[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

David Goodwin david at codepoets.co.uk
Wed Apr 9 11:36:58 UTC 2014

> > In an ideal world, open source code would get reviewed more and 
> become more secure.
> > However it becomes difficult and non-trivial to review a complex 
> component like OpenSSL.
> What is disapointing here is the bug was a typical C flaw, lack of 
> input validation and low level buffer management.  For a security 
> critical library I had expected better.
> Really safer buffer management needs to be introduced, sadly this 
> would be a massive change.
> It would also be good to have the concept of tainted data, where by 
> any external data must be explicitly be  validated before it can be used.
"OpenSSL is not developed by a responsible team."



More information about the Wolves mailing list