[talk] ssh.com blog post
Pete Wright
pete at nomadlogic.org
Wed May 7 13:15:47 EDT 2014
On Tue, May 06, 2014 at 08:45:07PM -0500, Andy Kosela wrote:
> On Tue, May 6, 2014 at 7:13 PM, George Rosamond
> <george at ceetonetechnology.com> wrote:
> > If you haven't seen this yet... being discussed on IRC #nycbug:
> >
> > ssh.com/blog/makesyoubleed
> >
> > There's some laughable FUD in the article. I also wonder the
> > proportions of OpenSSH to closed SSH users and servers. If software
> > isn't used, it's not a target, and for something like OpenSSH, I'd
> > imagine it's a widely attacked application yet has had minimal issues
> > for so many years.
> >
> > I'm sure I can hear a stampede of organizations dropping OpenSSH and
> > migrating to corporate closed SSH.
>
> "John Walsh is a Software Engineer and a member of R&D at SSH
> Communications Security". No more to say.
>
> Of course they want to sell their proprietary SSH products and they
> will spread anything to undermine the strength of OpenSSH. This
> "beef" is quite old, starting with the fork of OSSH, which itself was
> a fork of Tatu Ylonen's SSH. The reality though is that OpenSSH is de
> facto standard today, while Tatu's SSH is becoming irrelevant
> globally. Tatu is still regretting open-sourcing SSH 1.2.x.
>
Tatu Ylonen is still on the board of ssh.com - so glad to see the feud
is still alive :)
my take on the blog post is that by creating FUD around openssh vis a
vis the heartbleed hoopla hopefully more people will ping them about
their compliance services. it looks like that is their main gravey
train at this point - bleeding "security" budget to tick off checkboxes
that the compliance people have.
-p
--
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA
More information about the talk
mailing list