Today’s software update systems have little or no defense
against key compromise. As a result, key compromises have
put millions of software update clients at risk. Here we identify
three classes of information whose authenticity and integrity
are critical for secure software updates. Analyzing
existing software update systems with our framework, we
find their ability to communicate this information securely
in the event of a key compromise to be weak or nonexistent.
We also find that the security problems in current software
update systems are compounded by inadequate trust revocation
mechanisms. We identify core security principles that
allow software update systems to survive key compromise.
Using these ideas, we design and implement TUF, a software
update framework that increases resilience to key compromise
Software developers spend 35-50 percent of their time validating and debugging software. The cost of debugging, testing, and verification is estimated to account for 50-75 percent of the total budget of software development projects, amounting to more than $100 billion annually.11 While tools, languages, and environments have reduced the time spent on individual debugging tasks, they have not significantly reduced the total time spent debugging, nor the cost of doing so. Therefore, a hyperfocus on elimination of bugs during development is counterproductive; programmers should instead embrace debugging as an exercise in problem solving.
Docker containers have recently become a popular approach
to provision multiple applications over shared physical hosts
in a more lightweight fashion than traditional virtual machines.
This popularity has led to the creation of the Docker
Hub registry, which distributes a large number of official and
community images. In this paper, we study the state of security
vulnerabilities in Docker Hub images. We create a
scalable Docker image vulnerability analysis (DIVA) framework
that automatically discovers, downloads, and analyzes
both official and community images on Docker Hub. Using
our framework, we have studied 356,218 images and made
the following findings: (1) both official and community images
contain more than 180 vulnerabilities on average when
considering all versions; (2) many images have not been updated
for hundreds of days; and (3) vulnerabilities commonly
propagate from parent images to child images. These findings
demonstrate a strong need for more automated and
systematic methods of applying security updates to Docker
images and our current Docker image analysis framework
provides a good foundation for such automatic security update.
We catalog and describe Google’s key software engineering practices.
The rfmt code formatter incorporates a new algorithm that optimizes code layout with respect to an intuitive notion of layout cost. This note describes the foundations of the algorithm, and the programming abstractions used to facilitate its use with a variety of languages and code layout policies.
Abstract. In this tutorial, we present an authorization model for distributed
systems that operate with limited internet connectivity. Reliable
internet access remains a luxury for a majority of the world’s population.
Even for those who can afford it, a dependence on internet connectivity
may lead to sub-optimal user experiences. With a focus on decentralized
deployment, we present an authorization model that is suitable for
scenarios where devices right next to each other (such as a sensor or
a friend’s phone) should be able to communicate securely in a peer-topeer
manner. The model has been deployed as part of an open-source
distributed application framework called Vanadium. As part of this tutorial,
we survey some of the key ideas and techniques used in distributed
authorization, and explain how they are combined in the design of our
The best best practices guide to writing python, from the guy who wrote the best python library, requests.