top | item 7558372

(no title)

If there are so many problems with OpenSSL, why are there no alternatives that are readily available and anywhere near as functional?

The whole internet runs OpenSSL, but why hasn't anyone tried to do something different? I know it's complicated, but if a few big companies really chose to put some muscle behind it, it could happen, right?

discuss

davidw|12 years ago

This sums up some of the difficulties with the production of open source software:

https://en.wikipedia.org/wiki/Public_good

ef4|12 years ago

That really doesn't illuminate anything, because you'd also need to explain why open source has been spectacularly successful generating other public goods (linux and others).

The economics of open source are pretty clear at this point. The software industry spends a lot of money supporting open source, because it's in their own interest to do so -- it's cheaper to share the costs than to build your own infrastructure from scratch every time, when the infrastructure is not part of your competitive advantage.

This particular bug was found by people that Google pays to audit open source code all day, in an effort to improve said code.

icebraining|12 years ago

If this is a consequence of the difficulties with the production of open source software, does that mean there are much more secure proprietary implementations of SSL/TLS? Which ones?