Episode 348

Episode 348 - OpenSSL is the new lead paint

Open Source Security · Open Source Security

November 7, 202233m 55s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about the recent OpenSSL nothingburger. OpenSSL got everyone whipped into a frenzy over a critical vulnerability, then changed the severity to high. The correct solution to this whole problem is to stop using a TLS library written in C, we need to be using memory safe languages. Don't migrate from OpenSSL 1 to 3, migrate from OpenSSL 1 to Rustls.

Show Notes

OpenSSL Blog Post
OpenSSL pre-announcement
Mark Cox Tweet 3.0 only affected
GossiTheDog NDA Tweet
Claims of a name and logo
Rustls

Image Credit

← All episodes of Open Source Security