OpenSSL bug sparks new development

by
in code on (#3HX)
The Heartbleed bug has sparked new interest in cleaning up the OpenSSL code base. As evidenced by OpenBSD's CVS repository, the team has started removing old platform specific code, style inconsistencies, non-free hardware crypto engines, and dubious wrappers from the library. Perhaps the best side effect of the Heartbleed bug will be a much cleaner and more secure OpenSSL package.

Ed. note: So, is a catastrophic and highly public failure what it takes to catalyze action in some projects? And if so, which other projects are in need of some energizing disaster?

Update: The mentioned cleanup is taking place in the OpenBSD CVS repository. The official OpenSSL repository information can be found at http://www.openssl.org/source/repos.html

Just be thankful (Score: 5, Insightful)

by vanderhoth@pipedot.org on 2014-04-15 11:17 (#12M)

Ultimately I see this as a good thing, I think the editor note is hinting in the right direction. Yes a catastrophic bug was found in an open source project, that's bad, but had this not been open source how long would this bug have persisted. The only reason it was found was because someone was doing a third party audit on the code, which couldn't have been done had it not been open.

I'm not above believing the OSS community has gotten a little lazy, hopefully devs in other projects will be more diligent and proactive. I think we'll all be better off because of this discovery.
Post Comment
Subject
Comment
Captcha
Three, ten and 12: the 1st number is?