Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Mon, 14 Apr 2014 13:00:10 -0700 

On Apr 14, 2014, at 15:47 , Scott Howard <sc...@doc.net.au> wrote:
> On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker <niels=na...@bakker.net>wrote:

>> At least one vendor, Akamai is helping out now:
>> http://marc.info/?l=openssl-users&m=139723710923076&w=2
>> I hope other vendors will follow suit.
> 
> 
> Although it appears they may now be regretting doing so...
> 
> http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_patch_faulty_reissues_keys/
> 
> (Of course, the end result is positive, but...)

[NOTE: I'll just remind everyone up front that I worked at Akamai for a very 
long time, so take my comments with however many grains of salt you feel 
appropriate.]

If the only thing that happens when a large company steps up to help the open 
source community is ridicule and/or derision, one should probably not in the 
same breath ask why no companies are publishing any code.

I applaud Akamai for trying, for being courageous enough to post code, and for 
bucking the trend so many other companies are following by being more secretive 
every year.

Or we can flame anyone who tries, then wonder why no one is trying.

-- 
TTFN,
patrick

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to