Sunday, April 13, 2014

Heartbleed: Why your replacement SSL certificate should be free

We've all heard of Heartbleed, the devastating encryption vulnerability in the OpenSSL implementation of SSL/TLS used by an estimated 2/3 of internet websites.

Heartbleed was a simple programming mistake not caught by the small team of developers who manage OpenSSL and contribute to and manage the software.

As a result of the vulnerability, which has existed for 2 years, all websites using OpenSSL need to have users change their passwords and they also must order replacement SSL certificates from a Certificate Authority.

Read more on how SSL works and what a root CA is...

Unfortunately, SSL certificates cost money. They are usually in the $10-$150 range.

Considering that there are only 3 developers working on OpenSSL, and yet, most of the CA's customers will be using OpenSSL, in my mind, says that they should have developers contributing to, and auditing that codebase.

Their entire business relies on this chain of trust, so they should be auditing it. It's their job.

That's why a re-issue due to Heartbleed should be free of charge.

1 comment:

  1. Calling a CNC system a “computer” isn’t completely correct, because it makes use of a different code; nonetheless, the analogy works properly sufficient to see the benefits. An operator for a CNC machine becomes a programmer and troubleshooter quite than someone who must direct each movement of the tool. CNC programs could be saved and repeated; if particular elements are being made, the operator solely must design a program once as}, and then make changes as needed. Thus, the efficiency of a small store or machine floor could be greatly increased, since a single operator could be working several of} machines concurrently. In order reduce back} price of|the price of} the product, particular attention should be paid to the selection of White Stockings supplies. Materials with good mechanical properties may have lower processing prices.