Number: IRCNE2014072236
Date: 2014-07-02
According to “techworld”, the OpenSSL Project is planning a number of changes to ensure its security component, used across millions of computers across the Internet, is in tip-top shape.
OpenSSL is an open-source code library that encrypts communications between a computer and a server using SSL/TLS (Secure Sockets Layer/Transport Layer Security). It is a fundamental defense for keeping e-commerce transactions, email and other data unreadable if the traffic is intercepted.
Confidence in OpenSSL was shaken in April after a two-year-old software vulnerability called "Heartbleed" was discovered that could allow an attacker to decrypt intercepted traffic or obtain data such as logins and passwords from servers.
OpenSSL's roadmap is intended to counter the view that it is "slow-moving and insular," according to a post on the project's website.
Among the ongoing problems that the project plans to fix are a lack of code reviews, an inconsistent coding style, poor documentation, no platform strategy and no regular release cycle, according to the roadmap.
The group also plans to look at a large number of issues raised in its bug tracking system, many of which have never been reviewed.Google said it planned to share information on bugs it finds with LibreSSL and the OpenSSL Project.
- 2