[talk] ssh.com blog post

Pete Wright pete at nomadlogic.org
Wed May 7 13:15:47 EDT 2014

On Tue, May 06, 2014 at 08:45:07PM -0500, Andy Kosela wrote:
> On Tue, May 6, 2014 at 7:13 PM, George Rosamond
> <george at ceetonetechnology.com> wrote:
> > If you haven't seen this yet... being discussed on IRC #nycbug:
> >
> > ssh.com/blog/makesyoubleed
> >
> > There's some laughable FUD in the article.  I also wonder the
> > proportions of OpenSSH to closed SSH users and servers.  If software
> > isn't used, it's not a target, and for something like OpenSSH, I'd
> > imagine it's a widely attacked application yet has had minimal issues
> > for so many years.
> >
> > I'm sure I can hear a stampede of organizations dropping OpenSSH and
> > migrating to corporate closed SSH.
> "John Walsh is a Software Engineer and a member of R&D at SSH
> Communications Security".  No more to say.
> Of course they want to sell their proprietary SSH products and they
> will spread anything to undermine the strength of OpenSSH.  This
> "beef" is quite old, starting with the fork of OSSH, which itself was
> a fork of Tatu Ylonen's SSH.  The reality though is that OpenSSH is de
> facto standard today, while Tatu's SSH is becoming irrelevant
> globally.  Tatu is still regretting open-sourcing SSH 1.2.x.

Tatu Ylonen is still on the board of ssh.com - so glad to see the feud
is still alive :)

my take on the blog post is that by creating FUD around openssh vis a
vis the heartbleed hoopla hopefully more people will ping them about
their compliance services.  it looks like that is their main gravey
train at this point - bleeding "security" budget to tick off checkboxes
that the compliance people have.


Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA

More information about the talk mailing list