Sure, so long as the bug is a genuine bug and not a misunderstanding. Debian's o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		amboar on April 9, 2014 \| parent \| context \| favorite \| on: "OpenSSL has exploit mitigation countermeasures to... Sure, so long as the bug is a genuine bug and not a misunderstanding. Debian's openssh valgrind warning springs to mind. Crypto implementations can be subtle and non obvious. Maybe it's crap design for that reason, but it seems like it's what we've got to work with currently.

sexmonad on April 9, 2014 [–]

That bug affected OpenSSL as well. Admittedly, it was caused by the Debian maintainer, but still, OpenSSL's poor design is partially to blame.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact