The Inquirer-Home

Post Heartbleed OpenSSL roadmap shows the mountain it has to climb

Admit it's time to get its house in order
Wed Jul 02 2014, 15:29

THE OPENSSL PROJECT has issued its first report card following the Heartbleed debacle, and it isn't pretty.

Although everyone expected problems following heavy criticism of the project after security flaws were discovered, the road map shows that problems existed at an organisational level too.

One of the main criticisms was that the project was not transparent enough, and the release of this report is a public relations move from an organisation that is willing to change.

Now overseen by the Core Infrastructure Initative (CII), a consortium of industry players led by The Linux Foundation, the document will also act as a road map for the OpenSSL project's two full time developers funded by the CII.

The document identifies eight areas where improvement is needed. These are the backlog in its bug-tracking system, poor documentation, over-complex library, inconsistent coding, lack of code reviews, lack of release plan, lack of clear strategy for the platform, and lack of security strategy.

As well as new service levels for bug reports and other improvements aimed at correcting some of the problems, the document also looks at ways to move the project forwards. At the top of the list is support for IPv6, but support for other platforms such as ARMv8, DANE and extended support for SSL_CONF also appear on the list.

Last week, Google announced plans for its own fork of the OpenSSL standard to be known as BoringSSL, which the company said it will integrate into Google products, but will also offer all code to the main OpenSSL and LibreSSL forks too. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015