So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)'s VP of Security, this week tweeted, "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC." How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It's likely to be abused
![OpenSSL warns of critical security vulnerability with upcoming patch](https://cdn-ak-scissors.b.st-hatena.com/image/square/d54cb0fe1dbdcb5661272cccf2568d66d6406b48/height=288;version=1;width=512/https%3A%2F%2Fwww.zdnet.com%2Fa%2Fimg%2Fresize%2F118cb78da19cc630928fda2eb2b946423775ce31%2F2015%2F04%2F01%2F8ceca04b-3710-4c20-9b0b-40119f02940c%2F01tech-disaster.jpg%3Fauto%3Dwebp%26fit%3Dcrop%26height%3D675%26width%3D1200)