Tuesday, April 29, 2014

For a future without Heartbleed - OpenSSL still vulnerable

Far from ending with the upgrade versions of OpenSSL still vulnerable, the debate on the bug known as Heartbleed continues to churn out new topics of discussion and controversy. Once again, everyone involved, from large corporations - are guilty of not having enough supported the project - to hackers on the hunt for new bugs "apocalyptic" style Heartbleed.  

A background that is surely destined to leave their mark is on efforts in the management and care of OpenSSL, an essential security component for the busiest part of the Internet by users but which has so far been taken care of by just two developers - only one of which involved full-time - and donations of just $ 2,000 s 'year.  

Heartbleed Fortunately, the case seems to have learned something from the big companies, and now with Steve Marquess and Stephen Henson (developers of the two mentioned above) should get a nice little 'fresh troops and OpenSSL should benefit from funding "multi- millionaires "managed by the Linux Foundation with contributions from giants such as Microsoft, Intel, Google, Facebook and Qualcomm. Mozilla, in his small, offers a reasonable monetary compensation ($ 10,000) for those who will be able to strengthen the code Firefox bug against potentially similar to Heartbleed in time for the release of 31 open-source browser. 

In the underground electronic discusses finally a new, allegedly identified vulnerability in OpenSSL as dangerous as the aforementioned Heartbleed. It is probably a scam, at least in this case.

No comments:

Post a Comment