|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-04-30 17:56:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Wheeler: How to Prevent the next Heartbleed
David A. Wheeler has written a lengthy article
delving into why Heartbleed was not found sooner and how similar
vulnerabilities can be prevented in the future. "There are several approaches that could have found Heartbleed, and vulnerabilities like it, before the vulnerable software was released. This is not a ding on the OpenSSL developers; they appear to have worked hard to reduce the number of vulnerabilities, including multi-person review and the use of various tools. Instead, this is an effort to help identify what could be better, so that OpenSSL and other important projects can prevent future similar vulnerabilities."
David A. Wheeler has written a lengthy article
delving into why Heartbleed was not found sooner and how similar
vulnerabilities can be prevented in the future. "There are several approaches that could have found Heartbleed, and vulnerabilities like it, before the vulnerable software was released. This is not a ding on the OpenSSL developers; they appear to have worked hard to reduce the number of vulnerabilities, including multi-person review and the use of various tools. Instead, this is an effort to help identify what could be better, so that OpenSSL and other important projects can prevent future similar vulnerabilities."
