|
|
|
|
|
|
by ryan_j_naughton
4447 days ago
|
|
|
I agree that they shouldn't publicize which specific other versions of openssl they use/used, but they should be much more forthcoming about what systems (and potentially keys) in their architecture were affected and what data such systems had. For instance, at my work, we very explicitly said that only two internal systems, our wiki and our issue tracking system, used that version of openssl. Those systems had no user data and had a different set of certs. It is essential to give details.
http://blog.taximagic.com/heartbleed/ |
|
|