News OpenSSL hit by another major vulnerability

I personally find this to be a good thing but others may not agree. The more bugs like this that are found the better. It is unfortunate that it took such a major issue (Heartbleed) to draw attention to code corporations has been using for years without actually looking at how it works and if it is reasonably secure.

This whole debacle with OpenSSL had me wondering, why did so many large important sites/networks/corporations use something like this without inspecting the code for vulnerabilities? Did everybody just jump on the bandwagon with the assumption "Company X uses it, so it is safe"? Or are code security and encryption experts like Masashi Kikuchi so few and far between that the likelihood of one of them laying their eyes on the code is almost nill?

I can see nothing but good coming from this. Sure some people might lose faith in OpenSSL (or open source as a whole) but it will be stronger as a result.

 

The important thing to realise is that these issues are not easily spotted. They are not caused by a lazy this'll-do attitude. The openSSL project gets contributions from some really clever people, but one of the quirks of programming is that you sometimes can't predict exactly how code will work.
Big companies won't inspect the code because it is code that is already tested to be secure, and on such a large scale that spotting a new vulnerability is a very low chance, compared to the cost of testing. Some people do put money into this however, and some companies live solely to test security code!

 

Things like this make me glad I'm usually skint - there's nothing for anyone to abuse/steal

 

We need secure protection. It is too easy for me (and the world) to download Kali Linux and use the network tools to watch my neighbours' browsing habits.