Tag Archive for security

Technical Debt and Security: time to move on from OpenSSL?

I am about to give up on OpenSSL and start supporting LibreSSL instead. OpenSSL is sinking, and folks behind LibreSSL understand that good security starts with good engineering principles. Here is a glimpse into the heart and soul of the argument, courtesy of OpenSSLRampage.org. One day, OpenSSL folks decided to avoid their own API. To quote  LibreSSL developers: “Someone (TM) thought it was smart…

Digital Privacy Tools

Let’s face it – a lot of us are waking up to the fact that we are living in a digital equivalent of a glass house. The reasons are many – from the rampant disregard to our privacy from governments world wide, to the technical debt that still plagues the fundamental Internet architecture, to our complacency and desire for convenience above all, it’s all there. However, it’s not…

Reclaiming OpenSSL – It Starts with Us

OpenSSL is in big trouble. Heartbleed got a lot of people talking, and some are taking action. The latest security advisories from OpenSSL may not look as bad, but are still sobering  nevertheless. We, the professionals in the field of software technology, need to rethink our stance here. Most of us chose indifference, and we allowed ourselves to get caught. Shame on us. We had a…