OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?


- Only 25% of devices run on a supported OpenSSL branch (1.1.1 or 3.0) – assuming that 38% of devices running OpenSSL 1.0.2 are not covered by extended LTS.
- The oldest OpenSSL version we observed was 0.9.2, which was released in 1999
- Less than 5% of devices use an OpenSSL version newer than one year (not considering backported patches)
- OpenWRT switched to OpenSSL 1.1.1q in its 22.03.0-rc6 release, which was published on August 2nd, 2022.
- Yocto recently switched from OpenSSL 1.1.1l to OpenSSL 3.0.2 in their 4.0 (kirkstone) release, which was published in April 2022.
- Android only includes OpenSSL bindings for Rust
Über Onekey
ONEKEY ist der führende europäische Spezialist für Product Cybersecurity & Compliance Management und Teil des Anlageportfolios von PricewaterhouseCoopers Deutschland (PwC). Die einzigartige Kombination der automatisierten ONEKEY Product Cybersecurity & Compliance Platform (OCP) mit Expertenwissen und Beratungsdiensten bietet schnelle und umfassende Analyse-, Support- und Verwaltungsfunktionen zur Verbesserung der Produktsicherheit und -konformität — vom Kauf über das Design, die Entwicklung, die Produktion bis hin zum Ende des Produktlebenszyklus.

KONTAKT:
Sara Fortmann
Senior Marketing Manager
sara.fortmann@onekey.com
euromarcom public relations GmbH
team@euromarcom.de
VERWANDTE FORSCHUNGSARTIKEL

Shell CGI Static Code Analysis - Automatic Discovery of RCEs
Uncover ONEKEY's new shell CGI Static Code Analysis feature, designed to identify critical Remote Code Execution vulnerabilities. Click now to find out more.
Bereit zur automatisierung ihrer Cybersicherheit & Compliance?
Machen Sie Cybersicherheit und Compliance mit ONEKEY effizient und effektiv.