Skip to main content

OpenSSL warns vendors against using vulnerability info for marketing

posted onSeptember 9, 2014
by l33tdawg

Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.

The warning comes from the OpenSSL Project, which has published for the first time guidelines for how it internally handles security problems, part of an ongoing effort to strengthen the project following the Heartbleed security scare in April.

High severity issues such as remote code execution vulnerabilities will be kept private within OpenSSL’s development team, ideally for no longer than a month until a new release is ready. If an update is planned, a notification will be released on the openssl-announce email list, but “no further information about the issues will be given,” it said.

Source

Tags

SSL Security Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th