[sp332]

Being widely used is a problem. Monoculture leads to exactly this kind of mass vulnerability.

[JetSpiegel]

"But crypto is hard! Don't roll your own", say everyone, ever.

[jussij]

By coincidence, I remembered someone pointing this out to the Go developers no too long ago, after he found out they did in fact roll their own:

https://groups.google.com/forum/#!searchin/golang-nuts/opens...

In light of the current issue I looks like the D guys did the right thing.

[bbwharris]

Standards are important. For all practical purposes OpenSSL has become a standard.

TCP can be exploited, it doesn't mean we ditch TCP for another differently exploitable solution.

I see your point but I don't think of OpenSSL as monoculture the same way that Windows or OSX are.

[sp332]

OpenSSL isn't a standard any more than winsock. And fortunately, OpenSSL isn't the only library that implements SSL.