|By Lacey Thoms||
|July 17, 2014 01:56 PM EDT||
After being uncovered earlier this year, Heartbleed—the serious security vulnerability in OpenSSL that affected vast expanses of the Internet—was blamed on the open source community by some pundits. But simultaneously, many credited that same community for discovering the flaw in OpenSSL, which may otherwise have been missed, through its code review.
Either way, the confusion surrounding Heartbleed has led to programmers creating their own iterations of OpenSSL, presumably in hopes that such a flaw won’t happen again. Last month, Google became the latest company to announce its interpretation of OpenSSL—BoringSSL—a name the company says is “aspirational and not yet a promise.” In other words, Google hopes BoringSSL doesn’t cause the stir that OpenSSL did.
Earlier this year, other developers leveraged OpenSSL into LibReSSL because they felt that the former pervasive standard for encrypting data sent to and from websites was “not developed by a responsible team.” At the same time, the Linux Foundation doubled down on OpenSSL via its Core Infrastructure Initiative.
Google did say that it was not intending for BoringSSL to replace OpenSSL. Instead, the company will continue sharing code with OpenSSL to help patch bugs and other vulnerabilities.
But what does this all mean for the open source community? OpenSSL was previously the go-to solution for encrypting communication between websites and individuals. Now, the consensus around the open source toolkit seems to have disappeared. Instead of OpenSSL evolving as the primary technology, at least three projects will progress separately.
Will one emerge as the de facto Web traffic encryption toolkit? Or will something new come down the pike? One way or another, open source programmers will keep writing code and working to create even stronger solutions.
- Open Source Software License Obligations in Cloud Applications
- Leveraging Open Source and Avoiding Risks in Small Tech Companies
- Governments Waltzing on OSS, Trusting Your Search Engine for Privacy, GPL Houses and Apache Cars
- What Developers Need to Know About Open Source Vulnerability Management
- The Basics of Open Source Software By @Protecode | @CloudExpo [#Cloud]
- Hortonworks President: Open Source Is the ‘Single Fastest Way To Innovate’
- Is Open Source Becoming the De Facto Standard in the Data Center?
- Open Source & the Internet of Things: A Growing Companionship | @ThingsExpo [#IoT]
- Legal battles, security concerns, myth busting plus learning and governing with open source
- Defining ‘Freedom’ in the Open Source Software Space | @CloudExpo #Cloud