdd-and-signed-sslverifysignedserverkey.html.

Google Scholar

[15]

Schneier, B. Was the iOS SSL flaw deliberate? Schneier on Security: A Blog Covering Security and Security Technology (Feb. 2014); https://www.schneier.com/blog/archives/2014/02/was_the_ios_ssl.html.

Google Scholar

[16]

van Deursen, A. Learning from Apple's #gotofail security bug. Arie van Deursen: Software Engineering in Theory and Practice (Feb. 22, 2014); http://avandeursen.com/2014/02/22/gotofail-security/.

Google Scholar

Cited By

View all

Fregnan EBraz LD'Ambros MÇalıklı GBacchelli ARoychoudhury ACadar CKim M(2022)First come first served: the impact of file position on code reviewProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549177(483-494)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549177
Gao JLi LKong PBissyande TKlein J(2021)Understanding the Evolution of Android App VulnerabilitiesIEEE Transactions on Reliability10.1109/TR.2019.295669070:1(212-230)Online publication date: Mar-2021
https://doi.org/10.1109/TR.2019.2956690
Suomalainen JJulku JVehkapera MPosti H(2021)Securing Public Safety Communications on Commercial and Tactical 5G Networks: A Survey and Future Research DirectionsIEEE Open Journal of the Communications Society10.1109/OJCOMS.2021.30935292(1590-1615)Online publication date: 2021
https://doi.org/10.1109/OJCOMS.2021.3093529
Show More Cited By

Index Terms

Finding more than one worm in the apple

Recommendations

Finding More Than One Worm in the Apple: If you see something, say something.
Security

In February Apple revealed and fixed an SSL (Secure Sockets Layer) vulnerability that had gone undiscovered since the release of iOS 6.0 in September 2012. It left users vulnerable to man-in-the-middle attacks thanks to a short circuit in the SSL/TLS (...
One year later: A large system conversion
SIGUCCS '77: Proceedings of the 5th annual ACM SIGUCCS conference on User services

During the period that we were going through the acquisition process—talking to vendors and to management and users at other installations—conversion was, of course, in the back of our minds. The staff at other installations was unanimous: conversion ...
Just one slice of innovation, please
Attack of the killer virus

We all like to think that humans are hungry for innovation, anxious to find revolutionary products that improve the way we live and work. Recently, though, I've begun to wonder if that's true. I think we want technology to enhance the quality of life, ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 57, Issue 7

July 2014

98 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/2622628

Editor:
Moshe Y. Vardi
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2014

Published in CACM Volume 57, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
5,485
Total Downloads

Downloads (Last 12 months)257
Downloads (Last 6 weeks)15

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fregnan EBraz LD'Ambros MÇalıklı GBacchelli ARoychoudhury ACadar CKim M(2022)First come first served: the impact of file position on code reviewProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549177(483-494)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549177
Gao JLi LKong PBissyande TKlein J(2021)Understanding the Evolution of Android App VulnerabilitiesIEEE Transactions on Reliability10.1109/TR.2019.295669070:1(212-230)Online publication date: Mar-2021
https://doi.org/10.1109/TR.2019.2956690
Suomalainen JJulku JVehkapera MPosti H(2021)Securing Public Safety Communications on Commercial and Tactical 5G Networks: A Survey and Future Research DirectionsIEEE Open Journal of the Communications Society10.1109/OJCOMS.2021.30935292(1590-1615)Online publication date: 2021
https://doi.org/10.1109/OJCOMS.2021.3093529
Medeiros FLima GAmaral GApel SKästner CRibeiro MGheyi R(2019)An investigation of misunderstanding code patterns in C open-source software projectsEmpirical Software Engineering10.1007/s10664-018-9666-x24:4(1693-1726)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1007/s10664-018-9666-x
Yin QMu HZeng MGao DQin FChen JHe Z(2018)Effects of heating on the total phenolic content, antioxidant activities and main functional components of simulated Chinese herb candy during boiling processJournal of Food Measurement and Characterization10.1007/s11694-018-9961-713:1(476-486)Online publication date: 29-Oct-2018
https://doi.org/10.1007/s11694-018-9961-7
Gopstein DIannacone JYan YDeLong LZhuang YYeh MCappos JBodden ESchäfer WDeursen AZisman A(2017)Understanding misunderstandings in source codeProceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering10.1145/3106237.3106264(129-139)Online publication date: 21-Aug-2017
https://dl.acm.org/doi/10.1145/3106237.3106264
Nutbrown SHiggins C(2016)Static analysis of programming exercises: Fairness, usefulness and a method for applicationComputer Science Education10.1080/08993408.2016.117986526:2-3(104-128)Online publication date: 6-May-2016
https://doi.org/10.1080/08993408.2016.1179865
Hermann BReif MEichberg MMezini MDi Nitto EHarman MHeymans P(2015)Getting to know you: towards a capability model for JavaProceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering10.1145/2786805.2786829(758-769)Online publication date: 30-Aug-2015
https://dl.acm.org/doi/10.1145/2786805.2786829
Engblom J(2015)Virtual to the (near) endProceedings of the 52nd Annual Design Automation Conference10.1145/2744769.2747948(1-6)Online publication date: 7-Jun-2015
https://dl.acm.org/doi/10.1145/2744769.2747948

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations