Despite OpenSSL security issues, industry needs open source SSLDate: Jul 31, 2014
As widespread as the recent Heartbleed OpenSSL security flaw proved to be, one security expert says open source SSL technology has become so important to the security of the Internet that the technology isn't going anywhere.
"We're not going to go back to commercially licensed stacks for all of our SSL," said Andrew Jaquith, senior vice president and CTO with Milford, Connecticut-based cloud security provider SilverSky. "There's always going to be a need for something that's a little more open and a little more free."
In this interview, conducted at the 2014 Gartner Security & Risk Management Summit, Jaquith discussed OpenSSL's future and whether upstarts like LibreSSL and BoringSSL will be received as welcome alternatives.
Jaquith also discussed the fallout from the 2013 Target breach and why his recent conversations with SilverSky customers suggest the incident has become a tipping point for the information security industry.
Then he discussed the recent cloud provider security incidents at CodeSpaces and One More Cloud. He explained why they may be an indicator that the focus of attackers is shifting, and that some cloud computing providers' security capabilities are more vetted than others.
Finally, Jaquith touched on perhaps his favorite information security theme, security metrics, and explained why over the course of just a few years it has become much easier for any organization to quickly adopt data-driven security principles and quickly realize the benefits.