Another concordtest post

20 Apr

Software is built in layers. First programmers get something simple working, test it, then build on top of it. More testing, then more building. Build, test, build, test, over and over. This process has been going on for a long time.

The “stack” that we use today was started in the late 1960s. We’re still running software, deep in the heart of the computers we use, that was written forty years ago.

The deeper in the stack you go, the more systems are affected, and the harder it is to fix any problems you come across.

OpenSSL is not the deepest technology we have, but it’s close. It’s built into a lot of things we use all the time. The most serious problems, the hardest ones to address, will be the places where it’s built-in where updates are either hard or impossible. But first we have to locate and patch all the easy places. That process began just yesterday, we hope! We don’t know much about what the companies that run our services are doing.

The worst case scenario, the one we all have to plan for, is that the management of affected companies aren’t responding to the problem. This will certainly happen in some cases. If it happens at a bank, the results could be very bad.

That’s why the best thing you can do is to let the companies know that a quick competent response is necessary. This is a time when we find out which vendors are prepared for the world we live in today, or whether they have to catch up, in real-time, while their systems are vulnerable.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: