OpenSSL Patches for 'Boring' Certificate RiskJul 09, 2015, 10:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
The CVE-2015-1793 issue is not a zero-day flaw, though, and it already has a patch, thanks to Google's efforts. The OpenSSL project's advisory noted that the CVE-2015-1793 vulnerability was reported by Google security researchers Adam Langley and David Benjamin on June 24. Those two researchers are associated with Google's BoringSSL initiative, first announced in June 2014.
Google is no stranger to OpenSSL and, in fact, was one of the original groups that discovered the Heartbleed SSL flaw in 2014.
0 Talkback[s] (click to add your comment)