Most IT security professionals are failing to take action about the risks associated with untrustworthy digital certificates and cryptographic keys, a survey has revealed.
This is despite the fact these risks are acknowledged and understood by most, according to a survey of 300 IT security professionals at the BlackHat USA 2015 security conference in Las Vegas.
The survey by security firm Venafi also reveals some information security pros do not understand what security services certificate authorities (CAs) do and do not provide.
Nearly two-thirds of those polled do not know CAs do not secure certificates and cryptographic keys. Venafi notes CAs only issue and revoke certificates, but do not monitor their use beyond that and cannot provide any security for them.
View full story