What IBM's response to the POODLE SSL v3 attack feels like to its Domino customers:
Craig Wiseman October 20th, 2014 02:24:50 PM
** That quote is glaringly sexist now, isn't it? **
Let's take that as "top people", shall we?
"Top.... PEOPLE".
To be fair, Dave Kern is a "top man" in cryptography. But I get the joke :)
Thanks for that... I have no real context for who Mr. Kern is, so that's actually very heplpful!
Nathan, agreed that Dave K. is great but IBM has known that this change has needed to be dealt with for years. I can't think of another major vendor's platform that doesn't support SHA2 and TLS. I have to imagine that anyone that cares about security at IBM, and there are lots of them, have to be sick about this. It can only be attributed to the people that prioritize development efforts in management being negligent in taking care of Domino.
Rob, I'm not defending IBM's actions here. In fact I wrote about it myself a couple of days ago. { Link }
The lack of any significant communication from IBM over months in addition to the obvious lack of attention for Domino's security stack is pretty sad.
That said, this is a welcome message:
{ Link }
Discussion for this entry is now closed.