Sign up to receive 5 free days of our daily summary for tech news.

Google Facebook Media/Telecom

Bug Shows Deep Problems in Industry Approach on Security

A single programmer, supported by a few part-time volunteers, is responsible for managing the widely used OpenSSL encryption technology that was recently found to have a major security hole in it—a shocking illustration of the Internet industry’s heavy reliance on poorly funded, open-source Web technology.

The discovery of the so-called Heartbleed security flaw also revived long-standing concerns that the Internet has become an unhealthy “monoculture” where the use of the same set of technologies by almost all companies allows a single security problem to quickly compromise hundreds of thousands of websites.

Industry executives were stunned that a vulnerability in something as pervasive and critical as OpenSSL could have gone undetected for two years or more. But even as Web companies around the globe scrambled to patch their systems and mulled whether to ask hundreds of millions of people to reset their passwords, many were questioning the industry’s basic approach to security issues.

What Is The Information?

Notes bb3aa5069205d702dda37fc71dc6f1c59df2310c4379304e9f1199f052af4884

Exclusive Articles

We broke it first. Receive original reporting you won't read anywhere else from the largest newsroom in tech.

Notebook b5103017ee163370a1667c9ce59ab0ef023875a17888105d26c185cadf31bb69

Daily news analysis

Every weeknight, we'll send you our reporters’ views on the day’s top tech news—distilled into one email.

Conference calls c9e664e8b96ee347d3e92b8309938f268422b9db98cfabca5c826fbb75054b23

Conference calls

Get access to our reporters and other top executives with monthly deep-dive calls into topics like startups and autonomous vehicles.

Events 499acedd16cffc41445edd76bfd302b2836c2a27419890f17130a6b10e2aa3df

Special Events

For no extra fee, get access to more than a dozen events yearly, from intimate dinners to larger gatherings with marquee speakers.

What else is included in my subscription?

Become a contributor

Share your views and find other subscribers by completing your profile. You’ll be listed in our contributor directory.

Slack community

Discuss topics and current events with our subscriber-only Slack group and share news about your company with other subscribers.

Annual Subscriber only benefits:

Org Charts

Access the only collection of tech company org charts. Our expanding database includes companies like Amazon, Snap, and Uber.

Crypto Newsletter

Our experts investigate the latest in the crypto world to keep you in-the-know about the movements of digital currencies.

Stay up to date on Silicon Valley

Sign up for Jessica Lessin’s (The Information’s CEO & Founder) free Saturday newsletter and also receive a complimentary week of our daily afternoon tech commentary email.

Already a subscriber? Log in here

Recent Articles

Crypto Facebook

The People With Power at Facebook’s Calibra

By Alex Heath

Asia Apple

Inside Apple Factory Thefts: Secret Tunnels, Hidden Crawl Spaces

By Wayne Ma

Google Policy

In Google Fight, Yelp’s Antitrust Crusader Now Has Company

By Ashley Gold

Crypto Facebook Policy

Lawmakers Grapple With How to Rein In Libra

By Jon Victor

OpenSSL is “total spaghetti code,” according to a security official at one Web company. It’s maintained by just one person full time with several Google employees and others helping on a part-time basis.