If you have ever used OpenSSL, please donate money to this worthy cause. Your donation will go towards security and cryptographic researchers who are financially (or egotistically) motivated to discover security-related defects in OpenSSL’s intellectual property. Trust me, OpenSSL needs it!!!!!!!! See the below picture for a simple, secure code review on OpenSSL’s latest release, 1.0.1g.

What we see is typical of an older, open source C / C++ based application. Overall, there are code quality issues in addition to common C / C++ software security defects. Fortunately, some of the bugs require unique situations to exist. Unfortunately, as we saw in HeartBleed, other defects are straight forward and easily exploitable.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Apr 11 Please donate to a worthy crypto security cause

Apr 15 FIPs & OpenSSL: what will the security checkbox vendors do?

Apr 7 OpenSSL April Fools?

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.