OpenSSL bug sparks new development

by
in code on (#3HX)
The Heartbleed bug has sparked new interest in cleaning up the OpenSSL code base. As evidenced by OpenBSD's CVS repository, the team has started removing old platform specific code, style inconsistencies, non-free hardware crypto engines, and dubious wrappers from the library. Perhaps the best side effect of the Heartbleed bug will be a much cleaner and more secure OpenSSL package.

Ed. note: So, is a catastrophic and highly public failure what it takes to catalyze action in some projects? And if so, which other projects are in need of some energizing disaster?

Update: The mentioned cleanup is taking place in the OpenBSD CVS repository. The official OpenSSL repository information can be found at http://www.openssl.org/source/repos.html

Re: How about.. (Score: 4, Interesting)

by zafiro17@pipedot.org on 2014-04-15 13:55 (#12S)

I think lots of open source projects could stand to be fuzz-tested just to see if they have any soft spots. Just because people can get access to the source code doesn't mean they do. Some bits of software are higher vulnerability than others. It's the equivalent of peer review in the scientific world.

I've seen my 3 year old crash my Linux distro by banging on the keyboard - I have no idea how he does it. Maybe hire mylittle dude to fuzz-test your software by inputting crazy strings into your text fields to see what it takes to crash it.

[resisting the urge to compare average users to a 3 year old.]
Post Comment
Subject
Comment
Captcha
Of the numbers 95, 13, thirty seven, ninety two or 21, which is the biggest?