OpenSSL Patches for ‘Boring’ Certificate Risk

The CVE-2015-1793 issue is not a zero-day flaw, though, and it already has a patch, thanks to Google’s efforts. The OpenSSL project’s advisory noted that the CVE-2015-1793 vulnerability was reported by Google security researchers Adam Langley and David Benjamin on June 24. Those two researchers are associated with Google’s BoringSSL initiative, first announced in June 2014.

Google is no stranger to OpenSSL and, in fact, was one of the original groups that discovered the Heartbleed SSL flaw in 2014.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis