"Our main conclusion is that SSL certificate validation is completely broken in many critical software applications and libraries..."

The most dangerous code in the world: validating SSL certificates in non-browser softwarehttp://bit.ly/Rw8IRV

If there has ever been a good argument for careful thought on API design, then this should definitely serve as a great lesson. Granted, SSL is not an easy concept to explain, but that only makes good API design more important.
Shared publiclyView activity