UK sec guru plays down hype over new OpenSSL vulnerability
British security researcher Kevin Beaumont has played down the hype over a recent announcement about a critical flaw in the open-source cryptographic library OpenSSL from Red Hat Linux. The advisory is due on 1 November.
Mark Cox, vice-president of security at the Apache Software Foundation, tweeted on 26 October that an OpenSSL 3.0.7 update would fix a critical CVE due to be announced on 1 November, adding that it did not affect versions before 3.0.
This led to American tech site ZDNet putting the hype machine in overdrive, with Steven Vaughan-Nicholls penning an article where the standfirst read: "We don't have the details yet, but we can safely say that come Nov. 1, everyone - and I mean everyone – will need to patch OpenSSL 3.x."