| Recurring |
one_organization, multiple_organization |
(a) The software failure incident of a server being hacked due to unpatched software happened again at GlobalSign. This incident was similar to a previous incident at DigiNotar, another certificate authority, which was compromised and subsequently went bankrupt after over 500 certificates were thought to have been stolen [11732].
(b) The software failure incident of a security breach affecting a certificate authority has happened at multiple organizations. Besides GlobalSign and DigiNotar, another Dutch issuer, KPN, also suspended its operations after a security breach was discovered in November [11732]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident at GlobalSign was primarily due to a failure in the design phase. The incident was caused by a piece of open-source software not being updated, which allowed a hacker to access the Web server [11732]. This highlights the importance of keeping software up to date to prevent vulnerabilities that can be exploited by malicious actors.
(b) Additionally, the incident also involved aspects related to operation. GlobalSign had to shut down its operations temporarily after the breach to rebuild its systems and ensure the security of its operations [11732]. This shows that operational procedures and practices play a crucial role in responding to and recovering from software failure incidents. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident involving GlobalSign was primarily within the system. The incident was attributed to a piece of open-source software not being updated, leading to the hack of one of its web servers [11732]. Additionally, the compromised SSL certificate was a result of the breach within the system, which could have been used to impersonate the company's website [11732].
(b) However, external factors also played a role in the incident. The hack was executed by an external hacker known as "Comodohacker" [11732]. The incident also occurred in the context of other similar breaches in the industry, such as the compromise of DigiNotar, a Dutch certificate authority, and the subsequent bankruptcy, indicating a broader external threat landscape [11732]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident at GlobalSign was primarily due to non-human actions. Specifically, the incident was attributed to a piece of open-source software not being updated, which allowed a hacker to access the Web server [11732]. Additionally, the SSL Web site certificate-issuing infrastructure was kept separate from the main website, indicating a security measure that was in place to prevent such incidents [11732].
(b) Human actions were also involved in the response to the incident. GlobalSign took action by ceasing certificate issuance, shutting down operations, tearing down and rebuilding systems, and implementing stringent security measures such as disconnecting the root certificate and requiring multiple security checks for access [11732]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident at GlobalSign was not attributed to hardware issues but rather to a piece of open-source software not being updated, leading to the hack on one of its web servers [11732].
(b) The software failure incident at GlobalSign was primarily due to a piece of open-source software not being updated, which allowed a hacker to access the web server. This highlights a software-related failure in terms of not keeping the software up to date, leading to the security breach [11732]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident involving GlobalSign was malicious in nature. The incident was a result of a hack where a Web server was accessed by a hacker named "Comodohacker" due to a piece of open-source software not being updated [11732]. The hacker compromised GlobalSign's own Web site, the site's certificate, and some other public-facing documents. The incident led to GlobalSign ceasing certificate issuance, shutting down operations temporarily, and rebuilding its systems to address the breach. Additionally, the compromised Web site certificate could have been used to impersonate the company's website, indicating malicious intent behind the hack.
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident at GlobalSign was primarily due to poor decisions, specifically the failure to update a piece of open-source software on one of its Web servers. This poor decision led to the server being hacked by an individual known as "Comodohacker" [11732]. Additionally, the incident highlighted the importance of maintaining up-to-date software to prevent such breaches in the future. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the GlobalSign breach. The incident occurred because of a piece of open-source software not being updated, highlighting a lack of professional competence in maintaining the software infrastructure [11732]. Additionally, the fact that the SSL Web site certificate-issuing giant had to tear down and rebuild its systems after the hack by "Comodohacker" suggests a failure in ensuring proper security measures were in place initially, indicating a level of development incompetence [11732].
(b) The accidental aspect of the software failure incident is seen in the unintended compromise of GlobalSign's own Web site, the site's certificate, and some other public-facing documents during the hack. This unintended breach can be categorized as an accidental failure within the context of the incident [11732]. |
| Duration |
temporary |
The software failure incident at GlobalSign was temporary. The incident occurred due to a piece of open-source software not being updated, leading to a hack on one of its web servers. As a result, GlobalSign ceased issuing certificates, shut down its operations temporarily, and rebuilt its systems after the breach. The company resumed issuing website certificates a week later and implemented stringent security measures to prevent future incidents. This indicates that the failure was temporary and not permanent [11732]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash. GlobalSign's Web server was hacked due to a piece of open-source software not being updated, leading to the system losing its state and not performing its intended functions [11732].
(b) omission: The incident can also be categorized as an omission. GlobalSign ceased issuing certificates and shut down its operations after the hack, indicating that the system omitted to perform its intended functions at that instance [11732].
(c) timing: There is no specific mention of the software failure incident being related to timing issues in the articles.
(d) value: The incident can be categorized as a value failure. GlobalSign's Web site certificate and some public-facing documents were compromised during the hack, leading to the system performing its intended functions incorrectly [11732].
(e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident can be described as a security breach due to the hack, which is not explicitly covered in the options provided. |