Yes, Another Massive Vulnerability Was Found In OpenSSL, But This Is Actually A Good Sign
from the five-eyes... dept
While some will react to this with (perhaps reasonable) horror, it's worth remembering that, despite being such an integral piece of internet security infrastructure, OpenSSL has mostly been a part time project for those involved, and only recently (after Heartbleed) have efforts really been made to bump up the resources behind it and the careful security analysis of OpenSSL for vulnerabilities. As security expert Matthew Green points out, "the sudden proliferation of OpenSSL bugs is to be expected and a good thing. Like finding dirty socks during spring cleaning." In other words, there's a lot more attention being paid to OpenSSL and its security these days, and it's inevitable that vulnerabilities are going to be found. Expect more. But, in the long run, that's a good thing. The more attention there is to cleaning up such software, the better.