[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

OpenSSL after Heartbleed

OpenSSL after Heartbleed

Posted Oct 6, 2016 22:31 UTC (Thu) by david.a.wheeler (subscriber, #72896)
Parent article: OpenSSL after Heartbleed

We can all learn from the OpenSSL project's experience. On a technical level, there many ways to prevent Heartbleed-like vulnerabilities; projects should consider using at least one of them.

As noted in the article, there are a lot of good practices that the OpenSSL project wasn't doing, and now is. You can see that by comparing the CII best practices badge for current OpenSSL, and compare that to the information on badge status of OpenSSL before Heartbleed. There are a lot of things you can do to help keep a project healthy. I'm glad to see that OpenSSL is in much better shape today.

Oh, and obligatory pitch: If you're involved in an open source software project, strive to get a CII best practices badge. It'll help your project make sure it's doing generally-accepted good practices, and help your potential users know that you're doing them.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds