Probably a *lot* more than that. These are only bugs having been caught thus far.

OpenSSL is currently offering and maintaining four separate release trains for download from the bleeding edge to ancient versions lacking TLS 1.1/1.2 support.

Hard to get excited about DOS/crash shit limited to a new immature branch only a dufus would select for production use... or in other words ...OMFG the sky is falling..

If lock escalation is your problem then lock escalation isn't the problem.

This is exactly why we recommend Microsoft SQL Server to customers. Barely trained monkeys is more realistic than expecting a trained DBA on staff.

So what is the relevance some dozen years later? By all measures SQL Server has had a good security record compared with competing products. Check public CVE data for each product and make an informed decision.

Left a test Oracle server running overnight accidentally a number of years ago it had been owned by time I got in the next day...cherry picking is worthless... everyone can find an example supporting their presuppositions.

5 of them at least a result of forking before relevant code/feature existed.

CVE-2015-0208, CVE-2015-0207, CVE-2015-0290, CVE-2015-0285 and CVE-2015-0291

I think having other forks and more people working a project is ultimately great for everyone. The tit-for-tat elitism and misleading hyperbole is not productive.

Assuming turbo-boost is inoperable there are only so many things we can do. Go faster, slower or same while going straight, left or right.

For a computer doing some vector arithmetic brute force style across all possible reactions seems on its face to be quite trivial next to challenge of developing a valid model of the system/environment in the first place.

It is clearly intentionally deceptive. There is no excuse for this behavior from a corporation who expects people to trust them.

Better than what Microsoft does when you refuse to set an account on a Windows Phone device. At least I can still use an Android device and install software on it without having a Google account.

Find a smaller outfit ... once they grow to a certain size and let their marketing goons settle in and run the show you don't want to be anywhere near the resulting cesspool.

Not when people think "It's encrypted".

Sometimes it is much better to know something is insecure and behave accordingly than to depend on a lie and get burned.

VPN technology especially is particularly abysmal everywhere I go customers using PPTP, some form of challenge-response authentication over the clear or over shared keys or using EAP methods without properly verifying trust chains. At least with secure websites we have security checkers like Qualsys... if you were to run that same scanner on the TLS channel protecting authentication it would universally fail. Even the CBC record splitting hack is explicitly disabled for backwards compatibility. Have never been on site where VPNs were deployed (both client and server configuration) properly.

When normal people hear the word "encrypted" what they actually hear is "secure". Nobody understands what "encrypted but insecure" means.

Lies can be worse than doing nothing. Much better to do it right in my opinion.

If a group, race or gender 'x' can be statistically shown to be more 'y' or less 'z' then it is ok to use generalities about a group to make judgments about individuals?

This is very same error in judgment routinely used by racists and crackpots to justify all kinds of craziness.

It will take a few billion more in marketing campaigns to get people to care.

Once they do you have a short while until your customers begin notice how worthless and or dangerous their purchase turned out to be.

You can get any color temp you want with LEDs same as old fashion bulbs. If your kids prefer a higher color temperature this may only indicate they prefer a higher temp bulb rather than a useful comparison between LED and Incandescent. If the test isn't apples to apples its worthless.

No, different people have different color temperature preferences. This isn't changing anytime in the foreseeable future. Huge markets for both high and low temperature bulbs not going away anytime soon. LED changes nothing.

PCI DSS is full of bad advice. Codifying specific technical measures, going off the deep end with dual control and unrealistic password management begging 4 proliferation of sticky notes and even promulgating dangerous advice on application of one way algorithms with inherently low entropy data.

It reads like a book of common wisdom written by someone who read security for dummies and now thinks they know everything.

Security standards for specific purposes tend to be so soaked in political calculations they rarely make good templates if you care about actual outcomes more than your desire to CYA or check a box.

You will be paid to run a crappy automated scan and hand out passing marks.

The service you will be providing is to provide a plausible means of checking off a box on a corporate checklist. Your financial transaction will be leveraged as an excuse to make security claims bearing no resemblance to the services you were paid to provide.

If your worried about lacking skillz to be effective you're already light years ahead of most of your competition who simply don't give a fuck.

In my view assuming there was a need for security the entire fault should lie with state dept allowing emails to be sent and received to and from any domains outside of their administrative influence when conducting "official business".

SMTP Email always get an "F" security rating no matter what. Checking whether webmail interface has a secure cert is like making sure the front gate of your castle is locked and secured while east and west gates remain open to the creepers at the gates.

Media loves highlighting incidents of racism because they know like bugs to porch lights everyone rewards them by taking the bait.

Good plane crashes, train crashes, religious controversy, social controversy and fear... they know everyone's buttons and they constantly push them without regard for the aggregate consequences.

Some jackass made some loopy video .. so fucking what? Why is anyone bothering to report this? A lot of truly fucked up things happen all the time but you can count on mass media to milk bullshit for every last viewer its worth.