OpenSSL receives special funds for code security audit

Since the exposure of the heartbleed vulnerability, the Linux Foundation announced for the first time that it would fund OpenSSL code security audits and pay the salaries of two full-time programmers.

OpenSSL encryption software is widely used by global technology enterprises, but its core code library is poorly maintained. For this reason, the LInux Foundation has created a core infrastructure plan (CII ), it is used to improve the security level of open-source projects such as OpenSSL.

On Thursday, the Linux Foundation announced that CII's first fund will be invested in OpenSSL, OpenSSH, and NTP (Network Time Protocol). It also announced that Huawei, Adobe, Bloomberg, HP, and Salesforce.com will become new members of CII.

It is reported that the funds for OpenSSL will include the wages of two full-time programmers. In addition, the open encryption audit project (OCAP) will also receive special funds paid by the Foundation to audit the OpenSSL code library.

Steve Marquess, president of the OpenSSL Software Foundation, said in an interview with the media:

This is an exciting news, which means that the OpenSSL Project is reborn. Although I personally feel that two full-time programmers are missing, the Linux Foundation's assistance is the best news of the OpenSSL Project so far.

CII project members, including IBM, Fujitsu, Amazon, Dell, Cisco, Facebook, Google, Intel, Qualcomm, VMware, and new companies such as Huawei and Hewlett-Packard have promised to invest $0.1 million per year in CII for at least three years.

Currently, the Linux Foundation does not disclose the proportion of special funds allocated between OpenSSL, OpenSSH, and NTP. However, the Linux Foundation says that with the completion of the security assessment, special security funds will be invested in more open-source projects within the scope of the budget.

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: