SANS Top 25 Epic Fail: CWE-319

If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly, and should be easily pic...
Published Jan 19, 2009
Version 1.0
architecture
availability
certificates
design
encryption
firewall
internet
management
sans
security
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Jan 19, 2009
@Izzy,

 

 

Termination or not, they're still going to have to decrypt to examine, which means they need access to the keys/certificates, which may mean (depending on the model of the solution) storing those keys/certs on a potentially insecure system.

 

 

I do agree that not needing to terminate is certainly a boon - there's less increase in latency when you aren't terminating.