OpenBSD wants to mop up ‘Heartbleed’ with LibreSSL fork
There’s been a lot of talk about fixing OpenSSL to prevent a Heartbleed-like situation from ever arising again, and now software developers are intent on taking matters into their own hands.
One question that’s been raised in the debates following Heartbleed is whether or not OpenSSL should be patched up or completely rewritten. The realities of doing so were recently analyzed by one Aaron Bedra, a consultant with Cigital, but now a third idea has been proposed.
Last week, several members of the OpenBSD project, which builds the popular OpenBSD Secure Shell operating system among other things, announced plans to fork the SSL/TLS protocol. What this means is they’re taking the basic source code of OpenSSL, cleaning it up and changing a few bits here and there, to create a brand new protocol to be known as LibreSSL.
ZDNet reports that the team behind LibreSSL, led by Theo de Raadt, has already confirmed the removal of more than 150,000 lines of content and 90,000 lines of C code in an effort to freshen things up.
“Some of that is indentation, because we are trying to make the code more comprehensible,” explained de Raadt. “99.99 percent of the community does not care for VMS support, and 98 percent do not care for Windows support. They care for POSIX support, so that the Unix and Unix derivatives can run.”
Both the OpenBSD Foundation and the OpenBSD Project are lending their support to LibreSSL, so naturally they’re welcoming donations for the project.
“We know you all want this tomorrow. We are working as fast as we can but our primary focus is good software that we trust to run ourselves. We don’t want to break your heart,” noted the team.
Because it’s still in the very early stages, it’s impossible to tell yet if LibreSSL will be successful or sustainable. Nevertheless, OpenBSD developers are generally regarded as experts when it comes to simple and secure coding, and the OpenSSL team has its own problems when it comes to funding. If anything, it’s good to know that someone with some know-how is taking a serious look at the OpenSSL code, and hopefully the entire Internet will be better off for it.
There’s a lively debate going over at Hacker News about the merits of this project, and those who’re interested can follow its development over at the OpenSSL Valhalla Rampage blog.
photo credit: snoopsmaus via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU