back to article OpenSSL downgrades horror bug after week of panic, hype

OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week.  After days of speculation, infosec professionals and armchair bug hunters received more of a trick than a treat on November 1: two CVE-tagged security issues, both rated "high" severity, to patch. One …

  1. Lee D

    With something like OpenSSL, I'd rather panic needlessly, than have someone handwringing over whether or not they should tell users to patch urgently if something COULD be reasonable exploited.

  2. Anonymous Coward
    Anonymous Coward

    Alternatives

    "Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it."

    Source: BoringSSL's own README.

  3. ChoHag Bronze badge

    Wolf! Wolf! WOLF!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like