By Jeremy Kirk, IDG News Service Posted on 9/9/2014
Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.
The warning comes from the OpenSSL Project, which has published for the first time guidelines for how it internally handles security problems, part of an ongoing effort to strengthen the project following the Heartbleed security scare in April.
High severity issues such as remote code execution vulnerabilities will be kept private within OpenSSL's development team, ideally for no longer than a month until a new release is ready.
ComputerWorld/ full article here/ http://www.computerworld.com/article/2604622/openssl-warns-vendors-against-using-vulnerability-info-for-marketing.html
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.