And odds are the guys that wrote this paper don't have any clue that even if those writing the CLI tools/libraries/frameworks that use SSL had locked them completely down, developers and sysadmins would write scripts to agree-to-all, fake auth, etc. to get around security, because we have jobs that have to get done and security is not what we are all paid to do. Security is only critical when it fails. People claim to want security. They may even have an office of security. But even if that office of security is scanning all the apps, taking production apps down because they didn't throttle their probes, and maybe even looking at code- they cannot do the job of the developer.
It is destined to be flawed as long as insecurity is allowed. Only when every exploit is exploited continously will people be vigilant.
It is destined to be flawed as long as insecurity is allowed. Only when every exploit is exploited continously will people be vigilant.