Tag Archive for technical debt

Technical Debt and Security: time to move on from OpenSSL?

I am about to give up on OpenSSL and start supporting LibreSSL instead. OpenSSL is sinking, and folks behind LibreSSL understand that good security starts with good engineering principles. Here is a glimpse into the heart and soul of the argument, courtesy of OpenSSLRampage.org. One day, OpenSSL folks decided to avoid their own API. To quote  LibreSSL developers: “Someone (TM) thought it was smart…