Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty

SpacemanukBEJY.53u (3309653) writes "It took security researcher Willem Pinckaers all of 15 minutes to spot a flaw in code created by Akamai that the company thought shielded most of its users from one of the pernicious aspects of the Heartbleed flaw in OpenSSL. More than a decade ago, Akamai modified parts of OpenSSL it felt were weak related to key storage. Akamai CTO Andy Ellis wrote last week that the modification protected most customers from having their private SSL stolen despite the Heartbleed bug. But on Sunday Ellis wrote Akamai was wrong after Pinckaers found several flaws in the code. Akamai is now reissuing all SSL certificates and keys to its customers."

Re:They deserve congratulations ...

[rmdingler]

Yes. The corporate opposite of General Motors trying to explain to Congress the years-long lapse in reporting and repairing the ignition problems of millions of vehicles.

Here's to hoping they are rewarded for their prompt honesty, rather than persecuted, as we certainly need to set some positive precedents for this exact type of conduct.