[cryptography] Just how bad is OpenSSL ?

John Case case at SDF.ORG
Fri Oct 26 14:29:47 EDT 2012

I was recently reading "the most dangerous code in the world" article at 


and found the hackernews discussion:


(interesting discussion and argument about curl library and how often it 
is badly deployed)

And the hackernews discussion led me to "OpenSSL is written by monkeys":


So, given what is in the stanford report and then reading this rant about 
openssl, I am wondering just how bad openssl is ?  I've never had to 
implement it or code with it, so I really have no idea.

How long has it been "understood" that it's a mess (if it is indeed a 
mess) ?  How dangerous is it ?

It looks like the rant was published in 2009 ....

More information about the cryptography mailing list