Re: [SystemSafety] OpenSSL Bug

From: Jan Sanders < >
Date: Fri, 11 Apr 2014 17:10:45 +0200


Am Freitag, 11. April 2014 16:38 CEST, Mike Rothon <mike.rothon_at_xxxxxx  

> Since news of heartbleed came to light a couple of questions have been
> going through my mind:
> 1) How did we arrive at a situation where a large proportion of
> seemingly mission / financially critical infrastructure relies on
> software whose licence clearly states " This software is provided by the
> openSSL project ``as is`` and any expressed or implied warranties,
> including, but not limited to, the implied warranties of merchantability
> and fitness for a particular purpose are disclaimed."?
I am not aware of licence agreements which do not contain this or similar disclaimers. I am grateful for pointers to TLS implementations which come without a warranty disclaimers.

Jan Sanders

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Apr 11 2014 - 17:10:54 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST