OpenSSL has some big plans for the future

Security

by Jimmy Nicholls| 02 July 2014

Will developers save the tech that spawned Heartbleed?

The OpenSSL project has published details of its next phase of development, hoping to combat what it sees as a growing view it is "slow moving and insular".

Project developers hope to improve code consistency, update documentation, revise the API and reduce the backlog of bug tracking reports, as well as conduct an external audit on the security layer.

Outlining a new release strategy, the project said: "We need security fix releases with very low chance of breaking anything. This is largely met by prohibiting new features in stable branches."

"If something is broken in a release a fixed version should be made available shortly afterwards," it added.

Development is set to take place primarily on Linux and FreeBSD, with legacy platforms unlikely to be widely used with OpenSSL to be removed from the code.

The project will receive $3.6m in funding over the next three years from Amazon, Facebook, Google, IBM and Microsoft, in partnership with the Linux Foundation, as they seek to repair the technology responsible for the Heartbleed bug earlier this year.

The foundation will also fund the external audit on OpenSSL, due to be conducted by the Open Crypt Audit Project, responsible for the TrueCrypt audit shortly beforet the technology's mysterious disappearance.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

743 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.