DonJ ha scritto:Oggi non è la giornata giusta per fidarsi del simbolino del lucchetto e del https://
ma.....hanno rattoppato?
Se non hanno messo la pezza quando rattoppano?
Moderatori:
Paolino,
fairyvilje
DonJ ha scritto:Oggi non è la giornata giusta per fidarsi del simbolino del lucchetto e del https://
Shika93 ha scritto:Per lo meno sono pochi i siti italiani vulnerabili (che abbiano il protocollo SSL)...
...A parte poste italiane tanto per cambiare...
Felten_Kroll ha scritto:Open-source software like OpenSSL is supposed to be good for security because everyone is free to read and analyze the code. Open code maximizes the odds that somebody, somewhere will find a bug before it burns end users. Open-source advocate Eric S. Raymond famously called this Linus’s Law: “Given enough eyeballs, all bugs are shallow.” That’s good news, if you have enough eyeballs.
But OpenSSL suffers from a major eyeball shortage. The project is maintained by four people, with a budget of less than $1 million per year. Another million or two spent on a security audit might well have prevented Heartbleed. OpenSSL security, however, is a public good with the attendant funding problems: Once it exists, no one can be prevented from benefiting from it, so many hope to free ride after someone else foots the bill.


Visitano il forum: Nessuno e 80 ospiti