madison
Home / News & Blogs

Study: Paucity of patches on OpenSSL

Robert Lemos | November 3, 2003 10:46 PM PST

Topics

Robert Lemos, Software
Only 3 percent of Web servers running the open-source version of a secure communications component, OpenSSL, may be using the latest, bug-free software, according to a recent survey by Internet watcher NetCraft. The OpenSSL secure sockets layer software allows servers to securely communicate with browsers across the Internet.

The survey found that nearly half of polled Web servers ran a version of OpenSSL that could be remotely exploited to bypass the server's security. (The 50,000 servers queried in the study were limited to those computers that returned a valid OpenSSL signature.) Other versions had lesser vulnerabilities. The survey did come with one major caveat: Many Linux distributions that include the software don't update the version numbers, making it falsely appear that the software is vulnerable.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity