OpenSSL Revalidated Following Suspension

Posted by Zonk on Friday February 9, 2007 @04:25AM from the can't-keep-a-penguin-down dept.

lisah writes "Despite what looks like an organized effort to prevent it, OpenSSL has been revalidated by an independent testing agency for its ability to securely manage sensitive data and is ready for use by governmental agencies like the Department of Defense. According to the Open Source Software Institute, who has been overseeing the validation process for the last five years (something that typically only takes a few months), it seems that the idea of an open source SSL toolkit didn't sit right with proprietary vendors of similar products. A FUD campaign was launched against OpenSSL that resulted in a temporary suspension of its validation. Developers and volunteers refused to give up the ghost until the validation was reinstated, and Linux.com has the story of the project's long road to success." Linux.com and Slashdot are both owned by OSTG.

1 of 51 comments (clear)

Min score:

Reason:

Sort:

Then let me be the first to answer . . . by mmell · 2007-02-09 04:35 · Score: 5, Insightful

Non-validated tools are worthless. The likelihood of their being used as tools by any branch of the government (including the banks) is virtually nil today. D'you really think business will follow where the government/banking industry won't go, or end users (with no business or government end-points to connect to)?
And of course, any moron can "write an insecure application" using any tools. Writing a secure application, OTOH . . .