Open Source License Management Solutions

Lacey Thoms

Subscribe to Lacey Thoms: eMailAlertsEmail Alerts
Get Lacey Thoms: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Ubuntu Linux Journal, SEO Journal, Open Source Journal

Blog Feed Post

Will Heartbleed Give Rise to a Slew of New OpenSSL Variants?

After being uncovered earlier this year, Heartbleed—the serious security vulnerability in OpenSSL that affected vast expanses of the Internet—was blamed on the open source community by some pundits. But simultaneously, many credited that same community for discovering the flaw in OpenSSL, which may otherwise have been missed, through its code review.

Either way, the confusion surrounding Heartbleed has led to programmers creating their own iterations of OpenSSL, presumably in hopes that such a flaw won’t happen again. Last month, Google became the latest company to announce its interpretation of OpenSSL—BoringSSL—a name the company says is “aspirational and not yet a promise.” In other words, Google hopes BoringSSL doesn’t cause the stir that OpenSSL did.

Earlier this year, other developers leveraged OpenSSL into LibReSSL because they felt that the former pervasive standard for encrypting data sent to and from websites was “not developed by a responsible team.” At the same time, the Linux Foundation doubled down on OpenSSL via its Core Infrastructure Initiative.

Google did say that it was not intending for BoringSSL to replace OpenSSL. Instead, the company will continue sharing code with OpenSSL to help patch bugs and other vulnerabilities.

But what does this all mean for the open source community? OpenSSL was previously the go-to solution for encrypting communication between websites and individuals. Now, the consensus around the open source toolkit seems to have disappeared. Instead of OpenSSL evolving as the primary technology, at least three projects will progress separately.

Will one emerge as the de facto Web traffic encryption toolkit? Or will something new come down the pike? One way or another, open source programmers will keep writing code and working to create even stronger solutions.

Read the original blog entry...

More Stories By Lacey Thoms

Lacey Thoms is a marketing specialist and blogger at Protecode, a provider of open source license management solutions. During her time at Protecode, Lacey has written many articles on open source software management. She has a background in marketing communications, digital advertising, and web design and development. Lacey has a Bachelor’s Degree in Mass Communications from Carleton University.