Study: Paucity of patches on OpenSSL

By Robert Lemos
Staff Writer, CNET News.com Published: November 3, 2003 2:46 PM PST
Tools
Talkback
Print
Only 3 percent of Web servers running the open-source version of a secure communications component, OpenSSL, may be using the latest, bug-free software, according to a recent survey by Internet watcher NetCraft. The OpenSSL secure sockets layer software allows servers to securely communicate with browsers across the Internet.

The survey found that nearly half of polled Web servers ran a version of OpenSSL that could be remotely exploited to bypass the server's security. (The 50,000 servers queried in the study were limited to those computers that returned a valid OpenSSL signature.) Other versions had lesser vulnerabilities. The survey did come with one major caveat: Many Linux distributions that include the software don't update the version numbers, making it falsely appear that the software is vulnerable.

More from News.com on this story's topics

Security

 Create an email alert | RSS feed

Open source

 Create an email alert | RSS feed

See more CNET content tagged:
OpenSSL, survey, Web server, patch management, server

Powered by Jive Software
advertisement
RSS Feeds
Add headlines from CNET News.com to your homepage or feedreader.
Google
Yahoo
MSN
More feeds available in our RSS feed index.

Latest tech news headlines

Most Popular Stories
Google's search secret: It gets rid of you
Developer creates copy-paste tech for iPhone
Palm Treo Pro: Not digging it
Intel says it has 'first silicon' for next mobile chip
American Airlines launches in-flight Wi-Fi
Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (0.11%) 12.78 11,430.21
S&P 500 (0.25%) 3.18 1,277.72
NASDAQ (0.00%) 0.00 1,816.15
CNET TECH (-0.11%) -1.72 1,629.08
  Symbol Lookup
advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On CBS.com: A bride is murdered at her wedding
Advanced
search
Advanced
search
Visit other CBS Interactive sites