Wednesday, April 09, 2014

Web Encryption Tool Is Flawed, Researchers Say - WSJ.com

A scary sign of the security times

"Writing encryption code is complex, so many website operators tap OpenSSL, which is free. It was created in the late 1990s by developers who wanted an easy-to-use encryption scheme for Internet traffic. Its website is bare bones, as are its finances.

Steve Marquess, president of the OpenSSL Software Foundation, a separate entity that solicits funding for the team that manages the code, said its 2013 budget was less than $1 million.

"There's no question more effectively applied manpower would be a good thing," said Mr. Marquess, 59 years old. "Formal code audits would be a good thing.""
Web Encryption Tool Is Flawed, Researchers Say - WSJ.com

No comments: