728x90
OpenSSL, in spite of its name, isn't really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase.
If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL diffs and code changes are coming in fast, and are often accompanied by cynical but instructive comments. As one poster put it, "I don't know if I should laugh or cry". The good news though definitely is that the OpenSSL code is being looked at, carefully and expertly, and everyone will be better off for it.
If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL diffs and code changes are coming in fast, and are often accompanied by cynical but instructive comments. As one poster put it, "I don't know if I should laugh or cry". The good news though definitely is that the OpenSSL code is being looked at, carefully and expertly, and everyone will be better off for it.
728x90
'Security_News > 해외보안소식' 카테고리의 다른 글
| 악성코드가 설치된 Android 스마트폰 대량 판매 (0) | 2014.04.22 |
|---|---|
| Finding the bleeders (0) | 2014.04.22 |
| 美증권거래위원회, 금융사 사이버보안 준비도 검사 (0) | 2014.04.20 |
| 英 성형 의료회사 환자정보 해킹 (0) | 2014.04.20 |
| 통신위성 터미널에 취약점 발견 (0) | 2014.04.20 |