Security is hard

Created 15th May, 2008 17:19 (UTC), last edited 15th May, 2008 17:20 (UTC)

Also: just so you're aware. There are no points awarded in security for good intentions. You either get it right, or you go home. This person had no business editing OpenSSL.

Thomas Ptacek on reddit.

We've been using OpenSSL in various versions of FOST for ten years now. Personally I'm concerned about doing something stupid just compiling it for distribution, never mind the worry about (mis)using it. The thought of altering any of it… No way!