[Freeswitch-dev] VoIP Security

R P Herrold herrold at owlriver.com
Fri Apr 4 19:30:00 MSD 2014

On Fri, 4 Apr 2014, R P Herrold wrote:

Following on myself, this paper [1] touches on similar issues 
which are uncovered in current Open Source crypto libraries 
and tools

I know there was a comment in the JIRA [2] distrusting whether 
enerprise vendors backport security fixes.  I strongly 
disagree with that view.  Certainly the upstream of CentOS is 
quite good about issuing prompt fixes which backport into a 
stable API, and moving away from locally carried libraries is 
a good way to get securitry updates, 'for free' into 
FreeSwitch, compared to using old 'carried around' tarballs of 
indeterminate security

-- Russ herrold

[1] https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
[2] https://jira.freeswitch.org/browse/FS-353

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-dev mailing list