May 29, 2014

OpenSSL to Get a Security Audit and Two Full-Time Developers

A Linux Foundation project inspired by the Heartbleed security flaw announced that it will fund a security audit for the OpenSSL code base and the salaries of two full-time developers.

The Heartbleed flaw shone a spotlight on how poorly funded the OpenSSL cryptographic software library is despite being used by many of the world's richest technology companies. The Linux Foundation, with support from those tech companies, created the Core Infrastructure Initiative (CII) to boost the security of OpenSSL and other open source projects in need of help.

Today, the foundation announced that the first projects to get funding will be OpenSSL, OpenSSH, and Network Time Protocol.

Read 8 remaining paragraphs | Comments

Read more at Ars Technica
Click Here!