[SystemSafety] OpenSSL Bug
Jan Sanders
jsanders at techfak.uni-bielefeld.de
Fri Apr 11 17:10:45 CEST 2014
Am Freitag, 11. April 2014 16:38 CEST, Mike Rothon <mike.rothon at certisa.com> schrieb:
> Since news of heartbleed came to light a couple of questions have been
> going through my mind:
>
> 1) How did we arrive at a situation where a large proportion of
> seemingly mission / financially critical infrastructure relies on
> software whose licence clearly states " This software is provided by the
> openSSL project ``as is`` and any expressed or implied warranties,
> including, but not limited to, the implied warranties of merchantability
> and fitness for a particular purpose are disclaimed."?
I am not aware of licence agreements which do not contain this or similar disclaimers. I am grateful for pointers to TLS implementations which come without a warranty disclaimers.
Jan Sanders
More information about the systemsafety
mailing list