Software, Security, and the Public Good

Transcript

1. Software, Security, and The Public Good Samantha Quiñones php[tek] 2017

2. None
3. None

4. We are a community of Qualified Engineers

5. Time for... Audience participation

6. Therac-25

7. Therac-25: What Went Wrong? The software contained an integer overflow

   bug (CWE-190) When an operator provided input during an overflow condition, the interlock failed This failure could allow the 25 MeV beam to activate without the target and collimator Patients received 100x the intended dose of radiation Patients suffered severe radiation burns and poisoning Three patients died

8. Therac-25: What Could Have Helped? Code review Review of code

   reused from earlier models to test assumptions Unit testing Integration testing Hardware interlocks

9. Mars Climate Orbiter

10. Mars Climate Orbiter: What Went Wrong? Launched 11 December 1998

    On 15 September 1999, an orbital insertion maneuver was performed Navigators had reported discrepancies between the reported and measured position Approach would bring the probe to 150-170km altitude, possibly lower, than expected 226km On 23 September 1999, the probe occulted Mars and lost radio contact. Contact was never reestablished. Postmortem found that one piece of ground software produced thrust values in pound-seconds (US Customary) rather than newton-seconds (SI)

11. Mars Climate Orbiter: What Could Have Helped? Specification review Integration

    testing Commitment to investigate error reports

12. Volkswagen Emissions Scandal

13. Volkswagen: What Went Wrong? Engineers at VW developed code to

    detect emissions tests and alter engine behavior This code was intentionally hidden and referred to as “acoustic condition”

14. Volkswagen: What Could Have Helped? Whistleblower-supporting culture Personal engineering ethics

15. Heartbleed

16. Heartbleed: What Went Wrong? Improper input validation bug allows out-of-bounds

    memory access (CWE-135) Exploitation of the heartbeat mechanism allows extracting secure information from vulnerable servers without authorization.

17. Heartbleed: What Could Have Helped? Code review Security review Adequate

    funding of open-source projects

18. Security is a guarantee that software will perform predictably regardless

    of input.
19. None
20. None
21. None

22. Software is Everywhere

23. Ethics & Engineering (inspired by the ACM)

24. Obligations to the Public To take responsibility for our work.

    To balance our interests with those of our clients, employers, and users. To ship code we believe to be safe, tested, and built according to specifications. To disclose actual or potential dangers to the user, the public, or the environment. To avoid deception. To consider the abilities of users and conditions of users. To volunteer our skills to good causes and contribute to public education.

25. Obligations to our Clients & Employers To be honest about

    our areas of competence. To honor software licenses. To honor the property and secrets of the client or employer. To disclose the likelihood of failure, cost overrun, violation of law, or damage. To identify and disclose issues of social concern. To not work against the interests of the client or employer, unless ethics are being compromised.

26. Obligations to the Product To balance quality, cost, and schedule

    while clearly communicating trade-offs. To identify and disclose economic, ethical, cultural, environmental, and legal issues. To employ methods appropriate to the task at hand. To understand the specifications of the product. To test, debug, review, and document all code. To collect, store, and use only data that has been derived by ethical means. To maintain what we build.

27. Obligations to Our Colleagues To develop a professional environment and

    culture that encourages acting ethically. To promote public knowledge and education of software engineering. To participate in professional organizations, meetings, conferences, and publications. To communicate one’s obligations to one’s employers and clients. To assist others in their professional development. To give credit to the work of others.

28. Obligations to Ourselves To develop our technical, management, and interpersonal

    skills continuously. To advocate for our users in an honest and thoughtful way. To share our knowledge and experience freely. To recognize our prejudices and not give unfair treatment because of them.

29. Let’s Get Practical Commit the OWASP Top 10 to heart

    (https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet) Embrace the CWE (https://cwe.mitre.org/index.html) Give better code reviews Demand better code reviews Become the local expert on compliance/security/testing/debugging Discover and honor your ethical boundaries

30. We are responsible for the work we put into the

    world.