OpenSSL Security: A Year in Review

The OpenSSL project looksat its security record for the last year. "The acceptabletimeline for disclosure is a hot topic in the community: we meet CERT's45-day disclosure deadline more often than not, and we've never blownProject Zero's 90-day baseline. Most importantly, we met the goal we setourselves and released fixes for all HIGH severity issues in well under amonth. We also landed mitigation for two high-profile protocol bugs, POODLEand Logjam. Those disclosure deadlines weren't under our control but ourresponse was prepared by the day the reports went public."