Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - OpenSSL Rampage InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OpenSSL Rampage

Published: 2014-04-21
Last Updated: 2014-04-21 13:19:47 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)

OpenSSL, in spite of its name, isn't really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase.

If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL diffs and code changes are coming in fast, and are often accompanied by cynical but instructive comments. As one poster put it, "I don't know if I should laugh or cry". The good news though definitely is that the OpenSSL code is being looked at, carefully and expertly, and everyone will be better off for it.

2 comment(s)
Diary Archives