OpenSSL is an open source implementation of the SSL protocol. OpenSSL is exposed to a denial of service issue because of an incorrect fix for CVE-2011-4108. OpenSSL versions 1.0.0f and 0.9.8s are affected.
IT security tops the list of skills that teams need most, and one out of five reported having difficulty finding skilled talent for cloud initiatives. Companies are also looking for pros who have skills in network engineering, systems engineering, IT architecture and network operations.
The PCI Security Standards Council published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision includes minor updates and clarifications, and addresses vulnerabilities within the SSL encryption protocol that can put payment data at risk.
According to MIT, Harvard, and HackerOne researchers, the answer is not throwing more money at bug hunters, but incentivize them to find the the same vulnerabilities that the offense researchers have found.