OpenSSL bug sparks new development

in code on (#3HX)
The Heartbleed bug has sparked new interest in cleaning up the OpenSSL code base. As evidenced by OpenBSD's CVS repository, the team has started removing old platform specific code, style inconsistencies, non-free hardware crypto engines, and dubious wrappers from the library. Perhaps the best side effect of the Heartbleed bug will be a much cleaner and more secure OpenSSL package.

Ed. note: So, is a catastrophic and highly public failure what it takes to catalyze action in some projects? And if so, which other projects are in need of some energizing disaster?

Update: The mentioned cleanup is taking place in the OpenBSD CVS repository. The official OpenSSL repository information can be found at

You're not linking to the original OpenSSL repo (Score: 4, Informative)

by on 2014-04-16 06:04 (#133)

The links in the article are to OpenBSD's version of OpenSSL, OpenSSL proper is NOT an OpenBSD project (can be found here: The naming is unfortunate. Just to straighten this out, OpenSSH is by OpenBSD.

Now if I was going to pick one group that I would trust to do a proper OpenSSL it would be the OpenBSD group, hoping they do a full on fork and provide a cross-platform version like OpenSSH.
Post Comment
Fifty four, 91, 30, 33 or 78: the biggest is?