CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Security

Study: Paucity of patches on OpenSSL

Only 3 percent of Web servers running the open-source version of a secure communications component, OpenSSL, may be using the latest, bug-free software, according to a recent survey by Internet watcher NetCraft. The OpenSSL secure sockets layer software allows servers to securely communicate with browsers across the Internet.

The survey found that nearly half of polled Web servers ran a version of OpenSSL that could be remotely exploited to bypass the server's security. (The 50,000 servers queried in the study were limited to those computers that returned a valid OpenSSL signature.) Other versions had lesser vulnerabilities. The survey did come with one major caveat: Many Linux distributions that include the software don't update the version numbers, making it falsely appear that the software is vulnerable.