After plenty of high-profile vulnerabilities, the team behind OpenSSL published a roadmap to win back the trust of its users. OpenSSL developers say they are evaluating new security features, but critics are wary and think this step might be too little too late.
What else can OpenSSL do to address criticisms?
Listen to episode 162 of our security slice podcast and hear Tim Erlin, Ken Westin and Craig Young discuss the varying impact of market competition on open source and commercial software, the lessons other open source projects can learn from OpenSSL missteps and the major risks OpenSSL faces as they try to clean up their code.
CLICK HERE TO LISTEN TO THE PODCAST
- Security Slice: Beware of Energetic Bear
- Security Slice: Your Hackable Home
- Security Slice: World Cup Security Fail
- Security Slice: Credit Cards on Safari
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock