by Dwayne Melancon - CTO at Tripwire - Thursday, 26 June 2014

 

The recent incidents with the Heartbleed OpenSSL vulnerability, along with the strange turn of events involving TrueCrypt shine a light on a big issue for security practitioners. Both of these situations rattled our confidence in specific technologies, but the implications are much broader.



In hindsight, a lot of the specifics for Heartbleed and TrueCrypt sound like risky behavior. Let’s take TrueCrypt for example - many organizations and individuals were relying on a product they weren’t paying for, had no SLA’s in place to maintain, had no vendor contract to fall back on, and which was developed by unknown, anonymous developers. That feels like risky or naïve behavior when you think about it, but it happens all the time.

 

Help Net Security/ full read here/ http://www.net-security.org/article.php?id=2059