Hacker News new | ask | show | jobs
by ori_b 3620 days ago
After the string of vulnerabilities, I know that OpenSSL got a wave of investment.

I'm curious how much of this still stands today.
2 comments
ctz 3620 days ago
I got a few thousand dollars of that money as a security bug bounty.

OpenSSL fixed the problem quickly, but one year on still haven't accepted the regression test for the issue. It would be amusing if it wasn't so horrifying.

link
anonbanker 3620 days ago
look at the list of CVE's since[0], as well as tedunangst's commentary on his blog[1]. they pair up nicely.

0. http://www.cvedetails.com/product/383/Openssl-Openssl.html?v...

1. http://www.tedunangst.com/flak/post/analysis-of-openssl-free...

link
ktRolster 3620 days ago
20 vulnerabilities found so far in 2016 in openSSL, that's basically saying that the codebase is still not secure.
link