Last week we learned that not only did Symantec mess up managing their root SSL certificates, but they also botched their audit so bad Google may remove them from Chrome and other products. This is just one example in a long history of security companies failing to practice what they preach. From poor code development practices to weak internal controls, the only new thing in this instance is the combination of getting caught, potential consequences, and a lack of wiggle room.
Watch or listen:
Reader interactions
One Reply to “Get Your Marshmallows”
The free encryption infrastructure that you referred to is “Let’s Encrypt” from the EFF.
https://letsencrypt.org/