The announcement has been noteworthy as this is only the second time OpenSSL has classified a flaw as “critical” since the Heartbleed bug in 2014. It has also been somewhat controversial among the security community, with some questioning whether the OpenSSL project's decision to go public about the vulnerability before the patch gives attackers more opportunities to exploit it.
[Source: www.scmagazine.com] [ Comments ] [See why this is trending]