openssl
Safeguard articles tagged "openssl" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Notable CVEs of 2023: A Practitioner's Roundup
From an OpenSSL IV-truncation flaw to a critical Babel code-execution bug, 2023's CVE crop is a good reminder that severity and blast radius don't always line up.
TLS Library Comparison: OpenSSL vs BoringSSL vs LibreSSL vs rustls
Your TLS library choice has massive security implications. Here is an honest comparison of the major options and what each trade-off means.
OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.
OpenSSL CVE-2022-3602: The Critical That Wasn't (But Still Matters)
OpenSSL pre-announced a critical vulnerability that was later downgraded to high severity. The incident revealed as much about our processes as the bug itself.
Heartbleed at Five Years: A Practitioner Retrospective
Five years after CVE-2014-0160, Heartbleed still shapes how we think about shared cryptographic libraries, disclosure ethics, and open-source funding.